000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:31:31 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:31 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x4, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x2c}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) [ 2170.042236] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2171.169604] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 2171.182854] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 2171.189186] CPU: 0 PID: 6333 Comm: syz-fuzzer Not tainted 4.14.182-syzkaller #0 [ 2171.196640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2171.205991] Call Trace: [ 2171.208589] dump_stack+0x1b2/0x283 [ 2171.212224] dump_header+0x178/0x7aa [ 2171.215946] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2171.220986] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2171.226081] ? ___ratelimit+0x2cd/0x522 [ 2171.230038] oom_kill_process.cold+0x10/0xc16 [ 2171.234525] ? lock_downgrade+0x6e0/0x6e0 [ 2171.238653] out_of_memory+0x2d5/0x10f0 [ 2171.242608] ? oom_killer_disable+0x1c0/0x1c0 [ 2171.247082] ? mutex_trylock+0x152/0x1a0 [ 2171.251120] __alloc_pages_nodemask+0x2556/0x2730 [ 2171.255951] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2171.260771] ? trace_hardirqs_on+0x10/0x10 [ 2171.264981] ? find_get_entry+0x31b/0x660 [ 2171.269118] alloc_pages_current+0xe7/0x1e0 [ 2171.273434] __page_cache_alloc+0x243/0x3c0 [ 2171.279562] filemap_fault+0xd42/0x18f0 [ 2171.283535] ext4_filemap_fault+0x84/0xb0 [ 2171.287662] __do_fault+0xfa/0x380 [ 2171.291180] __handle_mm_fault+0x2055/0x3700 [ 2171.295568] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 2171.300312] ? setup_sigcontext+0x820/0x820 [ 2171.304619] handle_mm_fault+0x306/0x794 [ 2171.308668] __do_page_fault+0x578/0xb50 [ 2171.312807] ? mm_fault_error+0x2c0/0x2c0 [ 2171.316934] ? do_page_fault+0x60/0x4f2 [ 2171.320887] ? page_fault+0x2f/0x50 [ 2171.324490] page_fault+0x45/0x50 [ 2171.327931] RIP: 0000: (null) [ 2171.331803] RSP: b15990:000000c0001378b0 EFLAGS: c02178bbb0 [ 2171.355375] Mem-Info: [ 2171.392409] active_anon:1243538 inactive_anon:6144 isolated_anon:0 [ 2171.392409] active_file:67 inactive_file:118 isolated_file:17 [ 2171.392409] unevictable:1839 dirty:17 writeback:0 unstable:0 [ 2171.392409] slab_reclaimable:18796 slab_unreclaimable:169439 [ 2171.392409] mapped:53856 shmem:7881 pagetables:43809 bounce:0 [ 2171.392409] free:19584 free_pcp:76 free_cma:0 [ 2171.438948] Node 0 active_anon:1740668kB inactive_anon:16152kB active_file:100kB inactive_file:188kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210044kB dirty:24kB writeback:0kB shmem:23096kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2171.496016] Node 1 active_anon:3233484kB inactive_anon:8424kB active_file:168kB inactive_file:284kB unevictable:6324kB isolated(anon):0kB isolated(file):68kB mapped:5280kB dirty:44kB writeback:0kB shmem:8428kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2171.533317] Node 0 DMA free:10348kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2171.627102] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2171.632173] Node 0 DMA32 free:27332kB min:36296kB low:45368kB high:54440kB active_anon:1739160kB inactive_anon:16152kB active_file:100kB inactive_file:88kB unevictable:1032kB writepending:24kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14464kB pagetables:37152kB bounce:0kB free_pcp:36kB local_pcp:0kB free_cma:0kB [ 2171.676883] lowmem_reserve[]: 0 0 0 0 0 [ 2171.681291] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2171.710066] lowmem_reserve[]: 0 0 0 0 0 [ 2171.714090] Node 1 Normal free:41556kB min:53592kB low:66988kB high:80384kB active_anon:3233496kB inactive_anon:8424kB active_file:112kB inactive_file:60kB unevictable:6324kB writepending:36kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59744kB pagetables:137992kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2171.754087] lowmem_reserve[]: 0 0 0 0 0 [ 2171.763440] Node 0 DMA: 13*4kB (ME) 53*8kB (M) 17*16kB (UME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10348kB [ 2171.786991] Node 0 DMA32: 482*4kB (UME) 587*8kB (UME) 102*16kB (UME) 3*32kB (UM) 11*64kB (M) 42*128kB (M) 29*256kB (UM) 9*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 27488kB [ 2171.787080] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2171.787120] Node 1 Normal: 387*4kB (UME) 217*8kB (UME) 225*16kB (UME) 1070*32kB (UME) 5*64kB (UM) 3*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 41828kB [ 2171.787184] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2171.864939] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2171.980199] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2172.055810] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2172.095722] 8285 total pagecache pages [ 2172.099697] 0 pages in swap cache [ 2172.103146] Swap cache stats: add 0, delete 0, find 0/0 [ 2172.108576] Free swap = 0kB [ 2172.111586] Total swap = 0kB [ 2172.114595] 1965979 pages RAM [ 2172.118564] 0 pages HighMem/MovableOnly [ 2172.122528] 338455 pages reserved [ 2172.125967] 0 pages cma reserved [ 2172.129363] Out of memory: Kill process 9089 (syz-executor.0) score 1007 or sacrifice child [ 2172.139179] Killed process 9089 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2172.285049] modprobe invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2172.338145] modprobe cpuset=/ mems_allowed=0-1 [ 2172.342885] CPU: 1 PID: 9078 Comm: modprobe Not tainted 4.14.182-syzkaller #0 [ 2172.350159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2172.359544] Call Trace: [ 2172.362137] dump_stack+0x1b2/0x283 [ 2172.365778] dump_header+0x178/0x7aa [ 2172.369499] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2172.374508] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2172.380309] ? ___ratelimit+0x2cd/0x522 [ 2172.384284] oom_kill_process.cold+0x10/0xc16 [ 2172.388785] ? lock_downgrade+0x6e0/0x6e0 [ 2172.392943] out_of_memory+0x2d5/0x10f0 [ 2172.396921] ? oom_killer_disable+0x1c0/0x1c0 [ 2172.401415] ? mutex_trylock+0x152/0x1a0 [ 2172.405479] __alloc_pages_nodemask+0x2556/0x2730 [ 2172.410336] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2172.415173] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2172.420014] ? trace_hardirqs_on+0x10/0x10 [ 2172.424257] ? cache_grow_begin+0x3f/0x410 [ 2172.424960] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2172.428484] cache_grow_begin+0x91/0x410 [ 2172.428494] fallback_alloc+0x205/0x2b0 [ 2172.428506] kmem_cache_alloc+0x1e5/0x3c0 [ 2172.428517] getname_flags+0xc8/0x550 [ 2172.428528] user_path_at_empty+0x2a/0x50 [ 2172.428542] vfs_statx+0xd1/0x160 [ 2172.460939] ? vfs_statx_fd+0x90/0x90 [ 2172.464733] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 2172.469487] SyS_newstat+0x83/0xe0 [ 2172.473021] ? SyS_fstat+0xd0/0xd0 [ 2172.476554] ? lock_downgrade+0x6e0/0x6e0 [ 2172.480698] ? up_read+0x17/0x30 [ 2172.484055] ? __do_page_fault+0x19a/0xb50 [ 2172.488282] ? do_syscall_64+0x4c/0x640 [ 2172.492245] ? SyS_fstat+0xd0/0xd0 [ 2172.495783] do_syscall_64+0x1d5/0x640 [ 2172.499673] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2172.504853] RIP: 0033:0x7f44f52b8295 [ 2172.508553] RSP: 002b:00007ffd2ded89c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 2172.516254] RAX: ffffffffffffffda RBX: 0000557fc0dd3090 RCX: 00007f44f52b8295 [ 2172.523517] RDX: 00007ffd2ded8a90 RSI: 00007ffd2ded8a90 RDI: 0000557fc056ce99 [ 2172.530779] RBP: 0000557fc056ce99 R08: 0000000000000003 R09: 0000000000000020 [ 2172.538035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2172.545280] R13: 0000000000000000 R14: 0000557fc0774068 R15: 0000000000000000 [ 2172.568875] Mem-Info: [ 2172.571798] active_anon:1235845 inactive_anon:6144 isolated_anon:0 [ 2172.571798] active_file:355 inactive_file:391 isolated_file:0 [ 2172.571798] unevictable:1839 dirty:35 writeback:0 unstable:0 [ 2172.571798] slab_reclaimable:18824 slab_unreclaimable:169236 [ 2172.571798] mapped:53966 shmem:7881 pagetables:43761 bounce:0 [ 2172.571798] free:26740 free_pcp:526 free_cma:0 [ 2172.609287] IPVS: ftp: loaded support on port[0] = 21 [ 2172.611233] Node 0 active_anon:1739504kB inactive_anon:16152kB active_file:12kB inactive_file:0kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210032kB dirty:16kB writeback:0kB shmem:23096kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2172.644471] Node 1 active_anon:3203776kB inactive_anon:8424kB active_file:1500kB inactive_file:1684kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:6332kB dirty:124kB writeback:0kB shmem:8428kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2172.673390] Node 0 DMA free:10348kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2172.702991] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2172.709688] Node 0 DMA32 free:27852kB min:36296kB low:45368kB high:54440kB active_anon:1737996kB inactive_anon:16152kB active_file:12kB inactive_file:0kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14304kB pagetables:37156kB bounce:0kB free_pcp:872kB local_pcp:688kB free_cma:0kB [ 2172.746558] lowmem_reserve[]: 0 0 0 0 0 [ 2172.766931] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2172.801641] lowmem_reserve[]: 0 0 0 0 0 [ 2172.806020] Node 1 Normal free:68800kB min:53592kB low:66988kB high:80384kB active_anon:3199792kB inactive_anon:8424kB active_file:2924kB inactive_file:4408kB unevictable:6324kB writepending:152kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59040kB pagetables:137536kB bounce:0kB free_pcp:548kB local_pcp:216kB free_cma:0kB 21:31:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:34 executing program 4: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:31:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) [ 2172.837491] lowmem_reserve[]: 0 0 0 0 0 [ 2172.844212] Node 0 DMA: 13*4kB (ME) 53*8kB (M) 17*16kB (UME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10348kB [ 2172.864682] Node 0 DMA32: 470*4kB (UME) 565*8kB (UME) 112*16kB (UME) 6*32kB (UM) 18*64kB (UM) 42*128kB (M) 29*256kB (UM) 9*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 27968kB [ 2172.887844] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2172.899603] Node 1 Normal: 1*4kB (U) 235*8kB (ME) 1600*16kB (UME) 1077*32kB (UME) 2*64kB (M) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 62332kB [ 2172.914487] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2172.924997] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2172.930384] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2172.938079] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2172.956672] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2172.966015] 11371 total pagecache pages [ 2172.974950] 0 pages in swap cache 21:31:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x5, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0xffffffff}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x440cc1, 0x0) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000180)=@urb_type_control={0x2, {}, 0x80000001, 0x3, &(0x7f0000000100)={0x1, 0x13, 0x3f, 0x200, 0x2}, 0x8, 0x1f, 0x1, 0x0, 0xaca, 0x9, &(0x7f0000000380)="194236bd68dc615a8cd653211d7e99321ada711d983cc490ca9fc5fc0db09de6ee9930e6da0d89527e95ddd637cc18d59179e6604340f00bfa872208f931384e45da4f1a5fe8db542f494d5c4b568f34567762143edd70e3617610e3e8b14d68c9f8c193a734d4bda46dbe5da86a64ae6d94f92c80fb2007d5b14cf260eb6358e84d6afcef97750eddfcf106c7682812266a03a3fd2c5461cc5f06a9180a162726120a8de3d226b984099af786116d69b4e5c8f9e9048a5eee391576aaada6e0d15bceabe07a92d71503a2a3e720f9813b3a06bdfd2de65befa99a0685c548bf19064146904ff1143a54bcb2d7654ba603bfae2802c0ce659a74a1709dda1ae1d8cf3e1698d284b275cb16f4de6f5ba3c80918912c4efe28c8052884bf215693c167eb72f70cf8d7f6f41fd710ab3483e2c9d598ecbe18faa713a00993350da455f9dfc6d97f497a535d6ae7770a80186343513d5bccdfedbdf11a4b5dd725513db1feabeac75893f6662eea62e6f1d7a7534c94d5545f6ae8b8b3a0112d2952fd8274ec7cdbdf58fa2894282449a7e32103730d4b57c3e75ae2e910d85064578e57778deb281202c01973a9f9230d0ecdb5a6578b5c4c41c324cd30e6862f6ec1eba5c40d52c7915dc6ca75843cea2eab0ae9ee824c02fc049a175b88bbc35e8aba16474fbc4e223ee171d63e37d89cc3b42b996015c6320f86d8b0fc9ed81f1abf3fe812dde76cc288df94bd735b373ea4a1bfe64407e8908e8af675fa4266eb58bb77277a4555b01fdbc3a6d7be3c1ea7b474f3b7d477fc89410c69271ebdfcc83ca04ca45639bcb1444537855ba6e6f03609ddabdcaa97dbc937991cab9a5b9900ba19bc276bc3101337c9f609402baece96e8af572332bc633b9affcddf70d73a26a25fa7deffc58eeb6c2a02bbcbe3e2b82d6de6d9df1c318e595d97edbd711ed3f527acf331a83f34676884bacef06cb56b5c0b7378d0fd5c5b468bd6078e484e8b601af1af8281769b4b349d02ba1725bf2e599c43a9b92a61e794d37b1607d886f85bdff9f5a1dfc4b0cde9c98d5e1473a41d1b82448b8ae1555ffeaece410e6c87cf4b3ba97d5fc26a088d04e2b828ed9d3cd6a5d8ff894263532c930d4f8239791b1dec333271176e7b7da0f215b9a50dd634fe4a266189ee96d74260ed45c3e4cc0fcbb93b1872b5cd217daaf13f611a09f1ae5e22e11f526734752506cedc615d5276aecfa7a7f4c074a3732a2d0818e5ef70eb94d2591f8acba71720c6a2e1874e18529374e6cf82afa8456f27e5ba594ef1a0cf22207ace58b4abaabb3776e839364a03a898da75fa300faf79a0d51569e54bf39d0b8cb9c26ccd9c577dc3ef02d9a6bb5f434c1d332a53231da2ebca02a9622293a3c59d322077a694019f8653c4d7d1de7408cbb6d7ef2353304adfb5c1e2067a2f28075b41401b493c85a6de35f6ee84adee632cb35525cd6bb8c8936f09da64e6f2d8c978a9a6c57ab42e999d6f4d83c62d92ff367cfbd1cf3b7620b8048eba2ddacd0538b73a6575f430151670216599618a5a8c6dfa4e5b8a16dc96a46938b64bd4e8e1bc93031c4986cc798df2df557a8aa5d817e4ed13e44aeee001a444a1e95baccd5feb52a84d6d950f4caf3aaa175ba9735c8b147d775883d8595ffc9c058d7e78e5e6bbcb3cf3160036e507a77c20b549ebb4876714218015ff819dc54474d19431cac935c741d87af883bd9415cce5703b638406d4e722bf3de2565f102c8e0a657ac57c49c9cac8374e8fbea6816916022fd302e8786570f6652b3b0bf68928f5c2197adc3d105e00166de2b4e3d64baef686a648f91eaf325349cb39c46bbafca4b12e85a97715f07f75af1b90db8490cf65f4d4507142569aaf6b5a010d153d5582ca2a1b6f1559e3526afbc3969396cbad09930fb359a1fa02baf8603928ce7c66d52bd5528613032ca2bfd8d9ca99e580a1591f2ba479163543a9a71db3279a1e662e0136211373bcb31c67fb9fe218905f7e826ce036ad382941ef9d0a61a24ff94987233d1371d1b26a270a29692447d6d52da1742217055a0eb096da4fba90e9c567982ee4a7289285b81744bf5ed2e11bb7b1c40ecbdddd1ee174fd910106668e23007452b1c925e1c0d5d4798c5f7fd698bb6a985a6f098cff3614c0be664aeb22afb0739efe05b1062799d76e63ef9046225c529d22f99c774fa3e805734a954ad3c56a919696e96cefbede19479cf88853da3884223b4d4db0522a25d0047a28154914340eb73610d8fd399085cca9dfdc511bd3137b725705d7aee00833af7144aa4826a7f11e24138f4e9be81f9dbe455b6078ea1e7b895083705f5f35d0f2bc9bf2fcdc62d5a9dd99aff9695add4fba3bb0cda0968022a0b3d9488d85909498dc029b469ab49c7b0b04affdda10251dc7a74c281c865208c6bc6d41905ca1a72e67026d80e4b488adbf3dcd7433b34799d3294812ed328576301106204fb1c7fe744976f439c754d088a57f7ebe12fb59d34f4dcfb26038baba35589b73ed99f1509f02eb2a424821c948257b6c6b37af311163427a829a5863a0a42b3069c01be00f3238c581e78a076c0c4831b80910a7c0f0a6c278765438a3969166c3508b28c742c9bcb664b281fe27b97de0980baf3f701aaebf38cdbf530b6109ba3ddd6888b6c85e48a3b3cd3486502cce2077fd91f2e1b589df0f3400c96dc815d436dad62705ae560de153d653338542351236a1673763e3bf1bee31c393754c64141e03389c5a17b5377e8751209543ed3ad705563ffaeec54a886b8428b062ab30cbd3efe7f4601ca2ab3d0e9aaf884520459c4616270168b047dea4fc766ad55b0c8fdd657ae9d1688fc17085a2bb91fdacad72b8e4d7d1b572d89fc905e24f0fcba501b7f6bd8aa2df010b2dc81461bb0956f9119bc01d97db5932eae2049a1c575aa3e9fa91c759b73582bfe2e22dcee7bded501a397e798c0dd29a6b322d5cc170e6d266974cf0e198226d29212ee8e597d1cfc8f2cb2571e84912db2d900caaad452121d559103b23429ca82b17907b8b82523faeec8bb8407e1c9bff938b089327db4da448bd297b9cc2f61cf00dbafd1175535ea8380624dbce5c9b8b4a4745599d473be0f8ac74fd6d73529e80e8327faaf35fee641786ba0192daee36607ff674640e7d13e5708a22e7f5be0ca9b5f16a7045e38d010b72de8d6c24371c22ff1cbf059b18a9b138814b31a58628ad255e881a9caab01d4601193b989499f347265460e2d66470b2afef22aaf75bf3c28809ff84470f209267cf7043c9be76d7ddc6246ddcd4a9ce659e2a9e6d46a06d901c8008f76abe55d170aae0a2185db226186e0a071f0c8c91ac668b01ac0e3f99339f5106253934955ac2137e88e783fb111013946d9663b57e12ddc21d0eefbfa4bb2ebcb0e04e72056847f79fadc448d32738f3f8c588b0d4a4103a4cf93ae953c4f98161c00c038546a719d4fcc6ce2cb7112a372edd59aef4a73a8ab75f075d8009a04bb8d60627b13007099efaddf39612bc989ed7e7cfb351ebc75260abfe441eb213afde5338bb2b99e2d0bba0c07e273663553ff820c27e5ad8845a63007e218a496d44aecdaf45c38960497f753e511a31023edb4507756f99ef32411519aa6b42e99863129b5375ca4adbb6e825a130841ebb42f014908966058cffdf2ed4b5ba78a545cf7385abfd2305e779ede898b9db43f88d02a78c4f8a1596feea247ddfbed69174fc7656a6adc53656be4230083067fcaabc7e1cd581f91fbc2fa7efee9f8145ba182e341cc0f7ea516b15e6f1339f315433372eb58dfede8152a0c501cb5ff4e20201d1ab32cca181a0b4da19832e3624b32f8db1a6cc8ec0f7dc82128041b8863f0052e8cfd881ddb79044c48d547e323f41ac928bf0398bdf22cbfc17bb72e7623e597fee2eae504601482db071d46f28c8e697f4460ffe69b62e5a3f239b94ac0cc59f3222a29fe177cefe47dab7006c302df5090b3ddf64a269a1ec03d0b5333dd6ee8f649650932d90dbcc0b7f59d0a7fc2bbcb44cfcccb3a33bf7fd48ae144cadac66224c047a467e66f3f9f07674faad5823818e02169899b500dd5c332596418096b16af6e1c189ed926dc5b41ef3d14a6836ce35da0551519b98366dee863d92ac5fbf43290b7c98bd051f6f588674d48950136b5a6380a447050fdb35d54f8b67b4164d8c59bfd28d5c0c5b6e03addfebccff40d2a7da134d1988f93732b77534a1dd9ed48c4a197536bfca63011e60d88f7c3c0c73412512005ae67936e15957d3c460c4d31a9185c89017f79d8a53b9d8827349c763083ab4f71b17429de35dc272c60f93ed5c3798d2903ce7967cff398022a882c286d44e0169317339cbf0e6fed3f2203b0778d4d383071f04294e3b62da6e45403fb91f433b846a8acde75c75ca240217f87bef1e0b2d6e253107c922ca260490ebaba1c7a0bb38840ea2a3f7cc5330ca9bf3db2264a9953030b2d8c783a14c037286f680600894be1b251f1ff4d70b8a700cdd884bfd78ec431fab3eee18dfc6f53e02d493f4038497da71ca0153f31c5ce740921283c224daa1feb2007109397da81fd008d1c5a95ba52222be8303af0a7b4ac445785407396e545e0d46c47aea9abbf1d8f8971dde58c2e1e852f26575c443548d1ea8ec6e58355517008ad5e5f179aa9218c849bc1f5a59222724e1e73671d9aa4aa5f343afec826aa392a66e9eef1e11918ecf6655801737b3ed4650db528140aadd06c5bc2972def6be1d52c2eabb35c1609ef357fd8ca9dcb672f1b08d8f6c046b017e13f65bde81525d561c1684ca17f30e5753a9680442f403d8c563a234d1e92e8d19df825b6fbdd2b69fc49155a17f83bf9448295ab03127cf7e054f500805bf7ad0721ceba77a46816d558b9c98aa2553656cb0b9359646baef2e78488ea25ca7196873e099eda81d394474b8a8c442bb8c0bf493c1fbf7cceb6ed4effca20f12927458fdc3d4554ba3b1b7b3cbb6e7b4992e978818c35d37efba2a4a5f6d6ca72f6b2d3b4cd396ad7ad41f89626e3353226e82e171c05c6241fdd51995c6a835881f9b2cca02382f00bf6b11dc011a28e58d8b57f6edab1ca45eba8212afeea7f6d2bd23aaf51258503539fb778b375e99808a36b2104fa31b5302b3d34cb458ccda70d6713fbfada5a7a8a7aea14e5f4086bd6b716eaf95efeea6c0b2ae700d91d3cc1186047ad726c7ccd3a80ab41e7318b3747cabc54b8a72479875a6a8d2fbf723979ff170e0efc240d4bb92d3a7d7453c40eebf73c1718c60b90bbedc2c1c8837d6bec681f15cb7cf348112b0fe4a1035c71163899cf85ba91d4dd8f4f494538f95dfc46d7dc36bcedd83babe3532b1682f084d4562282bfdb52cb8f9065fd81caf67dfb99b39c34e1f4ee3054618fa6d812e692f7eed0ce6a24b8749d551d56ff4ebaa3e04821206a6de3f224d57abdd1e30790db379c504e365e43b897c439ad21b71d846d79637b31a308d466ad7bb0f150f6ad69ca4c258a363fa8f93ee978bc087f5401dc5e51a7c1c09d4b225fd98fa5226f51e7e52f34ca2e5fd4bc3f060fd18dc4d850dff374e8115c58da80a7ffecc555629a80776b1aed07148e5f6a93299fd873646a809f9139a00d088a0ff4d12e3216e7f2e443fbc11e79e3323bd924c1590d8f55678ac191530d5858c79cbc19e4755ffeba01daf9fcadecd6ba584e41a28608ab14b9cd198893dbdad40c70794ec8312bcd7e243358ea74e9d10aa4f"}) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:34 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x3, 0x0) ioctl$NBD_SET_TIMEOUT(r5, 0xab09, 0xffffffff80000001) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2173.011803] Swap cache stats: add 0, delete 0, find 0/0 21:31:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2173.061962] Free swap = 0kB [ 2173.132641] Total swap = 0kB [ 2173.177266] 1965979 pages RAM [ 2173.206569] 0 pages HighMem/MovableOnly [ 2173.246016] 338455 pages reserved [ 2173.272436] 0 pages cma reserved [ 2173.298745] Out of memory: Kill process 1793 (syz-executor.0) score 1007 or sacrifice child [ 2173.367781] Killed process 1793 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2174.150353] systemd-journal invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2174.244513] systemd-journal cpuset=/ mems_allowed=0-1 [ 2174.261360] CPU: 1 PID: 4063 Comm: systemd-journal Not tainted 4.14.182-syzkaller #0 [ 2174.269274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2174.278649] Call Trace: [ 2174.281230] dump_stack+0x1b2/0x283 [ 2174.284839] dump_header+0x178/0x7aa [ 2174.288541] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2174.293534] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2174.298614] ? ___ratelimit+0x2cd/0x522 [ 2174.302566] oom_kill_process.cold+0x10/0xc16 [ 2174.307039] ? lock_downgrade+0x6e0/0x6e0 [ 2174.311165] out_of_memory+0x2d5/0x10f0 [ 2174.315132] ? oom_killer_disable+0x1c0/0x1c0 [ 2174.319604] ? mutex_trylock+0x152/0x1a0 [ 2174.323642] __alloc_pages_nodemask+0x2556/0x2730 [ 2174.328482] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2174.333312] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2174.338129] ? trace_hardirqs_on+0x10/0x10 [ 2174.342346] ? cache_grow_begin+0x3f/0x410 [ 2174.346570] cache_grow_begin+0x91/0x410 [ 2174.350608] fallback_alloc+0x205/0x2b0 [ 2174.354574] kmem_cache_alloc+0x1e5/0x3c0 [ 2174.358699] getname_flags+0xc8/0x550 [ 2174.362479] SyS_mkdirat+0x83/0x220 [ 2174.366083] ? SyS_mknod+0x30/0x30 [ 2174.369602] ? do_syscall_64+0x4c/0x640 [ 2174.373553] ? SyS_mkdirat+0x220/0x220 [ 2174.377417] do_syscall_64+0x1d5/0x640 [ 2174.381283] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2174.386457] RIP: 0033:0x7f6f70382687 [ 2174.390145] RSP: 002b:00007ffc5f6be9f8 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 [ 2174.397828] RAX: ffffffffffffffda RBX: 00007ffc5f6c1910 RCX: 00007f6f70382687 [ 2174.405075] RDX: 00007f6f70df3a00 RSI: 00000000000001ed RDI: 000055ff483b2eb0 [ 2174.412323] RBP: 00007ffc5f6bea30 R08: 0000000000000000 R09: 0000000000000000 [ 2174.419569] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 [ 2174.426814] R13: 0000000000000000 R14: 00007ffc5f6c1910 R15: 00007ffc5f6bef20 [ 2174.616986] Mem-Info: [ 2174.628109] active_anon:1240416 inactive_anon:6144 isolated_anon:0 [ 2174.628109] active_file:37 inactive_file:75 isolated_file:4 [ 2174.628109] unevictable:1839 dirty:13 writeback:9 unstable:0 [ 2174.628109] slab_reclaimable:18834 slab_unreclaimable:169746 [ 2174.628109] mapped:53771 shmem:7881 pagetables:43772 bounce:0 [ 2174.628109] free:22588 free_pcp:1 free_cma:0 [ 2174.703439] Node 0 active_anon:1740604kB inactive_anon:16152kB active_file:8kB inactive_file:136kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209956kB dirty:0kB writeback:28kB shmem:23096kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2174.743128] Node 1 active_anon:3218260kB inactive_anon:8424kB active_file:140kB inactive_file:56kB unevictable:6324kB isolated(anon):0kB isolated(file):16kB mapped:5028kB dirty:52kB writeback:8kB shmem:8428kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2174.801142] Node 0 DMA free:10348kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2174.829301] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2174.834352] Node 0 DMA32 free:27472kB min:36296kB low:45368kB high:54440kB active_anon:1739144kB inactive_anon:16152kB active_file:0kB inactive_file:40kB unevictable:1032kB writepending:4kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14304kB pagetables:37148kB bounce:0kB free_pcp:60kB local_pcp:8kB free_cma:0kB [ 2174.896985] lowmem_reserve[]: 0 0 0 0 0 [ 2174.901073] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2174.931330] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2175.084845] lowmem_reserve[]: 0 0 0 0 0 [ 2175.096600] Node 1 Normal free:54028kB min:53592kB low:66988kB high:80384kB active_anon:3219224kB inactive_anon:8424kB active_file:328kB inactive_file:636kB unevictable:6324kB writepending:4kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59456kB pagetables:137748kB bounce:0kB free_pcp:120kB local_pcp:116kB free_cma:0kB [ 2175.133732] lowmem_reserve[]: 0 0 0 0 0 [ 2175.138090] Node 0 DMA: 13*4kB (ME) 53*8kB (M) 17*16kB (UME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10348kB [ 2175.192478] Node 0 DMA32: 460*4kB (UME) 578*8kB (UME) 109*16kB (UME) 6*32kB (UM) 12*64kB (UM) 42*128kB (M) 29*256kB (UM) 9*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 27600kB [ 2175.235700] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2175.251237] Node 1 Normal: 1181*4kB (UME) 384*8kB (UME) 461*16kB (UME) 1182*32kB (UME) 14*64kB (UM) 2*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 54148kB [ 2175.271468] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2175.282432] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2175.300618] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2175.314121] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2175.323059] 8219 total pagecache pages [ 2175.332644] 0 pages in swap cache [ 2175.336382] Swap cache stats: add 0, delete 0, find 0/0 [ 2175.342065] Free swap = 0kB [ 2175.345344] Total swap = 0kB [ 2175.357672] 1965979 pages RAM [ 2175.361049] 0 pages HighMem/MovableOnly [ 2175.365266] 338455 pages reserved [ 2175.373230] 0 pages cma reserved [ 2175.376837] Out of memory: Kill process 9151 (syz-executor.0) score 1007 or sacrifice child [ 2175.385685] Killed process 9151 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB 21:31:37 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r6, &(0x7f0000000280)={0x2, 0x0, @remote}, 0x10) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r7, 0x0, 0x2e, &(0x7f0000000140)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108) setsockopt$inet_msfilter(r6, 0x0, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="e0"], 0x10) tkill(r4, 0x3c) 21:31:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:31:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:37 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:37 executing program 0: r0 = open(&(0x7f00000001c0)='./bus\x00', 0x130042, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/seq/clients\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x4000000000010046) 21:31:37 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x9, 0x181300) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2175.759475] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:37 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0) dup2(r1, r2) 21:31:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2176.272253] kworker/u4:15 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2176.335351] kworker/u4:15 cpuset=/ mems_allowed=0-1 [ 2176.363981] CPU: 0 PID: 9226 Comm: kworker/u4:15 Not tainted 4.14.182-syzkaller #0 [ 2176.371731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2176.381088] Call Trace: [ 2176.384077] dump_stack+0x1b2/0x283 [ 2176.387714] dump_header+0x178/0x7aa [ 2176.391429] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2176.396453] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2176.401567] ? ___ratelimit+0x2cd/0x522 [ 2176.405581] oom_kill_process.cold+0x10/0xc16 [ 2176.410088] ? lock_downgrade+0x6e0/0x6e0 [ 2176.414420] out_of_memory+0x2d5/0x10f0 [ 2176.418410] ? oom_killer_disable+0x1c0/0x1c0 [ 2176.423019] ? mutex_trylock+0x152/0x1a0 [ 2176.428741] __alloc_pages_nodemask+0x2556/0x2730 [ 2176.433615] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2176.438462] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2176.444024] ? trace_hardirqs_on+0x10/0x10 [ 2176.448289] ? cache_grow_begin+0x3f/0x410 [ 2176.452626] cache_grow_begin+0x91/0x410 [ 2176.456696] fallback_alloc+0x205/0x2b0 [ 2176.460682] kmem_cache_alloc+0x1e5/0x3c0 [ 2176.464833] getname_kernel+0x4e/0x340 [ 2176.468723] call_usermodehelper_exec_async+0x27b/0x4c0 [ 2176.474112] ? umh_complete+0x80/0x80 [ 2176.477913] ret_from_fork+0x24/0x30 21:31:38 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:31:39 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x1, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) [ 2177.376102] Mem-Info: [ 2177.462913] active_anon:1237153 inactive_anon:6145 isolated_anon:0 [ 2177.462913] active_file:813 inactive_file:806 isolated_file:43 [ 2177.462913] unevictable:1839 dirty:17 writeback:27 unstable:0 [ 2177.462913] slab_reclaimable:18808 slab_unreclaimable:170665 [ 2177.462913] mapped:55159 shmem:7881 pagetables:43765 bounce:0 [ 2177.462913] free:23247 free_pcp:286 free_cma:0 [ 2177.518079] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2177.550272] Node 0 active_anon:1739464kB inactive_anon:16152kB active_file:104kB inactive_file:84kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209932kB dirty:12kB writeback:8kB shmem:23096kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:31:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) write(r3, &(0x7f0000000340), 0x0) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x28, 0x0, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc}]}, 0x28}}, 0x0) sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000029bd7000fcdbdf251500000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099004f7c08c0fa320f1b71e384215cd7c022e6cedf373e7b34a72107301dcb78fe1040d6682c7e86424e45f81643693a9628ae00264b964d4605e7df43da6dfd548d03eabdaaf373714e885ca5eed4200de7f731cd010f06ddf0d93f8c147e5a706fb3a99f9b3efef5124d1c0ab77b6ead9b3d756905f2457eb1"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x1) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:31:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYRES16], 0x510) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2177.645236] Node 1 active_anon:3193516kB inactive_anon:8428kB active_file:2848kB inactive_file:7448kB unevictable:6324kB isolated(anon):0kB isolated(file):48kB mapped:11508kB dirty:88kB writeback:0kB shmem:8428kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:31:39 executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_IP_TARGET={0x4}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x3}]}}}]}, 0x40}}, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x8932, &(0x7f0000000100)={'wg0\x00', @ifru_data=&(0x7f00000000c0)="f6b8dd3f174dab15adc7c7a7c0a35df877f39018a200b0c1c0cd2486b13350ea"}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, &(0x7f0000000000)=0x8, 0x1, 0x6) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2177.769590] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2177.842094] Node 0 DMA free:10356kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2178.240213] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2178.278669] Node 0 DMA32 free:27132kB min:36296kB low:45368kB high:54440kB active_anon:1738768kB inactive_anon:16152kB active_file:60kB inactive_file:560kB unevictable:1032kB writepending:4kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14432kB pagetables:37148kB bounce:0kB free_pcp:240kB local_pcp:120kB free_cma:0kB [ 2178.562437] lowmem_reserve[]: 0 0 0 0 0 [ 2178.611858] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2178.737850] lowmem_reserve[]: 0 0 0 0 0 [ 2178.742295] Node 1 Normal free:52664kB min:53592kB low:66988kB high:80384kB active_anon:3214392kB inactive_anon:8424kB active_file:356kB inactive_file:432kB unevictable:6324kB writepending:240kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59744kB pagetables:138020kB bounce:0kB free_pcp:228kB local_pcp:48kB free_cma:0kB [ 2178.814782] lowmem_reserve[]: 0 0 0 0 0 [ 2178.830526] Node 0 DMA: 13*4kB (ME) 54*8kB (UM) 17*16kB (UME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10356kB [ 2179.046344] Node 0 DMA32: 474*4kB (UME) 572*8kB (UME) 109*16kB (UME) 10*32kB (UM) 17*64kB (M) 48*128kB (UM) 33*256kB (M) 11*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 30872kB [ 2179.153346] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2179.176348] Node 1 Normal: 1519*4kB (UME) 525*8kB (UME) 283*16kB (UME) 1199*32kB (UM) 3*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53364kB [ 2179.266175] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2179.297421] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2179.306114] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2179.338714] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2179.361789] 8220 total pagecache pages [ 2179.370346] 0 pages in swap cache [ 2179.377287] Swap cache stats: add 0, delete 0, find 0/0 [ 2179.395802] Free swap = 0kB [ 2179.432875] Total swap = 0kB [ 2179.451500] 1965979 pages RAM [ 2179.466613] 0 pages HighMem/MovableOnly [ 2179.488989] 338455 pages reserved [ 2179.497076] 0 pages cma reserved [ 2179.503897] Out of memory: Kill process 1825 (syz-executor.0) score 1007 or sacrifice child [ 2179.528666] Killed process 1825 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB 21:31:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:31:41 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:41 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) recvfrom$x25(r3, &(0x7f0000000380)=""/219, 0xdb, 0x122, &(0x7f00000000c0)={0x9, @remote={[], 0x2}}, 0x12) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0xc) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:41 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x910b6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000100)={0xf000000, 0x4, 0x5, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x990af8, 0x1, [], @p_u16=&(0x7f0000000000)=0xe6d}}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r5, 0xc0bc5351, &(0x7f0000000380)={0x8, 0x2, 'client1\x00', 0x4, "d4801e763025a129", "d8529d8f5322499908cbc6280accb97d636cbd0da216ddc0611e6fdb190c1b95", 0x4, 0x6}) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2179.888137] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2180.228709] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2180.504770] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x91}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x8) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) shmat(0x0, &(0x7f0000ffb000/0x4000)=nil, 0x6000) shmctl$SHM_STAT_ANY(0x0, 0xf, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, 0xffffffffffffffff, 0x0) 21:31:42 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:42 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$l2tp6(0xa, 0x2, 0x73) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@loopback, 0x4, 0x0, 0x2, 0x1, 0x8, 0x1ff}, &(0x7f0000000100)=0x20) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2180.886189] syz-executor.2 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2180.979436] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 2180.984786] CPU: 1 PID: 9327 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 2180.997312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2181.007546] Call Trace: [ 2181.010146] dump_stack+0x1b2/0x283 [ 2181.013806] dump_header+0x178/0x7aa [ 2181.017531] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2181.022553] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2181.027754] ? ___ratelimit+0x2cd/0x522 [ 2181.032437] oom_kill_process.cold+0x10/0xc16 [ 2181.036949] ? lock_downgrade+0x6e0/0x6e0 [ 2181.041110] out_of_memory+0x2d5/0x10f0 [ 2181.045106] ? oom_killer_disable+0x1c0/0x1c0 [ 2181.049786] ? mutex_trylock+0x152/0x1a0 [ 2181.053953] __alloc_pages_nodemask+0x2556/0x2730 [ 2181.058821] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2181.063680] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2181.068618] ? trace_hardirqs_on+0x10/0x10 [ 2181.072864] ? finish_task_switch+0x178/0x610 [ 2181.077376] ? cache_grow_begin+0x3f/0x410 [ 2181.081708] cache_grow_begin+0x91/0x410 [ 2181.085774] fallback_alloc+0x205/0x2b0 [ 2181.089791] kmem_cache_alloc+0x1e5/0x3c0 [ 2181.093944] getname_flags+0xc8/0x550 [ 2181.097757] ? SyS_access+0x20/0x20 [ 2181.101388] user_path_at_empty+0x2a/0x50 [ 2181.105538] SyS_chdir+0x7e/0x1a0 [ 2181.109006] ? SyS_access+0x20/0x20 [ 2181.112644] ? SyS_access+0x20/0x20 [ 2181.116273] do_syscall_64+0x1d5/0x640 [ 2181.120168] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2181.125368] RIP: 0033:0x45c0b7 [ 2181.128555] RSP: 002b:00007ffe32749168 EFLAGS: 00000246 ORIG_RAX: 0000000000000050 [ 2181.136266] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c0b7 [ 2181.143653] RDX: 0000000000000001 RSI: 0000000000741e70 RDI: 00007ffe327491b0 [ 2181.152748] RBP: 0000000000000000 R08: 0000000000000001 R09: 00000000010f9940 [ 2181.160023] R10: 00000000010f9c10 R11: 0000000000000246 R12: 0000000000000000 [ 2181.167378] R13: 00007ffe327491a0 R14: 0000000000000000 R15: 00007ffe327491b0 21:31:43 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_default\x00', &(0x7f00000002c0)=""/14, 0xe) sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0x54, 0x0, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e21}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @loopback}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp6}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={[], [], @local}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x40000) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="38000000509f0400000000000000feca0a5aab226e6fcc325f6b52cff98bb6987ce1ee266ecf328ad64b0e03408aa87a7104b6f1ec421bf53faad6c90467d2686dad7feced0b2c59e8343e201f77a9ab04fa9369716863be869cd3e75aae55aff81ae504428a6a7cd0621207f3d44ca5eb0887fb12396c92f237fd0e4b80777c4cf6cf81c0f0f5b7f5e369fd768be52b6a2a0abc38b7514d3fbefe0b94342c0dc99bed000000000000000000", @ANYRES16=0x0, @ANYBLOB="200027bd7000fcdbdf250600000008000c000000000008000900048e40000070196250d327cb2eca305db48efd6feb000100"/66], 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x3, 0x0, 0x40}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2182.086297] Mem-Info: [ 2182.094732] active_anon:1239647 inactive_anon:6145 isolated_anon:0 [ 2182.094732] active_file:53 inactive_file:250 isolated_file:0 [ 2182.094732] unevictable:1839 dirty:0 writeback:0 unstable:0 [ 2182.094732] slab_reclaimable:18742 slab_unreclaimable:171384 [ 2182.094732] mapped:53800 shmem:7881 pagetables:43854 bounce:0 [ 2182.094732] free:21591 free_pcp:113 free_cma:0 [ 2182.504913] Node 0 active_anon:1738292kB inactive_anon:16152kB active_file:4kB inactive_file:120kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209936kB dirty:0kB writeback:0kB shmem:23096kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2182.811534] Node 1 active_anon:3219800kB inactive_anon:8428kB active_file:88kB inactive_file:0kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5064kB dirty:0kB writeback:20kB shmem:8428kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2183.116054] Node 0 DMA free:10344kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2183.405958] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2183.411032] Node 0 DMA32 free:28600kB min:36296kB low:45368kB high:54440kB active_anon:1736748kB inactive_anon:16152kB active_file:8kB inactive_file:20kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14336kB pagetables:37160kB bounce:0kB free_pcp:60kB local_pcp:60kB free_cma:0kB [ 2183.760145] lowmem_reserve[]: 0 0 0 0 0 [ 2183.764176] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2184.075941] lowmem_reserve[]: 0 0 0 0 0 [ 2184.080813] Node 1 Normal free:50144kB min:53592kB low:66988kB high:80384kB active_anon:3219888kB inactive_anon:8428kB active_file:60kB inactive_file:72kB unevictable:6324kB writepending:0kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59424kB pagetables:138168kB bounce:0kB free_pcp:24kB local_pcp:24kB free_cma:0kB [ 2184.366425] lowmem_reserve[]: 0 0 0 0 0 [ 2184.370540] Node 0 DMA: 14*4kB (UME) 54*8kB (UM) 16*16kB (ME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10344kB [ 2184.575839] Node 0 DMA32: 450*4kB (UME) 418*8kB (UME) 100*16kB (UME) 7*32kB (UM) 2*64kB (M) 34*128kB (M) 37*256kB (UM) 13*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 28600kB [ 2184.727441] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2184.835827] Node 1 Normal: 538*4kB (UME) 250*8kB (UMEH) 38*16kB (ME) 1243*32kB (UMEH) 89*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 50232kB [ 2184.960888] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2185.035918] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2185.045311] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2185.195842] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2185.204463] 8190 total pagecache pages [ 2185.338239] 0 pages in swap cache [ 2185.445765] Swap cache stats: add 0, delete 0, find 0/0 [ 2185.451253] Free swap = 0kB [ 2185.454356] Total swap = 0kB [ 2185.504458] 1965979 pages RAM [ 2185.524267] 0 pages HighMem/MovableOnly [ 2185.569858] 338455 pages reserved [ 2185.573340] 0 pages cma reserved [ 2185.655784] Out of memory: Kill process 9330 (syz-executor.5) score 1007 or sacrifice child [ 2185.664472] Killed process 9330 (syz-executor.5) total-vm:75632kB, anon-rss:16588kB, file-rss:35820kB, shmem-rss:0kB [ 2186.199668] IPVS: ftp: loaded support on port[0] = 21 21:31:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2187.021021] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2188.190090] IPVS: ftp: loaded support on port[0] = 21 21:31:50 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VIDIOC_ENUM_DV_TIMINGS(0xffffffffffffffff, 0xc0945662, &(0x7f0000000380)={0x8001, 0x0, [], {0x0, @bt={0x5, 0x4, 0x1, 0x4, 0x8, 0xc6, 0x4, 0x8, 0x7fffffff, 0x8001, 0x2, 0xb5, 0x0, 0x9, 0x9, 0x10, {0x5, 0xacc}, 0xfe, 0x7}}}) tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:50 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:31:50 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:50 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0xffffffff, 0x200003, 0x0, 0x8000000000000}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:31:50 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x3, &(0x7f00000000c0)=0x0) io_getevents(r2, 0x0, 0x0, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) io_destroy(0x0) 21:31:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2188.376924] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:50 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') symlink(&(0x7f00000001c0)='.\x00', &(0x7f0000000200)='./file0\x00') lchown(&(0x7f0000000140)='./file0/../file0/file0\x00', 0xee01, 0x0) unlink(&(0x7f0000000380)='./file0/../file0/file0\x00') 21:31:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2188.792989] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2188.940530] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2189.132702] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2189.362797] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:51 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:31:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:51 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) r4 = getpid() sched_setscheduler(r4, 0x5, &(0x7f0000000380)) socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x4040}, 0x0, 0x100000000000000d, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2189.539489] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:51 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0xffffffffffffff09, 0x6, 0x0, 0x0, 0x1, 0x800, 0x0, 0xfffffffffffffffe, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$IPSET_CMD_DEL(r4, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c0100000a06000800000000000000000c0000090900020073797a31000000002400078005000300070000000900130073797a30000000000c001b40000000000000000620000880100007800c001b4000000000000000000c00078008001c4000000000780008800c0007800800094000000006100007800c00148008000140ac0000000000000000000940000000451800078014001700657468315f766972745f776966690018000780140017006272696467655f736c6176655f3000000c0007800800084000000054100007800c01900008800c00078006001d40000500000c0007800800094029a15679100007800c001b40ff000000000000080c0007800800094000000003100007800c0019400000000000000001100007800c001940000000f900000003180007801400170063616966300000000000000000001000100007800900120073797a3200000000100007800a001100bbbbbbbbbbbb00009f3a665e423883a97ba92383bee1d343ae84f70e1cf32c8a665d8d866e5c9b6fb8c8144ccc871b55d3fa973b757d60bd218fcb66b3d9224542dafc6d69d18602408d4654f8e978cbe98bd522597078ac13a19cbe720000000000000000"], 0x16c}, 0x1, 0x0, 0x0, 0x44000}, 0x14000840) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2189.597826] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2189.611380] IPVS: ftp: loaded support on port[0] = 21 21:31:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2189.793833] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2189.864114] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:31:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:52 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:52 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:31:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2191.585881] IPVS: ftp: loaded support on port[0] = 21 21:31:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYRES16], 0x510) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:31:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) r4 = socket(0x1a, 0x80000, 0x1) ioctl$SIOCGETNODEID(r4, 0x89e1, &(0x7f00000000c0)={0x3}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x2010044, &(0x7f0000000380)='A\xcb\x03\x8b\x99\xba`\a\xca\xfa\xe8f,\x00\xd2\xff\x85O\f\xb9\x9e\xdd\xf0\xb4\xf1\v\x90\x81\xb5\x84*\x16TsP\xce \xe5\xea+nN\xdf\x81S\xd1C\xcb\xdf\xc0fx\xfc*\xa8\xd9T\xf9\x9dF\xee\xcdZF;\x02>+#\xad\x96k]\xa7\xc0\xd5\xe1\xfe\xbfL\xba\xdb\x9ab/@n\x9f4\x03\xc9\xd8\tN\xa3\xc4\x82\x83\xa0\xa7\xdc\xaa\a!\xf9g\x8av\xdd?\x1e\xb3o\x7f:\n6\x1f\xc0p\x8e/\x14\x8a\xb3-\xee\x85..* \xee\xc4\x01F\xa6\x89e\xe0%\xa9\xa5\xd4\xe5\v\xed\x95\xdf\x8f\x82bT?\x0fG\x00\x00\x00\x00\x00\xc0\x89\xf8R\x88\xbb<:\xa9\xc3\xf1\xb3\xe0\xb6\xa37\xadg\xa5\xc03\xe7\x04z\xed\xae\x85\xe7\xef\x16\xf7\xef\xe2\xc2{\xc1p heL\x00\x00\x00\x00\x01\x00\x00\x00U\xfd\xe4\xad\f3\v\r\x0f\xbbI\xb9{\x91\xd1\xa0\x02\b\xb8\x15\xe5\xd9O3\xfdiF\xdb\'\xe1B\x12\x99\x14\xca\xe1v@\xa7\xca=;\x99\xda\a\xc3^\x1c\x04]\xb4\xda;UB\xd2\t\xe8z\xbf\x9b\x11\xbe\xefi\x1bOz\xf8\xe0\xd3') 21:31:54 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2192.624191] systemd-udevd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2192.658641] systemd-udevd cpuset=/ mems_allowed=0-1 [ 2192.692572] CPU: 0 PID: 9465 Comm: systemd-udevd Not tainted 4.14.182-syzkaller #0 [ 2192.700333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2192.709686] Call Trace: [ 2192.712476] dump_stack+0x1b2/0x283 [ 2192.716208] dump_header+0x178/0x7aa [ 2192.719936] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2192.724931] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2192.730011] ? ___ratelimit+0x2cd/0x522 [ 2192.734138] oom_kill_process.cold+0x10/0xc16 [ 2192.738626] ? lock_downgrade+0x6e0/0x6e0 [ 2192.742757] out_of_memory+0x2d5/0x10f0 [ 2192.746713] ? oom_killer_disable+0x1c0/0x1c0 [ 2192.751198] ? mutex_trylock+0x152/0x1a0 [ 2192.755340] __alloc_pages_nodemask+0x2556/0x2730 [ 2192.760168] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2192.764987] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2192.769808] ? trace_hardirqs_on+0x10/0x10 [ 2192.774038] ? cache_grow_begin+0x3f/0x410 [ 2192.778253] cache_grow_begin+0x91/0x410 [ 2192.782294] fallback_alloc+0x205/0x2b0 [ 2192.786533] kmem_cache_alloc+0x1e5/0x3c0 [ 2192.791185] getname_flags+0xc8/0x550 [ 2192.794964] user_path_at_empty+0x2a/0x50 [ 2192.799096] SyS_readlinkat+0xa8/0x270 [ 2192.802964] ? SyS_newfstat+0xd0/0xd0 [ 2192.806745] ? do_syscall_64+0x4c/0x640 [ 2192.810799] ? SyS_newfstat+0xd0/0xd0 [ 2192.814585] do_syscall_64+0x1d5/0x640 [ 2192.818888] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2192.824058] RIP: 0033:0x7faa403b10ba [ 2192.827832] RSP: 002b:00007ffeed209d18 EFLAGS: 00000206 ORIG_RAX: 000000000000010b [ 2192.835778] RAX: ffffffffffffffda RBX: 00005601431204a0 RCX: 00007faa403b10ba [ 2192.843124] RDX: 00005601431204a0 RSI: 0000560143120450 RDI: 00000000ffffff9c [ 2192.850377] RBP: 0000000000000064 R08: 0000560141c05670 R09: 0000000000000070 [ 2192.857638] R10: 0000000000000063 R11: 0000000000000206 R12: 0000560143120450 [ 2192.864885] R13: 00000000ffffff9c R14: 00007ffeed209d70 R15: 0000000000000063 [ 2193.546402] Mem-Info: [ 2193.549035] active_anon:1235805 inactive_anon:6145 isolated_anon:0 [ 2193.549035] active_file:78 inactive_file:67 isolated_file:3 [ 2193.549035] unevictable:1839 dirty:22 writeback:0 unstable:0 [ 2193.549035] slab_reclaimable:18703 slab_unreclaimable:170439 [ 2193.549035] mapped:53866 shmem:7882 pagetables:43953 bounce:0 [ 2193.549035] free:25956 free_pcp:295 free_cma:0 [ 2193.583401] Node 0 active_anon:1726800kB inactive_anon:16164kB active_file:120kB inactive_file:76kB unevictable:1032kB isolated(anon):0kB isolated(file):12kB mapped:210140kB dirty:56kB writeback:0kB shmem:23108kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2193.643498] Node 1 active_anon:3216420kB inactive_anon:8416kB active_file:88kB inactive_file:88kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5124kB dirty:32kB writeback:0kB shmem:8420kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2193.841151] Node 0 DMA free:10344kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2193.939866] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2193.955108] Node 0 DMA32 free:36296kB min:36296kB low:45368kB high:54440kB active_anon:1725180kB inactive_anon:16164kB active_file:456kB inactive_file:716kB unevictable:1032kB writepending:32kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14304kB pagetables:36996kB bounce:0kB free_pcp:1188kB local_pcp:676kB free_cma:0kB [ 2194.079440] lowmem_reserve[]: 0 0 0 0 0 [ 2194.092906] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2194.240515] lowmem_reserve[]: 0 0 0 0 0 [ 2194.259731] Node 1 Normal free:56440kB min:53592kB low:66988kB high:80384kB active_anon:3216296kB inactive_anon:8416kB active_file:0kB inactive_file:8kB unevictable:6324kB writepending:72kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59584kB pagetables:138636kB bounce:0kB free_pcp:668kB local_pcp:20kB free_cma:0kB [ 2194.292352] lowmem_reserve[]: 0 0 0 0 0 [ 2194.298728] Node 0 DMA: 14*4kB (UME) 54*8kB (UM) 16*16kB (ME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10344kB [ 2194.315085] Node 0 DMA32: 449*4kB (ME) 317*8kB (UME) 104*16kB (UME) 77*32kB (UM) 65*64kB (UM) 34*128kB (UM) 38*256kB (M) 19*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 37452kB [ 2194.332548] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2194.343584] Node 1 Normal: 648*4kB (UME) 446*8kB (UME) 454*16kB (UME) 1253*32kB (UME) 59*64kB (M) 15*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 59216kB [ 2194.358753] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2194.367868] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2194.438337] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2194.481990] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2194.493957] 9390 total pagecache pages [ 2194.502471] 0 pages in swap cache [ 2194.511342] Swap cache stats: add 0, delete 0, find 0/0 [ 2194.538205] Free swap = 0kB [ 2194.542306] Total swap = 0kB [ 2194.564934] 1965979 pages RAM [ 2194.568068] 0 pages HighMem/MovableOnly [ 2194.572163] 338455 pages reserved 21:31:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:31:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2194.592256] 0 pages cma reserved [ 2194.634931] Out of memory: Kill process 9592 (syz-executor.0) score 1007 or sacrifice child [ 2194.792740] IPVS: ftp: loaded support on port[0] = 21 [ 2195.248757] syz-executor.2 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2195.315551] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 2195.344694] CPU: 0 PID: 24234 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 2195.352637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2195.361988] Call Trace: [ 2195.364578] dump_stack+0x1b2/0x283 [ 2195.368209] dump_header+0x178/0x7aa [ 2195.371917] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2195.376929] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2195.382028] ? ___ratelimit+0x2cd/0x522 [ 2195.386176] oom_kill_process.cold+0x10/0xc16 [ 2195.390675] ? lock_downgrade+0x6e0/0x6e0 [ 2195.394821] out_of_memory+0x2d5/0x10f0 [ 2195.398801] ? oom_killer_disable+0x1c0/0x1c0 [ 2195.403294] ? mutex_trylock+0x152/0x1a0 [ 2195.407369] __alloc_pages_nodemask+0x2556/0x2730 [ 2195.412221] ? trace_hardirqs_on+0x10/0x10 [ 2195.416458] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2195.421295] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2195.426140] ? trace_hardirqs_on+0x10/0x10 [ 2195.430386] ? cache_grow_begin+0x3f/0x410 [ 2195.435053] cache_grow_begin+0x91/0x410 [ 2195.439202] fallback_alloc+0x205/0x2b0 [ 2195.443175] kmem_cache_alloc_node+0xe3/0x400 [ 2195.447669] copy_process.part.0+0x17d5/0x6fa0 [ 2195.452249] ? trace_hardirqs_on+0x10/0x10 [ 2195.456484] ? trace_hardirqs_on+0x10/0x10 [ 2195.460714] ? do_wp_page+0x24c/0x1dc0 [ 2195.464612] ? __handle_mm_fault+0x18e8/0x3700 [ 2195.469198] ? finish_mkwrite_fault+0x5e0/0x5e0 [ 2195.473889] ? __cleanup_sighand+0x40/0x40 [ 2195.478120] ? lock_downgrade+0x6e0/0x6e0 [ 2195.482287] _do_fork+0x180/0xc80 [ 2195.485741] ? put_timespec64+0xaa/0xf0 [ 2195.489709] ? fork_idle+0x270/0x270 [ 2195.493420] ? SyS_clock_gettime+0xf5/0x180 [ 2195.497739] ? SyS_clock_settime+0x1a0/0x1a0 [ 2195.502151] ? do_syscall_64+0x4c/0x640 [ 2195.506121] ? sys_vfork+0x20/0x20 [ 2195.509669] do_syscall_64+0x1d5/0x640 [ 2195.513570] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2195.518839] RIP: 0033:0x45b09a [ 2195.522020] RSP: 002b:00007ffe32749120 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2195.529728] RAX: ffffffffffffffda RBX: 00007ffe32749120 RCX: 000000000045b09a [ 2195.536990] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2195.544256] RBP: 00007ffe32749160 R08: 0000000000000001 R09: 00000000010f9940 [ 2195.551525] R10: 00000000010f9c10 R11: 0000000000000246 R12: 0000000000000001 [ 2195.558793] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe327491b0 [ 2197.269774] Mem-Info: [ 2197.272235] active_anon:1239195 inactive_anon:6145 isolated_anon:0 [ 2197.272235] active_file:18 inactive_file:30 isolated_file:0 [ 2197.272235] unevictable:1839 dirty:9 writeback:0 unstable:0 [ 2197.272235] slab_reclaimable:18698 slab_unreclaimable:170401 [ 2197.272235] mapped:53745 shmem:7882 pagetables:43922 bounce:0 [ 2197.272235] free:23344 free_pcp:0 free_cma:0 [ 2197.584682] Node 0 active_anon:1734504kB inactive_anon:16164kB active_file:132kB inactive_file:0kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209932kB dirty:36kB writeback:0kB shmem:23112kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2197.809542] Node 1 active_anon:3222276kB inactive_anon:8416kB active_file:40kB inactive_file:56kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5048kB dirty:0kB writeback:0kB shmem:8416kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2198.024642] Node 0 DMA free:10344kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2198.249274] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2198.254353] Node 0 DMA32 free:30052kB min:36296kB low:45368kB high:54440kB active_anon:1732996kB inactive_anon:16164kB active_file:144kB inactive_file:16kB unevictable:1032kB writepending:36kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14400kB pagetables:37060kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 2198.544459] lowmem_reserve[]: 0 0 0 0 0 [ 2198.593979] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2198.780960] lowmem_reserve[]: 0 0 0 0 0 [ 2198.831976] Node 1 Normal free:53020kB min:53592kB low:66988kB high:80384kB active_anon:3222276kB inactive_anon:8416kB active_file:96kB inactive_file:0kB unevictable:6324kB writepending:0kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59456kB pagetables:138536kB bounce:0kB free_pcp:24kB local_pcp:0kB free_cma:0kB [ 2199.067488] lowmem_reserve[]: 0 0 0 0 0 [ 2199.071543] Node 0 DMA: 14*4kB (UME) 54*8kB (UM) 16*16kB (ME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10344kB [ 2199.229744] Node 0 DMA32: 553*4kB (UME) 314*8kB (UME) 119*16kB (UME) 10*32kB (UM) 1*64kB (M) 20*128kB (M) 38*256kB (M) 19*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 30052kB [ 2199.364524] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2199.446873] Node 1 Normal: 397*4kB (UME) 279*8kB (UME) 77*16kB (UME) 1269*32kB (UME) 75*64kB (UM) 20*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53020kB [ 2199.556870] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2199.670822] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2199.747761] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2199.829907] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2199.938691] 8198 total pagecache pages [ 2199.942614] 0 pages in swap cache [ 2199.969992] Swap cache stats: add 0, delete 0, find 0/0 [ 2200.032618] Free swap = 0kB [ 2200.044272] Total swap = 0kB [ 2200.087502] 1965979 pages RAM [ 2200.090627] 0 pages HighMem/MovableOnly [ 2200.164441] 338455 pages reserved [ 2200.167936] 0 pages cma reserved [ 2200.171478] Out of memory: Kill process 9598 (syz-executor.5) score 1007 or sacrifice child [ 2200.274327] Killed process 9639 (syz-executor.5) total-vm:75764kB, anon-rss:16596kB, file-rss:35820kB, shmem-rss:0kB [ 2200.524892] oom_reaper: reaped process 9639 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 21:32:02 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2201.652342] systemd-journal invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2201.665773] systemd-journal cpuset=/ mems_allowed=0-1 [ 2201.681501] CPU: 1 PID: 4063 Comm: systemd-journal Not tainted 4.14.182-syzkaller #0 [ 2201.689409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2201.698762] Call Trace: [ 2201.701353] dump_stack+0x1b2/0x283 [ 2201.704984] dump_header+0x178/0x7aa [ 2201.708708] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2201.713724] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2201.718814] ? ___ratelimit+0x2cd/0x522 [ 2201.722768] oom_kill_process.cold+0x10/0xc16 [ 2201.727243] ? lock_downgrade+0x6e0/0x6e0 [ 2201.731368] out_of_memory+0x2d5/0x10f0 [ 2201.735329] ? oom_killer_disable+0x1c0/0x1c0 [ 2201.739799] ? mutex_trylock+0x152/0x1a0 [ 2201.744611] __alloc_pages_nodemask+0x2556/0x2730 [ 2201.749452] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2201.754282] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2201.759114] ? trace_hardirqs_on+0x10/0x10 [ 2201.763333] ? cache_grow_begin+0x3f/0x410 [ 2201.768239] cache_grow_begin+0x91/0x410 [ 2201.772278] fallback_alloc+0x205/0x2b0 [ 2201.776230] kmem_cache_alloc+0x1e5/0x3c0 [ 2201.780355] getname_flags+0xc8/0x550 [ 2201.784132] do_sys_open+0x202/0x3e0 [ 2201.787836] ? filp_open+0x60/0x60 [ 2201.791355] ? do_syscall_64+0x4c/0x640 [ 2201.795305] ? do_sys_open+0x3e0/0x3e0 [ 2201.799178] do_syscall_64+0x1d5/0x640 [ 2201.803055] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2201.808310] RIP: 0033:0x7f6f70656840 [ 2201.812002] RSP: 002b:00007ffc5f6be6a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 2201.819690] RAX: ffffffffffffffda RBX: 00007ffc5f6be9b0 RCX: 00007f6f70656840 [ 2201.827058] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055ff483aa120 [ 2201.834305] RBP: 000000000000000d R08: 0000000000000000 R09: 00000000ffffffff [ 2201.841566] R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff [ 2201.848827] R13: 000055ff483a6060 R14: 00007ffc5f6be970 R15: 000055ff483aa930 [ 2201.936126] Mem-Info: [ 2201.939602] active_anon:1236263 inactive_anon:6146 isolated_anon:0 [ 2201.939602] active_file:230 inactive_file:220 isolated_file:2 [ 2201.939602] unevictable:1839 dirty:12 writeback:0 unstable:0 [ 2201.939602] slab_reclaimable:18703 slab_unreclaimable:170615 [ 2201.939602] mapped:54142 shmem:7882 pagetables:43953 bounce:0 [ 2201.939602] free:25413 free_pcp:48 free_cma:0 [ 2202.240376] Node 0 active_anon:1727488kB inactive_anon:16160kB active_file:228kB inactive_file:140kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210228kB dirty:44kB writeback:0kB shmem:23104kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2202.403796] Node 1 active_anon:3220364kB inactive_anon:8424kB active_file:88kB inactive_file:104kB unevictable:6324kB isolated(anon):0kB isolated(file):16kB mapped:5140kB dirty:4kB writeback:0kB shmem:8424kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2202.431707] Node 0 DMA free:10344kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2202.458611] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2202.463887] Node 0 DMA32 free:36384kB min:36296kB low:45368kB high:54440kB active_anon:1725980kB inactive_anon:16160kB active_file:128kB inactive_file:128kB unevictable:1032kB writepending:44kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14304kB pagetables:37140kB bounce:0kB free_pcp:360kB local_pcp:224kB free_cma:0kB [ 2202.510932] lowmem_reserve[]: 0 0 0 0 0 [ 2202.526253] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2202.571290] lowmem_reserve[]: 0 0 0 0 0 [ 2202.575368] Node 1 Normal free:53156kB min:53592kB low:66988kB high:80384kB active_anon:3219972kB inactive_anon:8424kB active_file:252kB inactive_file:272kB unevictable:6324kB writepending:4kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59712kB pagetables:138580kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 2202.605223] lowmem_reserve[]: 0 0 0 0 0 [ 2202.609230] Node 0 DMA: 14*4kB (UME) 54*8kB (UM) 16*16kB (ME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10344kB [ 2202.630000] Node 0 DMA32: 358*4kB (UE) 152*8kB (ME) 110*16kB (UME) 91*32kB (UM) 74*64kB (UM) 28*128kB (UM) 38*256kB (M) 19*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 36120kB [ 2202.653309] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2202.665590] Node 1 Normal: 105*4kB (UME) 192*8kB (UME) 359*16kB (UME) 1264*32kB (ME) 77*64kB (M) 5*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53716kB [ 2202.680393] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2202.691894] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2202.700552] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2202.709597] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2202.718742] 8226 total pagecache pages [ 2202.722637] 0 pages in swap cache [ 2202.726127] Swap cache stats: add 0, delete 0, find 0/0 [ 2202.731481] Free swap = 0kB [ 2202.734526] Total swap = 0kB [ 2202.737540] 1965979 pages RAM [ 2202.740698] 0 pages HighMem/MovableOnly [ 2202.750183] 338455 pages reserved [ 2202.753656] 0 pages cma reserved [ 2202.757069] Out of memory: Kill process 1852 (syz-executor.0) score 1007 or sacrifice child [ 2202.772962] Killed process 1852 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2202.841543] net_ratelimit: 2 callbacks suppressed [ 2202.841548] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0xffffffffffffff09, 0x6, 0x0, 0x0, 0x1, 0x800, 0x0, 0xfffffffffffffffe, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$IPSET_CMD_DEL(r4, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c0100000a06000800000000000000000c0000090900020073797a31000000002400078005000300070000000900130073797a30000000000c001b40000000000000000620000880100007800c001b4000000000000000000c00078008001c4000000000780008800c0007800800094000000006100007800c00148008000140ac0000000000000000000940000000451800078014001700657468315f766972745f776966690018000780140017006272696467655f736c6176655f3000000c0007800800084000000054100007800c01900008800c00078006001d40000500000c0007800800094029a15679100007800c001b40ff000000000000080c0007800800094000000003100007800c0019400000000000000001100007800c001940000000f900000003180007801400170063616966300000000000000000001000100007800900120073797a3200000000100007800a001100bbbbbbbbbbbb00009f3a665e423883a97ba92383bee1d343ae84f70e1cf32c8a665d8d866e5c9b6fb8c8144ccc871b55d3fa973b757d60bd218fcb66b3d9224542dafc6d69d18602408d4654f8e978cbe98bd522597078ac13a19cbe720000000000000000"], 0x16c}, 0x1, 0x0, 0x0, 0x44000}, 0x14000840) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2203.002617] IPVS: ftp: loaded support on port[0] = 21 21:32:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:05 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VIDIOC_G_AUDIO(0xffffffffffffffff, 0x80345621, &(0x7f00000000c0)) tkill(r4, 0x3c) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2203.309897] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:05 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f00000000c0)="b763ff03dce146189d67bc0c8f954e604edad278d6fd183ef280dad327b41ba6fe887313853a0498bb82e8e027bf51287ce9c0180eed4a239cd16fab4126c7477071bf4fc691c618b4f5", 0x4a) write(r3, &(0x7f0000000340), 0x41395527) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x5c, 0x0, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x80}, @BATADV_ATTR_ISOLATION_MARK={0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x401}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7f}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3ff}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4429}]}, 0x5c}, 0x1, 0x0, 0x0, 0x81}, 0x4010) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) write$RDMA_USER_CM_CMD_ACCEPT(0xffffffffffffffff, &(0x7f0000000380)={0x8, 0x120, 0xfa00, {0x2, {0x1ff, 0x1ff, "b299316ffaddb6c0f55c7c1be15147d17faf8acb21d4cd4409a4e2755d8bcea2b68ce01eeebe798411db29abe080da32257f7540e758fc150da53d0c114fc8a616a903e16aa89c1ce7edebbfadaa92947f6fff0221c0484e3b929939f2acca43b42706314f121b742c07441dc6dee1acfa7ad1815fa7c2c4f40f374a87e47e155b3b385b38876576e357dc71a35911135c937988b09a8e0a8a8b910da63e3dcf00ad5c26f2f21310fdb70969ea10a6e0b447091acee909983e3928dd65242e64f69fce1869cd0f28463d23d8c1d8a3caad45af8a57b6bfb4be00e22931973019f8eef3d3af3413ab4494a49af2cbcfbeaa38a890ed9eadabbaa8c3bd3cbf40d2", 0x7f, 0x1, 0x7f, 0x2, 0x10, 0x7, 0x6e, 0x1}}}, 0x128) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) syncfs(r2) 21:32:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2204.027106] kworker/u4:8 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 2204.168487] kworker/u4:8 cpuset=/ mems_allowed=0-1 [ 2204.362481] CPU: 1 PID: 4755 Comm: kworker/u4:8 Not tainted 4.14.182-syzkaller #0 [ 2204.370134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2204.379500] Workqueue: events_unbound call_usermodehelper_exec_work [ 2204.385909] Call Trace: [ 2204.388505] dump_stack+0x1b2/0x283 [ 2204.392154] dump_header+0x178/0x7aa [ 2204.395870] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2204.400885] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2204.405993] ? ___ratelimit+0x2cd/0x522 [ 2204.409973] oom_kill_process.cold+0x10/0xc16 [ 2204.414469] ? lock_downgrade+0x6e0/0x6e0 [ 2204.418620] out_of_memory+0x2d5/0x10f0 [ 2204.422598] ? oom_killer_disable+0x1c0/0x1c0 [ 2204.427087] ? mutex_trylock+0x152/0x1a0 [ 2204.431152] __alloc_pages_nodemask+0x2556/0x2730 [ 2204.435998] ? __lock_acquire+0x655/0x42a0 [ 2204.440235] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2204.445093] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2204.450109] ? kmem_cache_alloc_node+0x387/0x400 [ 2204.454871] copy_process.part.0+0x26a/0x6fa0 [ 2204.459374] ? __lock_acquire+0x655/0x42a0 [ 2204.463612] ? trace_hardirqs_on+0x10/0x10 [ 2204.467855] ? static_obj+0x50/0x50 [ 2204.471577] ? trace_hardirqs_on+0x10/0x10 [ 2204.475809] ? __lock_acquire+0x655/0x42a0 [ 2204.480050] ? umh_complete+0x80/0x80 [ 2204.483852] ? __cleanup_sighand+0x40/0x40 [ 2204.488098] ? umh_complete+0x80/0x80 [ 2204.492110] _do_fork+0x180/0xc80 [ 2204.495912] ? lock_downgrade+0x6e0/0x6e0 [ 2204.500492] ? fork_idle+0x270/0x270 [ 2204.504293] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2204.509393] ? debug_object_deactivate+0x1cc/0x350 [ 2204.514843] ? process_one_work+0x6ec/0x14c0 [ 2204.519248] ? umh_complete+0x80/0x80 [ 2204.523045] kernel_thread+0x2f/0x40 [ 2204.526758] call_usermodehelper_exec_work+0x193/0x210 [ 2204.532035] ? call_usermodehelper_exec_async+0x4c0/0x4c0 [ 2204.537570] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2204.543017] process_one_work+0x7c0/0x14c0 [ 2204.547262] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 2204.551925] ? worker_thread+0x163/0x1080 [ 2204.556071] ? _raw_spin_unlock_irq+0x24/0x90 [ 2204.560564] worker_thread+0x5d7/0x1080 [ 2204.564541] ? process_one_work+0x14c0/0x14c0 [ 2204.569032] kthread+0x30d/0x420 [ 2204.572394] ? kthread_create_on_node+0xd0/0xd0 [ 2204.577060] ret_from_fork+0x24/0x30 [ 2204.660961] Mem-Info: [ 2204.664924] active_anon:1237696 inactive_anon:6146 isolated_anon:0 [ 2204.664924] active_file:96 inactive_file:86 isolated_file:0 [ 2204.664924] unevictable:1839 dirty:9 writeback:0 unstable:0 [ 2204.664924] slab_reclaimable:18693 slab_unreclaimable:171079 [ 2204.664924] mapped:53889 shmem:7882 pagetables:44021 bounce:0 [ 2204.664924] free:23663 free_pcp:63 free_cma:0 [ 2204.728486] Node 0 active_anon:1734012kB inactive_anon:16160kB active_file:140kB inactive_file:152kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210168kB dirty:28kB writeback:0kB shmem:23104kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2205.010260] Node 1 active_anon:3216916kB inactive_anon:8424kB active_file:4kB inactive_file:44kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5152kB dirty:0kB writeback:0kB shmem:8424kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2205.289473] Node 0 DMA free:10344kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2205.332739] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2205.340856] Node 0 DMA32 free:30404kB min:36296kB low:45368kB high:54440kB active_anon:1732452kB inactive_anon:16160kB active_file:8kB inactive_file:52kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14496kB pagetables:37068kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2205.382444] lowmem_reserve[]: 0 0 0 0 0 [ 2205.397778] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2205.435696] lowmem_reserve[]: 0 0 0 0 0 [ 2205.439801] Node 1 Normal free:53680kB min:53592kB low:66988kB high:80384kB active_anon:3216916kB inactive_anon:8424kB active_file:72kB inactive_file:536kB unevictable:6324kB writepending:0kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59680kB pagetables:138936kB bounce:0kB free_pcp:792kB local_pcp:124kB free_cma:0kB [ 2205.481416] lowmem_reserve[]: 0 0 0 0 0 [ 2205.517571] Node 0 DMA: 14*4kB (UME) 54*8kB (UM) 16*16kB (ME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10344kB [ 2205.591736] Node 0 DMA32: 483*4kB (UME) 258*8kB (UME) 113*16kB (UME) 28*32kB (UM) 8*64kB (UM) 26*128kB (M) 39*256kB (UM) 18*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 30764kB [ 2205.665118] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2205.691441] Node 1 Normal: 371*4kB (UME) 397*8kB (UME) 149*16kB (UME) 1229*32kB (UME) 126*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 54436kB [ 2205.766593] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2205.775499] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2205.826280] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2205.853908] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2205.862504] 8242 total pagecache pages [ 2205.934024] 0 pages in swap cache [ 2205.983729] Swap cache stats: add 0, delete 0, find 0/0 [ 2206.037030] Free swap = 0kB [ 2206.063811] Total swap = 0kB [ 2206.089705] 1965979 pages RAM [ 2206.134437] 0 pages HighMem/MovableOnly [ 2206.180803] 338455 pages reserved [ 2206.221238] 0 pages cma reserved [ 2206.260002] Out of memory: Kill process 3617 (syz-executor.0) score 1007 or sacrifice child [ 2206.309289] Killed process 3617 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2206.439258] oom_reaper: reaped process 3617 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 21:32:08 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0xffffffffffffff09, 0x6, 0x0, 0x0, 0x1, 0x800, 0x0, 0xfffffffffffffffe, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$IPSET_CMD_DEL(r4, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c0100000a06000800000000000000000c0000090900020073797a31000000002400078005000300070000000900130073797a30000000000c001b40000000000000000620000880100007800c001b4000000000000000000c00078008001c4000000000780008800c0007800800094000000006100007800c00148008000140ac0000000000000000000940000000451800078014001700657468315f766972745f776966690018000780140017006272696467655f736c6176655f3000000c0007800800084000000054100007800c01900008800c00078006001d40000500000c0007800800094029a15679100007800c001b40ff000000000000080c0007800800094000000003100007800c0019400000000000000001100007800c001940000000f900000003180007801400170063616966300000000000000000001000100007800900120073797a3200000000100007800a001100bbbbbbbbbbbb00009f3a665e423883a97ba92383bee1d343ae84f70e1cf32c8a665d8d866e5c9b6fb8c8144ccc871b55d3fa973b757d60bd218fcb66b3d9224542dafc6d69d18602408d4654f8e978cbe98bd522597078ac13a19cbe720000000000000000"], 0x16c}, 0x1, 0x0, 0x0, 0x44000}, 0x14000840) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:08 executing program 1: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2206.507934] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f00000000c0)={0x0, r3}) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:08 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xbf, 0x6cfb, 0x8, 0xffff, 0x6, 0x1000, 0x4, 0x100000001, 0x5, 0x2, 0x2, 0x3, 0x4, 0xffff, 0x1000, 0x1c000000000000], 0x100000, 0x22500}) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) ioctl$RTC_IRQP_READ(r3, 0x8008700b, &(0x7f0000000000)) [ 2206.641869] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2207.980666] IPVS: ftp: loaded support on port[0] = 21 21:32:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:10 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:10 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0xffffffffffffff09, 0x6, 0x0, 0x0, 0x1, 0x800, 0x0, 0xfffffffffffffffe, 0x0, 0x1}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$IPSET_CMD_DEL(r4, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c0100000a06000800000000000000000c0000090900020073797a31000000002400078005000300070000000900130073797a30000000000c001b40000000000000000620000880100007800c001b4000000000000000000c00078008001c4000000000780008800c0007800800094000000006100007800c00148008000140ac0000000000000000000940000000451800078014001700657468315f766972745f776966690018000780140017006272696467655f736c6176655f3000000c0007800800084000000054100007800c01900008800c00078006001d40000500000c0007800800094029a15679100007800c001b40ff000000000000080c0007800800094000000003100007800c0019400000000000000001100007800c001940000000f900000003180007801400170063616966300000000000000000001000100007800900120073797a3200000000100007800a001100bbbbbbbbbbbb00009f3a665e423883a97ba92383bee1d343ae84f70e1cf32c8a665d8d866e5c9b6fb8c8144ccc871b55d3fa973b757d60bd218fcb66b3d9224542dafc6d69d18602408d4654f8e978cbe98bd522597078ac13a19cbe720000000000000000"], 0x16c}, 0x1, 0x0, 0x0, 0x44000}, 0x14000840) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:10 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x10, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() tkill(r3, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$IP6T_SO_GET_REVISION_TARGET(r2, 0x29, 0x45, &(0x7f00000000c0)={'IDLETIMER\x00'}, &(0x7f0000000100)=0x1e) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) open(&(0x7f0000000000)='./file0\x00', 0x20100, 0x2) 21:32:10 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000), 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x200000000000, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = socket(0x1a, 0xa, 0x5a0bb72) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000000), &(0x7f00000000c0)=0x4) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:10 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2208.290142] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2208.549776] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:11 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:11 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:11 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x521200, 0x0) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:11 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_ROPEN(r3, &(0x7f0000000100)={0x18, 0x71, 0x1, {{0x4, 0x3, 0x7}, 0x1}}, 0x18) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) ioctl$EVIOCGRAB(r5, 0x40044590, &(0x7f00000000c0)=0xfffffffc) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2209.227302] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2209.529559] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2210.379570] systemd-udevd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=-1000 [ 2210.558835] systemd-udevd cpuset=/ mems_allowed=0-1 [ 2210.644961] CPU: 1 PID: 9865 Comm: systemd-udevd Not tainted 4.14.182-syzkaller #0 [ 2210.652700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2210.662040] Call Trace: [ 2210.664633] dump_stack+0x1b2/0x283 [ 2210.668242] dump_header+0x178/0x7aa [ 2210.671932] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2210.676926] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2210.682019] ? ___ratelimit+0x2cd/0x522 [ 2210.685981] oom_kill_process.cold+0x10/0xc16 [ 2210.690453] ? lock_downgrade+0x6e0/0x6e0 [ 2210.694582] out_of_memory+0x2d5/0x10f0 [ 2210.698549] ? oom_killer_disable+0x1c0/0x1c0 [ 2210.703029] ? mutex_trylock+0x152/0x1a0 [ 2210.707068] __alloc_pages_nodemask+0x2556/0x2730 [ 2210.711914] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2210.716743] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2210.721572] ? trace_hardirqs_on+0x10/0x10 [ 2210.725803] ? cache_grow_begin+0x3f/0x410 [ 2210.730970] cache_grow_begin+0x91/0x410 [ 2210.735022] fallback_alloc+0x205/0x2b0 [ 2210.738975] kmem_cache_alloc+0x1e5/0x3c0 [ 2210.743108] getname_flags+0xc8/0x550 [ 2210.746887] do_sys_open+0x202/0x3e0 [ 2210.750579] ? filp_open+0x60/0x60 [ 2210.754112] ? do_syscall_64+0x4c/0x640 [ 2210.758063] ? do_sys_open+0x3e0/0x3e0 [ 2210.761927] do_syscall_64+0x1d5/0x640 [ 2210.765804] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2210.771022] RIP: 0033:0x7faa40683840 [ 2210.774712] RSP: 002b:00007ffeed20e298 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 2210.782414] RAX: ffffffffffffffda RBX: 0000560141c053e8 RCX: 00007faa40683840 [ 2210.789670] RDX: 0000000000000000 RSI: 0000000000080101 RDI: 0000560141c053e8 [ 2210.796918] RBP: 000056014306ea78 R08: 0000000000000020 R09: 0000000000000018 [ 2210.804164] R10: 00007faa403bd2aa R11: 0000000000000246 R12: 0000560141c053e6 [ 2210.811409] R13: 0000000000000000 R14: 0000000000000003 R15: 000000000000000e [ 2211.052467] Mem-Info: [ 2211.055996] active_anon:1234589 inactive_anon:6146 isolated_anon:0 [ 2211.055996] active_file:197 inactive_file:150 isolated_file:15 [ 2211.055996] unevictable:1839 dirty:11 writeback:1 unstable:0 [ 2211.055996] slab_reclaimable:18706 slab_unreclaimable:172508 [ 2211.055996] mapped:54093 shmem:7883 pagetables:44036 bounce:0 [ 2211.055996] free:24900 free_pcp:245 free_cma:0 [ 2211.096512] Node 0 active_anon:1727752kB inactive_anon:16152kB active_file:520kB inactive_file:320kB unevictable:1032kB isolated(anon):0kB isolated(file):52kB mapped:210700kB dirty:32kB writeback:0kB shmem:23096kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2211.177529] Node 1 active_anon:3210604kB inactive_anon:8432kB active_file:136kB inactive_file:156kB unevictable:6324kB isolated(anon):0kB isolated(file):8kB mapped:5272kB dirty:12kB writeback:4kB shmem:8436kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2211.210168] Node 0 DMA free:10344kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2211.242162] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2211.263137] Node 0 DMA32 free:36184kB min:36296kB low:45368kB high:54440kB active_anon:1726244kB inactive_anon:16152kB active_file:288kB inactive_file:216kB unevictable:1032kB writepending:32kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14304kB pagetables:37232kB bounce:0kB free_pcp:716kB local_pcp:380kB free_cma:0kB [ 2211.309028] lowmem_reserve[]: 0 0 0 0 0 [ 2211.313305] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2211.339382] lowmem_reserve[]: 0 0 0 0 0 [ 2211.344002] Node 1 Normal free:54108kB min:53592kB low:66988kB high:80384kB active_anon:3211108kB inactive_anon:8432kB active_file:76kB inactive_file:572kB unevictable:6324kB writepending:16kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60064kB pagetables:138820kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 2211.375161] lowmem_reserve[]: 0 0 0 0 0 [ 2211.379804] Node 0 DMA: 14*4kB (UME) 54*8kB (UM) 16*16kB (ME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10344kB [ 2211.405138] Node 0 DMA32: 525*4kB (UE) 406*8kB (UME) 181*16kB (UME) 57*32kB (UM) 32*64kB (UM) 32*128kB (UM) 38*256kB (M) 18*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 36180kB [ 2211.440618] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2211.452721] Node 1 Normal: 689*4kB (UME) 188*8kB (UMEH) 214*16kB (UMEH) 1241*32kB (UME) 95*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53476kB [ 2211.483407] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2211.492466] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2211.507131] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2211.516748] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2211.526234] 8276 total pagecache pages [ 2211.530170] 0 pages in swap cache [ 2211.533699] Swap cache stats: add 0, delete 0, find 0/0 [ 2211.539099] Free swap = 0kB [ 2211.542149] Total swap = 0kB [ 2211.556173] 1965979 pages RAM [ 2211.559302] 0 pages HighMem/MovableOnly [ 2211.566117] 338455 pages reserved [ 2211.569559] 0 pages cma reserved [ 2211.572962] Out of memory: Kill process 9765 (syz-executor.5) score 1007 or sacrifice child [ 2211.581546] Killed process 9765 (syz-executor.5) total-vm:75896kB, anon-rss:16612kB, file-rss:35820kB, shmem-rss:0kB [ 2211.644159] oom_reaper: reaped process 9765 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 21:32:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080), 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:13 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:14 executing program 1: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2212.424958] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080), 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x10000001, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendto$llc(0xffffffffffffffff, &(0x7f0000000380)="e2329becf789f0427a7b0104259f099f61777b9485cef97086ac995415114ff899e48095b239601e7ed710af545060f0fdd875f4fe82ceec6f10d2a037f236f34e9bec05826ed80111051a63ef36829b26c2f1894cfff1b4106f8cd30d51b24ca9588a76b61b184fca236feb20d4de4124d71831727c8fba686b8a54f225c9af1f8dd5f0fc02e9c9ab3967", 0x8b, 0x20000000, &(0x7f00000000c0)={0x1a, 0x30b, 0xe0, 0x1, 0xf6, 0x2, @remote}, 0x10) [ 2212.698605] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2213.404117] syz-executor.0 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2213.528443] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 2213.557229] CPU: 0 PID: 9895 Comm: syz-executor.0 Not tainted 4.14.182-syzkaller #0 [ 2213.565046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2213.574486] Call Trace: [ 2213.577075] dump_stack+0x1b2/0x283 [ 2213.580704] dump_header+0x178/0x7aa [ 2213.584416] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2213.589432] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2213.594540] ? ___ratelimit+0x2cd/0x522 [ 2213.598529] oom_kill_process.cold+0x10/0xc16 [ 2213.603032] ? lock_downgrade+0x6e0/0x6e0 [ 2213.607181] out_of_memory+0x2d5/0x10f0 [ 2213.611154] ? oom_killer_disable+0x1c0/0x1c0 [ 2213.615678] ? mutex_trylock+0x152/0x1a0 [ 2213.619746] __alloc_pages_nodemask+0x2556/0x2730 [ 2213.624604] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2213.629457] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2213.634480] ? kmem_cache_alloc_node+0x387/0x400 [ 2213.639238] copy_process.part.0+0x26a/0x6fa0 [ 2213.643739] ? do_raw_spin_unlock+0x164/0x250 [ 2213.648244] ? _raw_spin_unlock+0x29/0x40 [ 2213.652410] ? do_anonymous_page+0x62d/0x17d0 [ 2213.656912] ? finish_fault+0x290/0x290 [ 2213.660890] ? trace_hardirqs_on+0x10/0x10 [ 2213.665134] ? __cleanup_sighand+0x40/0x40 [ 2213.669376] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 2213.674140] _do_fork+0x180/0xc80 [ 2213.677597] ? fork_idle+0x270/0x270 [ 2213.681309] ? up_read+0x17/0x30 [ 2213.684671] ? __do_page_fault+0x19a/0xb50 [ 2213.688902] ? do_syscall_64+0x4c/0x640 [ 2213.692872] ? sys_vfork+0x20/0x20 [ 2213.696409] do_syscall_64+0x1d5/0x640 [ 2213.700297] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2213.705487] RIP: 0033:0x45f439 [ 2213.708666] RSP: 002b:00007fff62042ec8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2213.716367] RAX: ffffffffffffffda RBX: 00007f5bae106700 RCX: 000000000045f439 [ 2213.723631] RDX: 00007f5bae1069d0 RSI: 00007f5bae105db0 RDI: 00000000003d0f00 [ 2213.730900] RBP: 00007fff620430f0 R08: 00007f5bae106700 R09: 00007f5bae106700 [ 2213.739034] R10: 00007f5bae1069d0 R11: 0000000000000202 R12: 0000000000000000 [ 2213.746298] R13: 00007fff62042f7f R14: 00007f5bae1069c0 R15: 000000000078bf0c 21:32:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080), 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2213.860056] Mem-Info: [ 2213.867336] active_anon:1231422 inactive_anon:6144 isolated_anon:0 [ 2213.867336] active_file:962 inactive_file:1475 isolated_file:21 [ 2213.867336] unevictable:1839 dirty:28 writeback:0 unstable:0 [ 2213.867336] slab_reclaimable:18719 slab_unreclaimable:172013 [ 2213.867336] mapped:55527 shmem:7882 pagetables:43975 bounce:0 [ 2213.867336] free:26612 free_pcp:275 free_cma:0 [ 2214.222569] Node 0 active_anon:1730596kB inactive_anon:16156kB active_file:3212kB inactive_file:3356kB unevictable:1032kB isolated(anon):0kB isolated(file):84kB mapped:215504kB dirty:92kB writeback:0kB shmem:23100kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2214.458448] Node 1 active_anon:3213792kB inactive_anon:8420kB active_file:1052kB inactive_file:1136kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:7004kB dirty:20kB writeback:0kB shmem:8428kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2214.643143] Node 0 DMA free:10344kB min:220kB low:272kB high:324kB active_anon:1508kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 21:32:16 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0)="71e34531288d03157831ff987219fc91bc7500a5b593797e407fe3b6911b46b5e7ba76b2d0fd335506bb2660c51f42eeb234317eb60f60972a192d2339b8058451b6f8e52ecbe0a04c9fc80eef91b5e9581c8ed14d94b772b6002595560a34dc043836e660b67983cf5d4e08ab", 0x6d, 0x0, &(0x7f0000000180)={0xa, 0x4e24, 0x8, @mcast2, 0x7}, 0x1c) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x35, 0x0, 0x3, 0x0, 0x8, 0x0, 0x80000001, 0x4}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2214.742891] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2214.936797] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2214.976106] Node 0 DMA32 free:36220kB min:36296kB low:45368kB high:54440kB active_anon:1720776kB inactive_anon:16156kB active_file:2624kB inactive_file:2540kB unevictable:1032kB writepending:108kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14304kB pagetables:37272kB bounce:0kB free_pcp:1340kB local_pcp:712kB free_cma:0kB [ 2215.187818] lowmem_reserve[]: 0 0 0 0 0 21:32:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2215.217324] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2215.444868] lowmem_reserve[]: 0 0 0 0 0 [ 2215.525173] Node 1 Normal free:53708kB min:53592kB low:66988kB high:80384kB active_anon:3210468kB inactive_anon:8424kB active_file:860kB inactive_file:1872kB unevictable:6324kB writepending:84kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59936kB pagetables:138648kB bounce:0kB free_pcp:460kB local_pcp:120kB free_cma:0kB [ 2215.868000] lowmem_reserve[]: 0 0 0 0 0 [ 2215.894280] Node 0 DMA: 14*4kB (UME) 54*8kB (UM) 16*16kB (ME) 8*32kB (ME) 6*64kB (UM) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10344kB [ 2216.017241] Node 0 DMA32: 858*4kB (UME) 259*8kB (UME) 71*16kB (UME) 2*32kB (U) 4*64kB (UM) 27*128kB (UM) 38*256kB (M) 18*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 30384kB [ 2216.152409] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2216.181039] Node 1 Normal: 824*4kB (UME) 240*8kB (UMEH) 127*16kB (UMEH) 1109*32kB (UME) 102*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 49264kB [ 2216.273863] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2216.288209] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2216.370077] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2216.449218] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2216.503443] 8548 total pagecache pages [ 2216.524536] 0 pages in swap cache [ 2216.544271] Swap cache stats: add 0, delete 0, find 0/0 [ 2216.572551] Free swap = 0kB [ 2216.591670] Total swap = 0kB [ 2216.631406] 1965979 pages RAM [ 2216.705530] 0 pages HighMem/MovableOnly [ 2216.782419] 338455 pages reserved [ 2216.805785] 0 pages cma reserved [ 2216.824120] Out of memory: Kill process 4046 (syz-executor.0) score 1007 or sacrifice child [ 2216.852234] Killed process 4046 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB 21:32:18 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_IP_TARGET={0x4}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x3}]}}}]}, 0x40}}, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000000c0)=0x8004) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2217.729796] IPVS: ftp: loaded support on port[0] = 21 21:32:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2218.152818] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:20 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000100)}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x1, 0x0, 0x848, 0x5ca0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={&(0x7f00000001c0), 0x7}, 0x10060, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xe, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x0, 0x0) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x20, &(0x7f000000a000)) 21:32:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2218.721143] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2218.790873] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:20 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:20 executing program 3: sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000001180)={0xccc, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@WGDEVICE_A_PEERS={0xcb8, 0x8, 0x0, 0x1, [{0x154, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x6}, @WGPEER_A_ALLOWEDIPS={0x138, 0x9, 0x0, 0x1, [{0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, [], 0x2}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}]}]}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x20, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @multicast2}}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x424, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @empty}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e24, 0x2b, @dev={0xfe, 0x80, [], 0x40}, 0xff}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g='\xd1s(\x99\xf6\x11\xcd\x89\x94\x03M\x7fA=\xc9Wc\x0eT\x93\xc2\x85\xac\xa4\x00e\xcbc\x11\xbeik'}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "7669ddadf3a979960d3a258d451b4b8f8628f72287295f22a81a530fb2c37779"}, @WGPEER_A_ALLOWEDIPS={0x344, 0x9, 0x0, 0x1, [{0xdc, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x2a}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x34}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x30}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, [], 0x1}}, {0x5}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, [], 0x1}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @broadcast}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3b}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0xff}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g='\xf4M\xa3g\xa8\x8e\xe6VO\x02\x02\x11Eg\'\b/\\\xeb\xee\x8b\x1b\xf5\xebs74\x1bE\x9b9\"'}]}, {0x38, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g='\xd1s(\x99\xf6\x11\xcd\x89\x94\x03M\x7fA=\xc9Wc\x0eT\x93\xc2\x85\xac\xa4\x00e\xcbc\x11\xbeik'}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xc34}]}, {0x60c, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "ea4c07c4877fefeaa6bc4f58367ace4ff372c11b94d59b12189c062bca25473a"}, @WGPEER_A_ALLOWEDIPS={0x1cc, 0x9, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @local}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0xe8, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x1}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, [], 0x1}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x7}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}]}]}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x410, 0x9, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @rand_addr=0x64010102}}, {0x5, 0x3, 0x1}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2a}}, {0x5, 0x3, 0x3}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x40}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, [], 0x1}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, [], 0x1}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @rand_addr=0x64010100}}, {0x5, 0x3, 0x2}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x27}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0xd}}, {0x5, 0x3, 0x1}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x21}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}]}]}]}, {0xd8, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg='\xdb\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "bc7cf80d3387038e4bb6a7bcc8dc72200fbf09cd82bb41492c7c9f2962249f81"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @private=0xa010102}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x4}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x9, @ipv4={[], [], @rand_addr=0x64010100}, 0x20}}]}]}]}, 0xccc}, 0x1, 0x0, 0x0, 0x20}, 0x8002) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100027bd7000fedbdf25010000e2130002007767320000000000000000000000000008000700c80900006b473b004e6b36896529147e1631ac4ba77622c72e9a75b8d1821ca128ee08b42fbc6a5f66a6e3b3b66a61ca1b97895775cca8330c4f4839fc1295f5cbeb4c120e1c7d0af55f3732b9f3fa31d2b53dd67f0951a6681993887700e990307fe8a5c4a482776de2ed09cc36e6c435b5db549101d9275c0c39fd616bfe73272f3ce1c69fb0243acbf2b24fe817523509036b7b741264d697647992df97cf36806f8aabbc83d14768cd1e7b3b139adb04f6ce03a0f4a6cee7b7f15c2f0ffdfee8f946eb14a08e4ce798fd"], 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) ioctl$VT_OPENQRY(r3, 0x5600, &(0x7f0000000000)) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:32:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2219.118284] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2220.025242] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2220.539220] IPVS: ftp: loaded support on port[0] = 21 21:32:22 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0xe86, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x1, 0x8001}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:32:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:23 executing program 0: sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000001180)={0xccc, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@WGDEVICE_A_PEERS={0xcb8, 0x8, 0x0, 0x1, [{0x154, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x6}, @WGPEER_A_ALLOWEDIPS={0x138, 0x9, 0x0, 0x1, [{0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, [], 0x2}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}]}]}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x20, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @multicast2}}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x424, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @empty}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e24, 0x2b, @dev={0xfe, 0x80, [], 0x40}, 0xff}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g='\xd1s(\x99\xf6\x11\xcd\x89\x94\x03M\x7fA=\xc9Wc\x0eT\x93\xc2\x85\xac\xa4\x00e\xcbc\x11\xbeik'}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "7669ddadf3a979960d3a258d451b4b8f8628f72287295f22a81a530fb2c37779"}, @WGPEER_A_ALLOWEDIPS={0x344, 0x9, 0x0, 0x1, [{0xdc, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x2a}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x34}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x30}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, [], 0x1}}, {0x5}}]}, {0x10c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, [], 0x1}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @broadcast}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3b}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0xff}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g='\xf4M\xa3g\xa8\x8e\xe6VO\x02\x02\x11Eg\'\b/\\\xeb\xee\x8b\x1b\xf5\xebs74\x1bE\x9b9\"'}]}, {0x38, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g='\xd1s(\x99\xf6\x11\xcd\x89\x94\x03M\x7fA=\xc9Wc\x0eT\x93\xc2\x85\xac\xa4\x00e\xcbc\x11\xbeik'}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xc34}]}, {0x60c, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "ea4c07c4877fefeaa6bc4f58367ace4ff372c11b94d59b12189c062bca25473a"}, @WGPEER_A_ALLOWEDIPS={0x1cc, 0x9, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @local}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0xe8, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x5, 0x3, 0x1}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, [], 0x1}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x7}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}]}]}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x410, 0x9, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @rand_addr=0x64010102}}, {0x5, 0x3, 0x1}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2a}}, {0x5, 0x3, 0x3}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x40}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, [], 0x1}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, [], 0x1}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @rand_addr=0x64010100}}, {0x5, 0x3, 0x2}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x27}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0xd}}, {0x5, 0x3, 0x1}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x21}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}]}]}]}, {0xd8, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x3}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg='\xdb\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "bc7cf80d3387038e4bb6a7bcc8dc72200fbf09cd82bb41492c7c9f2962249f81"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @private=0xa010102}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x4}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x9, @ipv4={[], [], @rand_addr=0x64010100}, 0x20}}]}]}]}, 0xccc}, 0x1, 0x0, 0x0, 0x20}, 0x8002) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="100027bd7000fedbdf25010000e2130002007767320000000000000000000000000008000700c80900006b473b004e6b36896529147e1631ac4ba77622c72e9a75b8d1821ca128ee08b42fbc6a5f66a6e3b3b66a61ca1b97895775cca8330c4f4839fc1295f5cbeb4c120e1c7d0af55f3732b9f3fa31d2b53dd67f0951a6681993887700e990307fe8a5c4a482776de2ed09cc36e6c435b5db549101d9275c0c39fd616bfe73272f3ce1c69fb0243acbf2b24fe817523509036b7b741264d697647992df97cf36806f8aabbc83d14768cd1e7b3b139adb04f6ce03a0f4a6cee7b7f15c2f0ffdfee8f946eb14a08e4ce798fd"], 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) ioctl$VT_OPENQRY(r3, 0x5600, &(0x7f0000000000)) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:32:24 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bond={{0x9, 0x1, 'bond\x00'}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_IP_TARGET={0x4}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x3}]}}}]}, 0x40}}, 0x0) vmsplice(r4, &(0x7f0000000140)=[{&(0x7f0000000380)="45ef1ab8f0c8a0d626cffd396d468ba5429b6821088923fffed31b48c9ea346301719f0823981bf186e7083d176258fba6b026f425190700e04dd320b34c3bd0db54fe64d37c57ce68945d89ad4ec0facc10074df38288333b03df42071b3d2f38a7cfcab926138a910c1a2143ed2ad8e902f9deee851bc5f525f9920607241412eda29713f8e833f58d821d5b8affbfe1db67b3b8cabea2af9dd6df38a75fea4a5c8229c25a89c2d472e58e9df740b046808b3c1b9521594ba4032a69a4ad27c133b832c1289b51807843568f157ca66dcaf90bd7c4060d8191ba1ae87f05a61d71c6cfd5a496fdc8f405093c17cb6bcd08f18912c20343273c08b622af16ac9d5f775f39ff46112729ef8c245b1a92672219b426cd69e1e4d5b69927f422c120d18b162e851830d3980ba32960e615be7fa8aa002f30e2c87b9bc770ef0559922769e5b22c475393867a106a673e4f12a29b410da92092c0a1eb2b4cc8db5f248f9004000000a77b1336cd944b17f966d019949848663cb5230d097d8824c903d4a091649e63a6462ea399c850c2b4715213", 0xfffffffffffffe81}], 0x67, 0x2) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x34c040, &(0x7f000000a000)) [ 2223.594261] systemd-udevd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2223.737597] systemd-udevd cpuset=/ mems_allowed=0-1 [ 2223.762014] CPU: 1 PID: 9939 Comm: systemd-udevd Not tainted 4.14.182-syzkaller #0 [ 2223.769750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2223.779098] Call Trace: [ 2223.781691] dump_stack+0x1b2/0x283 [ 2223.785319] dump_header+0x178/0x7aa [ 2223.789033] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2223.794047] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2223.799143] ? ___ratelimit+0x2cd/0x522 [ 2223.803117] oom_kill_process.cold+0x10/0xc16 [ 2223.807608] ? lock_downgrade+0x6e0/0x6e0 [ 2223.811787] out_of_memory+0x2d5/0x10f0 [ 2223.815775] ? oom_killer_disable+0x1c0/0x1c0 [ 2223.820262] ? mutex_trylock+0x152/0x1a0 [ 2223.824496] __alloc_pages_nodemask+0x2556/0x2730 [ 2223.830739] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2223.835576] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2223.840415] ? trace_hardirqs_on+0x10/0x10 [ 2223.844654] ? cache_grow_begin+0x3f/0x410 [ 2223.848886] cache_grow_begin+0x91/0x410 [ 2223.852943] fallback_alloc+0x205/0x2b0 [ 2223.856915] kmem_cache_alloc+0x1e5/0x3c0 [ 2223.861056] getname_flags+0xc8/0x550 [ 2223.864854] user_path_at_empty+0x2a/0x50 [ 2223.868995] vfs_statx+0xd1/0x160 [ 2223.872441] ? vfs_statx_fd+0x90/0x90 [ 2223.876320] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 2223.881069] SyS_newstat+0x83/0xe0 [ 2223.884601] ? SyS_fstat+0xd0/0xd0 [ 2223.888141] ? __secure_computing+0xe5/0x3e0 [ 2223.892547] ? syscall_trace_enter+0x486/0xc20 [ 2223.897125] ? syscall_slow_exit_work+0x560/0x560 [ 2223.901960] ? do_syscall_64+0x4c/0x640 [ 2223.905926] ? SyS_fstat+0xd0/0xd0 [ 2223.909460] do_syscall_64+0x1d5/0x640 [ 2223.913347] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2223.918527] RIP: 0033:0x7faa403af295 [ 2223.922229] RSP: 002b:00007ffeed20e0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 2223.930882] RAX: ffffffffffffffda RBX: 0000000000000124 RCX: 00007faa403af295 [ 2223.938142] RDX: 00007ffeed20e0e0 RSI: 00007ffeed20e0e0 RDI: 00007ffeed20e190 [ 2223.945409] RBP: 00007ffeed20e210 R08: 000000000000c0c0 R09: 0000000000000000 [ 2223.952669] R10: 00007ffeed20e240 R11: 0000000000000246 R12: 00007ffeed20e240 [ 2223.959929] R13: 00007ffeed20e240 R14: 0000560143131d70 R15: 000000000000000e [ 2224.196723] Mem-Info: [ 2224.199302] active_anon:1235780 inactive_anon:6145 isolated_anon:0 [ 2224.199302] active_file:62 inactive_file:50 isolated_file:13 [ 2224.199302] unevictable:1839 dirty:0 writeback:0 unstable:0 [ 2224.199302] slab_reclaimable:18779 slab_unreclaimable:171438 [ 2224.199302] mapped:53873 shmem:7882 pagetables:44107 bounce:0 [ 2224.199302] free:24945 free_pcp:143 free_cma:0 [ 2224.240318] Node 0 active_anon:1725936kB inactive_anon:16160kB active_file:84kB inactive_file:104kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210056kB dirty:0kB writeback:0kB shmem:23104kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2224.359127] Node 1 active_anon:3217184kB inactive_anon:8420kB active_file:56kB inactive_file:0kB unevictable:6324kB isolated(anon):0kB isolated(file):52kB mapped:5236kB dirty:0kB writeback:0kB shmem:8424kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2224.391071] Node 0 DMA free:10340kB min:220kB low:272kB high:324kB active_anon:1476kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2224.431236] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2224.449729] Node 0 DMA32 free:36288kB min:36296kB low:45368kB high:54440kB active_anon:1724460kB inactive_anon:16160kB active_file:84kB inactive_file:104kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14272kB pagetables:37584kB bounce:0kB free_pcp:164kB local_pcp:40kB free_cma:0kB [ 2224.500010] lowmem_reserve[]: 0 0 0 0 0 [ 2224.508207] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2224.538811] lowmem_reserve[]: 0 0 0 0 0 [ 2224.549624] Node 1 Normal free:53280kB min:53592kB low:66988kB high:80384kB active_anon:3216888kB inactive_anon:8420kB active_file:172kB inactive_file:144kB unevictable:6324kB writepending:0kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60064kB pagetables:138752kB bounce:0kB free_pcp:16kB local_pcp:0kB free_cma:0kB [ 2224.587398] lowmem_reserve[]: 0 0 0 0 0 [ 2224.594494] Node 0 DMA: 13*4kB (ME) 58*8kB (UM) 16*16kB (ME) 9*32kB (UME) 5*64kB (M) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10340kB [ 2224.621481] Node 0 DMA32: 303*4kB (UME) 162*8kB (UME) 49*16kB (UME) 161*32kB (UM) 94*64kB (UM) 31*128kB (UM) 38*256kB (UM) 16*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 36348kB [ 2224.642301] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2224.657520] Node 1 Normal: 603*4kB (UME) 292*8kB (UMEH) 158*16kB (UMEH) 1082*32kB (UME) 116*64kB (UME) 28*128kB (UM) 4*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53932kB [ 2224.677388] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2224.687542] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2224.696699] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2224.759154] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2224.810608] 8215 total pagecache pages [ 2224.837146] 0 pages in swap cache [ 2224.892192] Swap cache stats: add 0, delete 0, find 0/0 [ 2224.897577] Free swap = 0kB [ 2224.900586] Total swap = 0kB [ 2224.952615] 1965979 pages RAM [ 2224.955743] 0 pages HighMem/MovableOnly [ 2224.959706] 338455 pages reserved [ 2225.038985] 0 pages cma reserved [ 2225.052214] Out of memory: Kill process 4114 (syz-executor.0) score 1007 or sacrifice child [ 2225.082255] Killed process 4114 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB 21:32:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:27 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:27 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x803, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PPPIOCSDEBUG(r4, 0x40047440, &(0x7f0000000000)=0x1b4) r5 = gettid() sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)={0x68, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x65}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="930961acc7da"}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={[], 0x26}}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x8888}, 0x40880) tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2225.442766] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2226.275851] systemd-udevd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=-1000 [ 2226.361730] systemd-udevd cpuset=/ mems_allowed=0-1 [ 2226.374693] CPU: 0 PID: 3638 Comm: systemd-udevd Not tainted 4.14.182-syzkaller #0 [ 2226.382422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2226.391865] Call Trace: [ 2226.394458] dump_stack+0x1b2/0x283 [ 2226.401724] dump_header+0x178/0x7aa [ 2226.406498] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2226.413428] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2226.418531] ? ___ratelimit+0x2cd/0x522 [ 2226.422657] oom_kill_process.cold+0x10/0xc16 [ 2226.427159] ? lock_downgrade+0x6e0/0x6e0 [ 2226.431309] out_of_memory+0x2d5/0x10f0 [ 2226.435286] ? oom_killer_disable+0x1c0/0x1c0 [ 2226.439785] ? mutex_trylock+0x152/0x1a0 [ 2226.444270] __alloc_pages_nodemask+0x2556/0x2730 [ 2226.449822] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2226.454665] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2226.459515] ? trace_hardirqs_on+0x10/0x10 [ 2226.463776] ? cache_grow_begin+0x3f/0x410 [ 2226.468014] cache_grow_begin+0x91/0x410 [ 2226.472074] fallback_alloc+0x205/0x2b0 [ 2226.476052] kmem_cache_alloc+0x1e5/0x3c0 [ 2226.480200] getname_flags+0xc8/0x550 [ 2226.484002] user_path_at_empty+0x2a/0x50 [ 2226.488145] SyS_readlinkat+0xa8/0x270 [ 2226.492032] ? SyS_newfstat+0xd0/0xd0 [ 2226.495830] ? do_syscall_64+0x4c/0x640 [ 2226.499796] ? SyS_newfstat+0xd0/0xd0 [ 2226.503601] do_syscall_64+0x1d5/0x640 [ 2226.507488] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2226.512671] RIP: 0033:0x7faa403b10ba [ 2226.516371] RSP: 002b:00007ffeed20e878 EFLAGS: 00000206 ORIG_RAX: 000000000000010b [ 2226.524072] RAX: ffffffffffffffda RBX: 000056014312fd30 RCX: 00007faa403b10ba [ 2226.531335] RDX: 000056014312fd30 RSI: 000056014313a040 RDI: 00000000ffffff9c [ 2226.538598] RBP: 0000000000000064 R08: 0000560141c05670 R09: 0000000000000070 [ 2226.545858] R10: 0000000000000063 R11: 0000000000000206 R12: 000056014313a040 [ 2226.553119] R13: 00000000ffffff9c R14: 00007ffeed20e8d0 R15: 0000000000000063 [ 2227.094535] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on 21:32:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2227.351110] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:29 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x10000005, 0x0, 0x1, 0x20b493df}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) accept$packet(r2, &(0x7f0000000000), &(0x7f00000000c0)=0x14) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f00000001c0), 0x7}, 0x4800, 0x0, 0x1, 0x0, 0x400000000000000}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) gettid() tkill(0x0, 0x3a) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x3c6d6244c91db7ae, 0x1, 0x3, 0x0, 0x0, 0x0, 0x80, 0x8}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:32:29 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:29 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f00000000c0)={{0x20, 0x200, 0x5, 0x7}, 'syz1\x00', 0x2f}) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000001, 0x8}, 0x0, 0x0, 0xfffffff9, 0x0, 0x3}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x1, 0x0, 0x5b7}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2227.785954] Mem-Info: [ 2227.799991] active_anon:1233166 inactive_anon:6145 isolated_anon:0 [ 2227.799991] active_file:558 inactive_file:627 isolated_file:39 [ 2227.799991] unevictable:1839 dirty:30 writeback:32 unstable:0 [ 2227.799991] slab_reclaimable:18821 slab_unreclaimable:171682 [ 2227.799991] mapped:54818 shmem:7882 pagetables:44148 bounce:0 [ 2227.799991] free:25625 free_pcp:554 free_cma:0 [ 2228.003861] Node 0 active_anon:1722016kB inactive_anon:16156kB active_file:552kB inactive_file:2256kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:211420kB dirty:60kB writeback:88kB shmem:23104kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2228.104490] syz-executor.2: page allocation failure: order:1, mode:0x14050c0(GFP_KERNEL|__GFP_NORETRY|__GFP_COMP), nodemask=(null) [ 2228.287025] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 2228.325232] CPU: 0 PID: 24234 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 2228.333148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2228.342506] Call Trace: [ 2228.345108] dump_stack+0x1b2/0x283 [ 2228.348743] warn_alloc.cold+0x96/0x1af [ 2228.352719] ? zone_watermark_ok_safe+0x250/0x250 [ 2228.357563] ? try_to_compact_pages+0x52a/0x770 [ 2228.362237] ? __alloc_pages_direct_compact+0xba/0x360 [ 2228.367517] __alloc_pages_nodemask+0x2129/0x2730 [ 2228.372360] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2228.377379] ? __local_bh_enable_ip+0xc1/0x160 [ 2228.381972] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2228.386812] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2228.391651] ? trace_hardirqs_on+0x10/0x10 [ 2228.395891] ? ____cache_alloc_node+0x153/0x1c0 [ 2228.400559] ? cache_grow_begin+0x3f/0x410 [ 2228.404793] cache_grow_begin+0x91/0x410 [ 2228.408853] fallback_alloc+0x205/0x2b0 [ 2228.412830] kmem_cache_alloc_node_trace+0xed/0x400 [ 2228.417852] __kmalloc_node+0x38/0x70 [ 2228.421657] kvmalloc_node+0x46/0xd0 [ 2228.425370] xt_alloc_table_info+0x6a/0xe0 [ 2228.429604] do_ip6t_set_ctl+0x1b1/0x3a3 [ 2228.434190] ? compat_do_ip6t_set_ctl+0x140/0x140 [ 2228.439071] ? nf_sockopt_find.constprop.0+0x1ad/0x220 [ 2228.444362] nf_setsockopt+0x5f/0xb0 [ 2228.448082] ipv6_setsockopt+0xfd/0x130 [ 2228.452071] tcp_setsockopt+0x7b/0xc0 [ 2228.455882] SyS_setsockopt+0x110/0x1e0 [ 2228.459867] ? SyS_recv+0x40/0x40 [ 2228.463318] ? up_read+0x17/0x30 [ 2228.466682] ? __do_page_fault+0x19a/0xb50 [ 2228.470917] ? do_syscall_64+0x4c/0x640 [ 2228.474894] ? SyS_recv+0x40/0x40 [ 2228.478348] do_syscall_64+0x1d5/0x640 [ 2228.482242] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2228.487433] RIP: 0033:0x45f59a [ 2228.490618] RSP: 002b:00007ffe327489d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 2228.498353] RAX: ffffffffffffffda RBX: 00007ffe32748a00 RCX: 000000000045f59a [ 2228.506054] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 2228.513328] RBP: 000000000073fca0 R08: 0000000000000558 R09: 0000000000004000 [ 2228.520597] R10: 000000000073e8c0 R11: 0000000000000206 R12: 0000000000000003 [ 2228.527867] R13: 0000000000000000 R14: 0000000000000029 R15: 000000000073e860 [ 2228.574982] Node 1 active_anon:3216888kB inactive_anon:8424kB active_file:196kB inactive_file:284kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5600kB dirty:16kB writeback:32kB shmem:8424kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2228.629124] Node 0 DMA free:10352kB min:220kB low:272kB high:324kB active_anon:1448kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2228.679025] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2228.688648] Node 0 DMA32 free:28392kB min:36296kB low:45368kB high:54440kB active_anon:1729768kB inactive_anon:16156kB active_file:652kB inactive_file:636kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14400kB pagetables:37668kB bounce:0kB free_pcp:476kB local_pcp:0kB free_cma:0kB [ 2228.727992] lowmem_reserve[]: 0 0 0 0 0 [ 2228.746394] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2228.824820] lowmem_reserve[]: 0 0 0 0 0 [ 2228.987814] Node 1 Normal free:52024kB min:53592kB low:66988kB high:80384kB active_anon:3217068kB inactive_anon:8428kB active_file:88kB inactive_file:88kB unevictable:6324kB writepending:36kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60448kB pagetables:139044kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2229.309826] lowmem_reserve[]: 0 0 0 0 0 [ 2229.365693] Node 0 DMA: 18*4kB (ME) 59*8kB (UM) 17*16kB (UME) 8*32kB (ME) 5*64kB (M) 2*128kB (UM) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10352kB [ 2229.545549] Node 0 DMA32: 482*4kB (UME) 248*8kB (UME) 33*16kB (UME) 8*32kB (UM) 50*64kB (UM) 31*128kB (UM) 38*256kB (UM) 16*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 29784kB [ 2229.743880] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2229.859026] Node 1 Normal: 1163*4kB (UME) 303*8kB (UMEH) 94*16kB (MEH) 994*32kB (UME) 127*64kB (ME) 27*128kB (UM) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 52228kB [ 2229.956457] Mem-Info: [ 2229.991855] active_anon:1237075 inactive_anon:6146 isolated_anon:0 [ 2229.991855] active_file:13 inactive_file:23 isolated_file:0 [ 2229.991855] unevictable:1839 dirty:0 writeback:0 unstable:0 [ 2229.991855] slab_reclaimable:18853 slab_unreclaimable:172031 [ 2229.991855] mapped:53810 shmem:7882 pagetables:44215 bounce:0 [ 2229.991855] free:23073 free_pcp:3 free_cma:0 [ 2230.071050] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2230.168997] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2230.247990] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2230.337276] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2230.397446] Node 0 active_anon:1731232kB inactive_anon:16156kB active_file:16kB inactive_file:48kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209932kB dirty:0kB writeback:0kB shmem:23100kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2230.453743] 8187 total pagecache pages [ 2230.500217] 0 pages in swap cache [ 2230.540513] Swap cache stats: add 0, delete 0, find 0/0 [ 2230.596731] Free swap = 0kB [ 2230.611778] Total swap = 0kB [ 2230.614937] 1965979 pages RAM [ 2230.618149] 0 pages HighMem/MovableOnly [ 2230.620042] Node 1 active_anon:3217068kB inactive_anon:8428kB active_file:120kB inactive_file:0kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5308kB dirty:0kB writeback:0kB shmem:8428kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2230.712116] 338455 pages reserved [ 2230.715820] 0 pages cma reserved [ 2230.765155] Out of memory: Kill process 4360 (syz-executor.0) score 1007 or sacrifice child [ 2230.872169] Killed process 4360 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2231.035756] Node 0 DMA free:10352kB min:220kB low:272kB high:324kB active_anon:1448kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2231.236091] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2231.248387] Node 0 DMA32 free:36292kB min:36296kB low:45368kB high:54440kB active_anon:1720584kB inactive_anon:16156kB active_file:900kB inactive_file:1204kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14272kB pagetables:37576kB bounce:0kB free_pcp:924kB local_pcp:268kB free_cma:0kB [ 2231.303037] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:33 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x4, 0x5}, @qdisc_kind_options=@q_dsmark={{0xb, 0x1, 'dsmark\x00'}, {0xc, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x10}]}}]}, 0x40}}, 0x0) sendmsg$NL80211_CMD_GET_SCAN(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x0, 0x100, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0xffffffffffffffff}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x44000) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2231.588205] lowmem_reserve[]: 0 0 0 0 0 [ 2231.667077] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 21:32:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2231.755043] IPVS: ftp: loaded support on port[0] = 21 21:32:33 executing program 5: prlimit64(0x0, 0x2, &(0x7f0000000280)={0x9, 0x100000001}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0xfffffffd, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe, 0x0, 0xfffffffd}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000440)="13ca4c594110c713d7aeb5babd53c2c49b319409ffe9a2909b78290a2e4e6f3039001290f0c0ae2b6b5168d24914a5570dcd58c69543df4044aeb8a18bab2f8b1f63460f2bb8c186b772744c8b7903db1c7998955be06a3887d931c8e7a3411e927a6fa6f509f6a5afab499b5f75cebd5806ecb0d37b735c5a45149b8f97cdeaeeb29d0e0b67b0f222592e3b6320761c16a6c5e33e715500ca3319a821906f4443cf45883560d621a8a33d1e8e4c0bd11ecf3bd93ca8204b52cf5df5c9910264402e7bb95f6ed3f3e90f17816d58edc1361af9096eb20ec03812ca1d0738eece2b7ae7a31303e66c5305a40973041048dc100c1dee1f1f0e1101f1c5dc89c497c3d78a0309853f9fc83696ce2bb3688d3e54130e3e6b0ad1f4d9ac31295e7e3f151f9c3765ac7d1ba461442eeeeb9d84280f49df14a2776d345cf2dd7223c66022f33f838758b4ad6575ec096977dfad6e5a8cb42962b6686a01f9f206104fd2fcf549bb481ccebb30a4d50a92e7d1e229dfb80750a90d2ea55721eaddf4f2dfdd297bc74b97a4221cf19058acddfc0c6ec0aed5ad7e6818e3c66cb74a920c038830646c13b64f53fea6aa4b3781e36f64abfb3b724ebb859bf20b1146a9a2e5728846", 0x1c3}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x8201000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write$P9_RMKDIR(0xffffffffffffffff, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x22}}, 0x14) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2231.939136] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2231.968155] lowmem_reserve[]: 0 0 0 0 0 [ 2232.000869] Node 1 Normal free:63964kB min:53592kB low:66988kB high:80384kB active_anon:3203312kB inactive_anon:8424kB active_file:1464kB inactive_file:684kB unevictable:6324kB writepending:32kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60480kB pagetables:138916kB bounce:0kB free_pcp:1388kB local_pcp:704kB free_cma:0kB [ 2232.045544] mmap: syz-executor.5 (10175): VmData 18690048 exceed data ulimit 9. Update limits or use boot option ignore_rlimit_data. 21:32:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:34 executing program 5: kexec_load(0x9, 0x2, &(0x7f00000000c0)=[{&(0x7f0000000380)="0330face2410a72af0c13d77cc6750a5edda9e026e98d20205368f1d7895175685418e7dd0f8085be58ef4185893eda719512aa8e9b62bb77efb5e12afbf5a32f2cbb20cc57cfff2292d7bee376320e621da3b0aeec1dbda2a6f4d80944f6b8c5b1a2fa95c2b3b7adf02648c9e26602dc08a4700cce60bc9b27aa166e911e2d3bc6acc3b1ab5a7dfc94e0f508cfc0f00df5d77953d165c028d2bc733086b93e617cc6e7657f7cefc56111f0869291f9170642bc964f8776cc2b2fab47dc9b1b3433c3b74a399f9b45cacd7c96dfc63ef8e3d77362624817d7013ac2d94a7eac0fe13812e5d4f67c9b0fa9ca867fedd", 0xef, 0x1, 0x6}, {&(0x7f0000000480)="79196c6ed4c2f9f993cc22e54a64f71c4602d209860992404f881b30e1c6f92c9a7a1fecb2a3754bd0679370fc133181efee8b4c8800669cc3fbd6bdb93f75de9763ca675326b9e46e31e1d7855732659f7116952cae3797d52510d5c4dc03364b690d567132e7129f1793b3599eb2b5735706d3ee34c2d16b601ec4b97acff311a3f7a8f755076dbb705f4b2621e84eb10612662d87340099bb27b73acfef132d23f30369445cd23be9b904777ff6cdaf4f8bbc18f95b04d5d7ed36a43c57e3c6a3d8fb717fce42e3a2a5f4aadf7d38db5c6ae534b3ad35424bc47695effd17f5f498292c08c598cf", 0xe9, 0xffffffffffffff24, 0x6}], 0x2a0000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2232.188487] lowmem_reserve[]: 0 0 0 0 0 [ 2232.213940] Node 0 DMA: 22*4kB (UME) 61*8kB (UM) 19*16kB (UME) 9*32kB (UME) 6*64kB (UM) 1*128kB (M) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10384kB [ 2232.226381] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2232.477302] Node 0 DMA32: 147*4kB (UME) 157*8kB (UE) 26*16kB (UE) 9*32kB (U) 56*64kB (UM) 34*128kB (UM) 41*256kB (UM) 12*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 27124kB 21:32:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2232.700479] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2232.803850] Node 1 Normal: 669*4kB (UME) 241*8kB (UMEH) 94*16kB (UMEH) 1039*32kB (UME) 127*64kB (UME) 18*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 49788kB [ 2232.839545] syz-executor.4 invoked oom-killer: gfp_mask=0x14280ca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 2232.956957] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2233.021479] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 2233.026637] CPU: 0 PID: 10199 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0 [ 2233.034518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2233.043909] Call Trace: [ 2233.046503] dump_stack+0x1b2/0x283 [ 2233.050139] dump_header+0x178/0x7aa [ 2233.053851] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2233.058871] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2233.063980] ? ___ratelimit+0x2cd/0x522 [ 2233.067961] oom_kill_process.cold+0x10/0xc16 [ 2233.072465] ? lock_downgrade+0x6e0/0x6e0 [ 2233.076621] out_of_memory+0x2d5/0x10f0 [ 2233.080630] ? oom_killer_disable+0x1c0/0x1c0 [ 2233.085128] ? mutex_trylock+0x152/0x1a0 [ 2233.089201] __alloc_pages_nodemask+0x2556/0x2730 [ 2233.094067] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2233.099003] ? __lock_acquire+0x655/0x42a0 [ 2233.103254] ? check_preemption_disabled+0x35/0x240 [ 2233.108277] alloc_pages_vma+0xc1/0x4b0 [ 2233.112258] wp_page_copy+0x1005/0x1bc0 [ 2233.116246] ? add_mm_counter_fast.part.0+0x30/0x30 [ 2233.121266] ? finish_task_switch+0x14d/0x610 [ 2233.125776] do_wp_page+0x244/0x1dc0 [ 2233.129494] ? __handle_mm_fault+0x18e8/0x3700 [ 2233.134079] ? finish_mkwrite_fault+0x5e0/0x5e0 [ 2233.138765] __handle_mm_fault+0x1ee8/0x3700 [ 2233.143802] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 2233.148579] handle_mm_fault+0x306/0x794 [ 2233.152649] __do_page_fault+0x578/0xb50 [ 2233.156720] ? mm_fault_error+0x2c0/0x2c0 [ 2233.160875] ? do_page_fault+0x60/0x4f2 [ 2233.164850] page_fault+0x25/0x50 [ 2233.168302] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 2233.174179] RSP: 0018:ffff88820e46fb60 EFLAGS: 00010206 [ 2233.179544] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000500 [ 2233.186812] RDX: 0000000000001000 RSI: ffff8882014f4b00 RDI: 00000000200c9000 [ 2233.194080] RBP: 00000000200c8500 R08: ffffed104029ea00 R09: 0000000000000000 [ 2233.201352] R10: ffffed104029e9ff R11: ffff8882014f4fff R12: ffff8882014f4000 [ 2233.208626] R13: 00007ffffffff000 R14: 00000000200c9500 R15: ffff88820e46fde0 [ 2233.215922] copyout+0x99/0xc0 [ 2233.219125] copy_page_to_iter+0x32a/0xc90 [ 2233.223371] pipe_to_user+0xa8/0x160 [ 2233.227091] __splice_from_pipe+0x332/0x740 [ 2233.231432] ? iter_to_pipe+0x4c0/0x4c0 [ 2233.235408] vmsplice_to_user+0x197/0x1c0 [ 2233.239556] ? __splice_from_pipe+0x740/0x740 [ 2233.244083] ? __might_fault+0x104/0x1b0 [ 2233.248147] ? lock_acquire+0x170/0x3f0 [ 2233.252133] ? lock_acquire+0x170/0x3f0 [ 2233.256103] ? lock_downgrade+0x6e0/0x6e0 [ 2233.260257] ? __fget+0x226/0x360 [ 2233.263721] SyS_vmsplice+0x12a/0x150 [ 2233.267524] ? default_file_splice_write+0x80/0x80 [ 2233.272457] do_syscall_64+0x1d5/0x640 [ 2233.276354] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2233.281548] RIP: 0033:0x45ca69 [ 2233.284735] RSP: 002b:00007fe17edecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 2233.292447] RAX: ffffffffffffffda RBX: 000000000050a3c0 RCX: 000000000045ca69 [ 2233.299717] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003 [ 2233.307510] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 2233.314779] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2233.322055] R13: 0000000000000c55 R14: 00000000004cea35 R15: 00007fe17eded6d4 [ 2233.374740] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2233.494318] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2233.579504] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2233.613005] 8385 total pagecache pages [ 2233.616939] 0 pages in swap cache [ 2233.620512] Swap cache stats: add 0, delete 0, find 0/0 [ 2233.649385] Free swap = 0kB [ 2233.652506] Total swap = 0kB [ 2233.655614] 1965979 pages RAM [ 2233.659153] 0 pages HighMem/MovableOnly [ 2233.704077] 338455 pages reserved [ 2233.708067] 0 pages cma reserved [ 2233.794603] Mem-Info: [ 2233.797315] active_anon:1236172 inactive_anon:6146 isolated_anon:0 [ 2233.797315] active_file:76 inactive_file:43 isolated_file:11 [ 2233.797315] unevictable:1839 dirty:32 writeback:0 unstable:0 [ 2233.797315] slab_reclaimable:18898 slab_unreclaimable:171742 [ 2233.797315] mapped:53901 shmem:7882 pagetables:44188 bounce:0 [ 2233.797315] free:23921 free_pcp:55 free_cma:0 [ 2233.928157] Node 0 active_anon:1727444kB inactive_anon:16164kB active_file:20kB inactive_file:100kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210072kB dirty:84kB writeback:0kB shmem:23108kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 735232kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2234.321984] Node 1 active_anon:3217272kB inactive_anon:8420kB active_file:20kB inactive_file:20kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5344kB dirty:4kB writeback:0kB shmem:8420kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2234.649387] Node 0 DMA free:10352kB min:220kB low:272kB high:324kB active_anon:1388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:92kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2234.778803] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2234.821752] Node 0 DMA32 free:32600kB min:36296kB low:45368kB high:54440kB active_anon:1726056kB inactive_anon:16164kB active_file:80kB inactive_file:64kB unevictable:1032kB writepending:84kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:14496kB pagetables:37604kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2235.057350] lowmem_reserve[]: 0 0 0 0 0 [ 2235.181279] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2235.358721] lowmem_reserve[]: 0 0 0 0 0 [ 2235.365035] Node 1 Normal free:56944kB min:53592kB low:66988kB high:80384kB active_anon:3212236kB inactive_anon:8420kB active_file:524kB inactive_file:2136kB unevictable:6324kB writepending:4kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60448kB pagetables:139056kB bounce:0kB free_pcp:468kB local_pcp:4kB free_cma:0kB [ 2235.400705] lowmem_reserve[]: 0 0 0 0 0 [ 2235.421036] Node 0 DMA: 22*4kB (UME) 61*8kB (UM) 19*16kB (UME) 8*32kB (ME) 6*64kB (UM) 1*128kB (M) 2*256kB (UE) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10352kB 21:32:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:37 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0xc, 0x8d}, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$KVM_GET_SREGS(r0, 0x8138ae83, &(0x7f0000000380)) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r1, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2235.777009] Node 0 DMA32: 3380*4kB (UME) 1667*8kB (UME) 353*16kB (UME) 350*32kB (M) 130*64kB (M) 46*128kB (UM) 42*256kB (UM) 12*512kB (M) 0*1024kB 16*2048kB (M) 1*4096kB (M) = 111672kB [ 2235.842674] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:37 executing program 0: kexec_load(0x9, 0x2, &(0x7f00000000c0)=[{&(0x7f0000000380)="0330face2410a72af0c13d77cc6750a5edda9e026e98d20205368f1d7895175685418e7dd0f8085be58ef4185893eda719512aa8e9b62bb77efb5e12afbf5a32f2cbb20cc57cfff2292d7bee376320e621da3b0aeec1dbda2a6f4d80944f6b8c5b1a2fa95c2b3b7adf02648c9e26602dc08a4700cce60bc9b27aa166e911e2d3bc6acc3b1ab5a7dfc94e0f508cfc0f00df5d77953d165c028d2bc733086b93e617cc6e7657f7cefc56111f0869291f9170642bc964f8776cc2b2fab47dc9b1b3433c3b74a399f9b45cacd7c96dfc63ef8e3d77362624817d7013ac2d94a7eac0fe13812e5d4f67c9b0fa9ca867fedd", 0xef, 0x1, 0x6}, {&(0x7f0000000480)="79196c6ed4c2f9f993cc22e54a64f71c4602d209860992404f881b30e1c6f92c9a7a1fecb2a3754bd0679370fc133181efee8b4c8800669cc3fbd6bdb93f75de9763ca675326b9e46e31e1d7855732659f7116952cae3797d52510d5c4dc03364b690d567132e7129f1793b3599eb2b5735706d3ee34c2d16b601ec4b97acff311a3f7a8f755076dbb705f4b2621e84eb10612662d87340099bb27b73acfef132d23f30369445cd23be9b904777ff6cdaf4f8bbc18f95b04d5d7ed36a43c57e3c6a3d8fb717fce42e3a2a5f4aadf7d38db5c6ae534b3ad35424bc47695effd17f5f498292c08c598cf", 0xe9, 0xffffffffffffff24, 0x6}], 0x2a0000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2235.887824] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2235.932754] Node 1 Normal: 7446*4kB (UME) 5720*8kB (UMEH) 545*16kB (UMEH) 1233*32kB (UME) 138*64kB (UME) 21*128kB (UM) 2*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 135752kB [ 2236.009844] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2236.065997] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2236.098225] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2236.247214] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2236.268383] 12109 total pagecache pages [ 2236.346514] 0 pages in swap cache [ 2236.368860] Swap cache stats: add 0, delete 0, find 0/0 [ 2236.401570] Free swap = 0kB [ 2236.420670] Total swap = 0kB [ 2236.431385] 1965979 pages RAM [ 2236.440998] 0 pages HighMem/MovableOnly [ 2236.455534] 338455 pages reserved [ 2236.466835] 0 pages cma reserved [ 2236.478364] Out of memory: Kill process 4625 (syz-executor.0) score 1007 or sacrifice child [ 2236.506149] Killed process 4625 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2236.524601] IPVS: ftp: loaded support on port[0] = 21 [ 2236.886077] IPVS: ftp: loaded support on port[0] = 21 [ 2237.015297] IPVS: ftp: loaded support on port[0] = 21 [ 2237.210226] IPVS: ftp: loaded support on port[0] = 21 [ 2237.529264] IPVS: ftp: loaded support on port[0] = 21 [ 2237.816589] IPVS: ftp: loaded support on port[0] = 21 [ 2248.662364] IPVS: ftp: loaded support on port[0] = 21 [ 2249.044893] chnl_net:caif_netlink_parms(): no params data found [ 2249.398177] bridge0: port 1(bridge_slave_0) entered blocking state [ 2249.404907] bridge0: port 1(bridge_slave_0) entered disabled state [ 2249.412275] device bridge_slave_0 entered promiscuous mode [ 2249.425660] bridge0: port 2(bridge_slave_1) entered blocking state [ 2249.436825] bridge0: port 2(bridge_slave_1) entered disabled state [ 2249.447094] device bridge_slave_1 entered promiscuous mode [ 2249.496974] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2249.507973] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2249.559581] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2249.567687] team0: Port device team_slave_0 added [ 2249.574349] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2249.582029] team0: Port device team_slave_1 added [ 2249.632280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2249.638525] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2249.665590] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2249.677332] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2249.684358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2249.710601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2249.722501] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2249.732897] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2249.791956] device hsr_slave_0 entered promiscuous mode [ 2249.797704] device hsr_slave_1 entered promiscuous mode [ 2249.804311] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2249.811944] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2250.007045] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 2250.045769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2250.055786] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2250.065125] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2250.072745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2250.079809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2250.093404] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2250.099652] 8021q: adding VLAN 0 to HW filter on device team0 [ 2250.108806] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2250.116106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2250.124080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2250.132191] bridge0: port 1(bridge_slave_0) entered blocking state [ 2250.138555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2250.150145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2250.159294] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2250.166687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2250.175021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2250.183459] bridge0: port 2(bridge_slave_1) entered blocking state [ 2250.190011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2250.200857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2250.208054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2250.219454] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 2250.226955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2250.239619] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 2250.246735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2250.255741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2250.264214] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2250.275115] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 2250.282955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2250.291082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2250.305696] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 2250.313158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2250.321767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2250.332134] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 2250.338936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2250.346857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2250.358274] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2250.364449] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2250.378774] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 2250.386862] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2250.393730] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2250.401240] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2250.416146] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2250.477271] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 2250.489440] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 2250.497367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2250.506427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2250.537812] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 2250.546679] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 2250.553957] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 2250.565742] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 2250.573502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2250.581623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2250.589456] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2250.597055] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2250.609731] device veth0_vlan entered promiscuous mode [ 2250.620578] device veth1_vlan entered promiscuous mode [ 2250.627850] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 2250.639155] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 2250.663564] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 2250.673620] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 2250.682144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2250.689421] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2250.697042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2250.704996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2250.717814] device veth0_macvtap entered promiscuous mode [ 2250.723988] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 2250.733738] device veth1_macvtap entered promiscuous mode [ 2250.740790] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 2250.750041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 2250.760618] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 2250.773178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2250.783579] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2250.794109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2250.804469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2250.813863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2250.823640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2250.832902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2250.842746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2250.853270] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 2250.860582] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2250.867891] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2250.875600] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2250.883187] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2250.892038] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2250.902629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2250.912642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2250.922014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2250.932633] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2250.941845] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2250.952004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2250.961556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2250.971406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2250.980752] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2250.990951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2251.000258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2251.010027] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2251.020842] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 2251.027922] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2251.039235] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2251.047980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2251.184094] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2251.201204] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2251.215546] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2251.227939] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2251.237875] device bridge_slave_1 left promiscuous mode [ 2251.253764] bridge0: port 2(bridge_slave_1) entered disabled state [ 2251.265479] device bridge_slave_0 left promiscuous mode [ 2251.268281] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2251.272564] bridge0: port 1(bridge_slave_0) entered disabled state 21:32:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:53 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x924e, 0x3, 0x1}, &(0x7f0000000200)=0x10) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0x7f, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9, 0x8}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() syz_mount_image$nfs(&(0x7f0000000140)='nfs\x00', &(0x7f0000000240)='./file0\x00', 0x610, 0x1, &(0x7f0000000300)=[{&(0x7f00000002c0)="7dfc95c434c768ce703a11d4ef03a76782a1e36525626327864cb2c10a3ef8d21d16ba50d20c30d81aa7", 0x2a, 0x7fffffff}], 0x820c10, &(0x7f0000000480)='\xcf\xb0\x02\xb3v\xbf\xe8\xd3\x81\x85Q\x9b/\xb1D%\xd9&nz\xc8*_\xc8\xebx\xd7\xd2\xd6v\x85/\xde1e\xf96d0\xfcQ&\b,\xb4\xdex\xd0l\x8a\x94\x8d\xc25\x9e@\xad\x17\xd0^\xfb_\f\x85\x14\r\xb0f\xb6_\xd5A\xd2\xeb\xec\x1e*tvPN;X\' \x9f\b\xc3\vi6\xe4P\x11\xa61\x16\xa5&\x8b\x02\xa5\x1dF`a\xc6m\x99\x1fR\xe7\f^7&\xaac\xfdj\x01e\x86\x14\xea\x8b\x1e\x98\xdc)\xab\x94\xdf\xa2\xeeCND\x9e\xf7It\x14\x8b\xad2\x03)\xb1\x84?\xbbpd\xca9)2\n\x15B\xb0\x88\xb1\xbe\\Y\x1f\x9e\xc5mL\xb9\xf0\x1dzq\\\x01kV_=\fh\x81\xf0\xa8)\ve<-\rvd\v\xdb\x8c\xfd\xack\xc1\xce\xa9e\x0eP_Gm\xef:\x83\xa2c\x80\xae]k\x1b\x8a4\xdb') tkill(r2, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000100)) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) socket$bt_rfcomm(0x1f, 0x3, 0x3) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0xc02, &(0x7f0000000380)='\xcf\xb0\x02\xb3v\xbf\xe8\xd3\x81\x85Q\x9b/\xb1D%\xd9&nz\xc8*_\xc8\xebx\xd7\xd2\xd6v\x85/\xde1e\xf96d0\xfcQ&\b,\xb4\xdex\xd0l\x8a\x94\x8d\xc25\x9e@\xad\x17\xd0^\xfb_\f\x85\x14\r\xb0f\xb6_\xd5A\xd2\xeb\xec\x1e*tvPN;X\' \x9f\b\xc3\vi6\xe4P\x11\xa61\x16\xa5&\x8b\x02\xa5\x1dF`a\xc6m\x99\x1fR\xe7\f^7&\xaac\xfdj\x01e\x86\x14\xea\x8b\x1e\x98\xdc)\xab\x94\xdf\xa2\xeeCND\x9e\xf7It\x14\x8b\xad2\x03)\xb1\x84?\xbbpd\xca9)2\n\x15B\xb0\x88\xb1\xbe\\Y\x1f\x9e\xc5mL\xb9\xf0\x1dzq\\\x01kV_=\fh\x81\xf0\xa8)\ve<-\rvd\v\xdb\x8c\xfd\xack\xc1\xce\xa9e\x0eP_Gm\xef:\x83\xa2c\x80\xae]k\x1b\x8a4\xdb') 21:32:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:53 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x0, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2251.292626] device veth1_macvtap left promiscuous mode [ 2251.298924] device veth0_macvtap left promiscuous mode [ 2251.307451] device veth1_vlan left promiscuous mode [ 2251.314000] device veth0_vlan left promiscuous mode 21:32:53 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() tkill(r3, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000380)={"65c7eb85cd3473cedf161e3f5e51059d7824dac365f99c6589ae3557d7dbc930bd13515c8904da264a522aa37af16725dd9790a0bfb906c947b3f1488b34d3b5e19438c03374808359c16991cbf26777b9be5dff35161fb56370230277e829072b0c93809e085451c4daed50388bb795131e2180b8bd92edd5e9ce2f1438734cbcb71813c20cee8ec5c9de45c63db20e3ed47791ef455094ae6af7232602cf6bf9e52ca52c9078c950237e4d64af9fa000b1af23f2e8513969dea5a515aa707bee3efad27ba557377f339fc15a47957a5277b56c9c3d1b4c92766fd1fbcbb013b74b93b227452a59cea2e57760f0753faf26f52e6679ae444693b4de559e388ce83d1d1862e6b4e95d6e79b4cfe2b9d3448dc4776a448be1bdc8ea9d8bf0a7b30b55ae28474d25a946cfe1d3ef9f242ce506b52a464fbd4aaa2a82974a0c22cc0835d51ce49232aebf36559fda91604de7e2df370f7b33b1c8df56f650a9574fe78d4cfaf29896aac4ffae4c89693d3d668a7ef0cdba9e97b92a7cf6b0a0950dc487532124ced4d15f9c1dc6ad458d50bd29edca905e773acf30eb5e17ca229737d156bf8061a87fe04b7efd77ce0d1cdedcd9de71050f666a3e7007c25ef19e7cbfd265e4ba43666b35c0f92e048fd14ac18a1c2fb7594081e258161b6c633b68b317fed2942166ad42c878dc23d44c8572526bfe61ec6148c5064a3ebb8716d2b5ffab03384f0d35051114842994d6e93373e50dc5cfeaf1b56d2d5154cba271d55fb1ae0878519ed000534647b4f8295b1da14b50dc65b9f077fa7566dfaf5a3d9c6a770d944723f98d9842fdc3cfb63f0ad181f965793b39099beea1a1c514d367ac6b834a13c7e61fb4485547d074c251b1f38ffd1f59f95686275399fb51b8e607f4a8e1e9e9e3cef6e818c573a4552712db2b971b8551e5a9fb80fa6ee4f5e9213e10e1d1fc39c2b7517e41db5695d08cd59f170cef034ef6e6a1d53828725c77e7c657d341578fa8927af305bc9d408a2377a718503964d532a2504c8962d44d281d451f095f281e53cd7ba20fdf4407442228cfd0a466ef7bac8ecd32b2177efb762a3c85c6126afade5b88c882d8f1945472b8ecdbab26bef5a58315e406ef8a65fd4e1e9076c774e7cf1d192741fceeca550bc70ea2fc1ef75a6b43bd0d44e775a9aa089e67d7eaeaa68fd64f6b03e42652dbdbd8d7e3367b8aab0cd4586db835e3c3e7b4eed97da875e553d94bd2f1f76407dbb283aaa5ef08532622eb98ff193944ef3acd46264c7f7e0106e22c57b1f38c136b7b18030ae5cea979710ca50dd95752daf1c03a5bcde250c32df99c72c1aab052301260a9ce2969a28fc3246c4adb0c9e50d85f24de3cc3a7622a32855d10febd4e3f492787b88c0fbf6558f74807b56d00111abff20e76772c64aba057154ff5be3fe97665b3"}) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) fcntl$setpipe(r4, 0x407, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:32:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2251.367573] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2251.486381] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2251.542234] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2251.703476] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(0xffffffffffffffff, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2251.903080] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(0xffffffffffffffff, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2251.954232] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2252.042909] device hsr_slave_1 left promiscuous mode [ 2252.101522] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2252.116543] device hsr_slave_0 left promiscuous mode 21:32:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x0, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2252.154136] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2252.238194] team0 (unregistering): Port device team_slave_1 removed [ 2252.259211] team0 (unregistering): Port device team_slave_0 removed 21:32:54 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0), &(0x7f0000000100)=0xe) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x101, 0x1, 0x400000000000, 0x0, 0x0, 0x4}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(0xffffffffffffffff, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(0xffffffffffffffff, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:54 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x4, 0x5}, @qdisc_kind_options=@q_dsmark={{0xb, 0x1, 'dsmark\x00'}, {0xc, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x10}]}}]}, 0x40}}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000380)={{{@in=@broadcast, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@private0}}, &(0x7f0000000000)=0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@remote, @in=@private=0xa010102, 0x4e20, 0x2, 0x4e20, 0x6, 0x2, 0x80, 0x80, 0x29, 0x0, r5}, {0x80000001, 0x8, 0x1, 0xc608, 0x4, 0x8, 0x1, 0x9}, {0x4, 0x1f, 0x4, 0x2}, 0x0, 0x6e6bbb, 0x2, 0x1, 0x1, 0x2}, {{@in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4d3, 0x2b}, 0xa, @in=@private=0xa010101, 0x0, 0x7, 0x1, 0x81, 0x6, 0xfffffffd, 0xff}}, 0xe8) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2252.281601] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2252.311443] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2252.373904] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2252.614347] bond0 (unregistering): Released all slaves 21:32:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x0, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:55 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x100000010000001) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) r4 = openat(r2, &(0x7f00000000c0)='./file0/file0\x00', 0x101000, 0x2) accept$nfc_llcp(r4, &(0x7f0000000200), &(0x7f0000000100)=0x60) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x7}, 0x1100, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x10000010, 0x8, 0x3, 0x0, 0x0, 0xfffffffffffffffc}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:55 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) sched_setattr(0xffffffffffffffff, &(0x7f0000000000)={0x38, 0x2, 0x2, 0x1, 0x725df210, 0x20, 0x7fffffff, 0x7, 0x10000, 0x4}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:32:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x0) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(0xffffffffffffffff, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:56 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_BULK(r3, 0xc0185502, &(0x7f00000000c0)={{{0xa}}, 0xda, 0x8, &(0x7f0000000380)="097fc447c461e21aca09632b4fa7bc2c10b1f6cb5d366cfd636aa7e9878e685639fd60bf5869892e0da333f1f3c594623294f6517fe31d8a367354140d8fedac5d2b5c7c18c5d199a8dac9e1e4315b52013f60600853e7dbf8693fb1202f5c0a76410e339202c4b14dbca57d5164ee68ae41b07ba5156dfac51ad8841cf64a2f21fe63116bccff780f0219045abed7578de9eef4fb117550c18b1cbaf40425dc95d56f6d634fefbc366ab3e5481c40c9d17466b82fdd9d477fb80a64c005a5c6a10731778c14fc4d9f1d54e78ef6c3369a511e80eb929d78c9bb"}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:56 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000040)={&(0x7f0000000380)={0x13c, 0x2, 0x1, 0x3, 0x0, 0x0, {0x0, 0x0, 0x4}, [@CTA_TUPLE_MASTER={0x68, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}]}, @CTA_PROTOINFO={0x38, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x34, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x9}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x5}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x81}]}}, @CTA_NAT_DST={0x88, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x18}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, [], 0x1}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast1}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @loopback}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private1}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x8840}, 0x44000) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) getsockopt$netrom_NETROM_N2(r5, 0x103, 0x3, &(0x7f0000000180)=0xf, &(0x7f0000000200)=0x4) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x80, &(0x7f00000002c0)='o569\xa4;\xac*\xc3\xae$\xea\xb4c&\xe2|\xea\x9f\xd3\xfc\f\x02\xc9P-\x02\x00\x00\x00\xf3\r\xdd\xd3\xfd\x97*\x8c\x15Y\xe3<\xf0\x8d&\xa9\x80\x06\x8a\xdb\xb6\xa5\x87\xa9\xe5\x14\xe8\xe7\v\x96):\xb8f=&\x14\x81\xda\x86\x0e\xbc\xca\xaf_\v\xdb\x87\x1f\x00\x00\x00\xf7\x11\xebfpZ\xc8\x8e\xee\x1e\x00\xe9\x97') 21:32:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, 0x0, 0x0) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, 0x0, 0x0) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:57 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000180)={0x0, &(0x7f00000000c0)="468c2cbfc38907ec5d4f449cb205631411d279e27fcfd1059c99479d8a9d1a780707b0bca0ec7f9d6a7167d0addfa030fc079dcae8ab1e7ea1038af03097f60cbe3a1ca57e8992df4c6b400370257d8acaf5aeebd8a684e82dd9089e1d28ff117abda51dca7a1fc801d55f8cbd69f5d5de00515813", 0x75}) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, 0x0, 0x0) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, 0x0, 0x0) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:57 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x6, 0x4, 0x6df6, 0x8, 0x7ff, 0x10, 0xfff, 0x2, 0x2}, 0x0) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000000)={0x38, 0x6, 0x1, 0x0, 0x3, 0x0, 0x3f}, 0x0) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f0000000080)) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$uinput_user_dev(r2, &(0x7f0000000380)={'syz0\x00', {0x8, 0x8c6, 0x800, 0x2}, 0x3f, [0x0, 0x1, 0x7f, 0x5, 0x40, 0x0, 0x200, 0x4, 0x6, 0x0, 0x3ff, 0x80000001, 0xf1c1, 0x8, 0x49, 0x0, 0x1, 0xecb0, 0x6, 0x5, 0x400, 0xb2, 0x4, 0x2, 0x3, 0x2, 0x6, 0x800, 0x4, 0x80000001, 0x0, 0x1, 0x1, 0x6, 0x4, 0x0, 0x8000, 0x9, 0x56b887d7, 0x28, 0x80, 0xfffffffb, 0xa00000, 0x8, 0x7, 0x5, 0xfffffbff, 0x0, 0x7ff, 0xc15, 0x9, 0x65fa, 0x7, 0x5, 0xca2, 0x679, 0x0, 0x1, 0x0, 0x4, 0x101, 0x1, 0x8000, 0x7], [0x7, 0x8, 0x125, 0x3, 0x8d49, 0xfffffeff, 0x93d3, 0x9, 0x0, 0xaa, 0x8, 0x2d9, 0x8, 0xfff, 0x5, 0x3, 0x5, 0x80000000, 0x6, 0x5, 0x50, 0x9, 0x6, 0x3, 0x6fd, 0x7, 0xc444, 0x7ff, 0x2, 0x0, 0xfffffffd, 0x1, 0x5, 0x10000, 0x3ff, 0xfffffff8, 0xfffffbff, 0x20, 0x6, 0x3, 0x4, 0x7fff, 0x3, 0x31b, 0x6, 0x8, 0x4, 0x9, 0x7fffffff, 0xfffffffd, 0x3, 0x6635, 0x1, 0x401, 0x5, 0x5, 0xffffffb1, 0x80000000, 0xffffffff, 0x80000000, 0xdc, 0x1f, 0x20, 0x9], [0x80000001, 0x800, 0xffffff4a, 0x6, 0xfff, 0x8, 0x1, 0x84d4, 0x1, 0x0, 0x9, 0x8, 0x3, 0x8, 0xfff, 0x10000, 0xb096, 0xaa3, 0x1, 0x1e5, 0x9, 0x10000, 0x1, 0x7, 0x6, 0xff, 0x3ff, 0x1, 0x101, 0xfffffffa, 0x7, 0x20080000, 0x7fff, 0xffffffc0, 0x100, 0x8, 0xffff8000, 0x10001, 0x3f, 0x0, 0x8, 0x9, 0x1, 0x3ff, 0x0, 0x99ea, 0x1ff, 0x6, 0x0, 0xfff, 0x5, 0x8, 0xffffdd5c, 0x6, 0x5, 0xffffffff, 0x4, 0x5, 0x10000, 0xd688, 0x1, 0x9, 0x1, 0x7ff], [0x80000000, 0x3e7, 0x7, 0x6, 0x4, 0x3, 0x1, 0xe8, 0x3, 0x3, 0x7, 0x7, 0xffffffff, 0xfa0, 0xfffffffc, 0x101, 0x0, 0x1f, 0x695, 0x3, 0x7, 0x3, 0xffff, 0x101, 0x4000, 0x5, 0x5, 0xc00000, 0x8000, 0x1, 0x5, 0x7ff, 0x4, 0xed06, 0x9, 0x1f, 0x2, 0x6, 0x2, 0x5, 0x80000001, 0x2, 0x0, 0xd7, 0x0, 0x10000, 0xa3, 0xfffffff8, 0x6, 0x401, 0xc41, 0x7, 0x200, 0x5, 0xc6b, 0x5, 0x63, 0x1, 0x9, 0x86, 0x7f, 0x8, 0x8, 0x1073]}, 0x45c) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:32:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, 0x0, 0x0) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, 0x0, 0x0) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000040)={&(0x7f0000000380)={0x13c, 0x2, 0x1, 0x3, 0x0, 0x0, {0x0, 0x0, 0x4}, [@CTA_TUPLE_MASTER={0x68, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}]}, @CTA_PROTOINFO={0x38, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x34, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x9}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x5}, @CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x81}]}}, @CTA_NAT_DST={0x88, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x18}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, [], 0x1}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast1}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @loopback}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private1}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x8840}, 0x44000) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) getsockopt$netrom_NETROM_N2(r5, 0x103, 0x3, &(0x7f0000000180)=0xf, &(0x7f0000000200)=0x4) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x80, &(0x7f00000002c0)='o569\xa4;\xac*\xc3\xae$\xea\xb4c&\xe2|\xea\x9f\xd3\xfc\f\x02\xc9P-\x02\x00\x00\x00\xf3\r\xdd\xd3\xfd\x97*\x8c\x15Y\xe3<\xf0\x8d&\xa9\x80\x06\x8a\xdb\xb6\xa5\x87\xa9\xe5\x14\xe8\xe7\v\x96):\xb8f=&\x14\x81\xda\x86\x0e\xbc\xca\xaf_\v\xdb\x87\x1f\x00\x00\x00\xf7\x11\xebfpZ\xc8\x8e\xee\x1e\x00\xe9\x97') 21:32:58 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x8, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x5, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003bc0)=[{{&(0x7f00000016c0)=@ax25={{}, [@rose, @rose, @bcast, @netrom, @rose, @rose]}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/48, 0x30}, {&(0x7f0000001740)=""/117, 0x75}], 0x2, &(0x7f00000017c0)=""/4096, 0x1000}, 0x3}, {{&(0x7f00000002c0)=@ipx, 0x80, &(0x7f0000003a80)=[{&(0x7f0000002840)=""/22, 0x16}, {&(0x7f0000002880)=""/107, 0x6b}, {&(0x7f0000002900)=""/96, 0x60}, {&(0x7f0000002980)=""/109, 0x6d}, {&(0x7f0000002a00)=""/88, 0x58}, {&(0x7f0000002a80)=""/4096, 0x1000}], 0x6, &(0x7f0000003b00)=""/165, 0xa5}, 0x400}], 0x2, 0x10182, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0x6, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x10001, 0x1}, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xc, 0xffffffffffffffff, 0xa) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80082407, &(0x7f00000000c0)) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() tkill(r3, 0x27) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0x99e, 0x7fff}, 0x0) recvmsg$can_raw(r1, &(0x7f0000000200)={0x0, 0x0, 0xfffffffffffffffd, 0x0, &(0x7f0000003c40)=""/4095, 0xfff}, 0x40000001) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2256.311456] net_ratelimit: 27 callbacks suppressed [ 2256.311473] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:32:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2256.547148] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2256.760674] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:58 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x1000}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r4, 0x402c5342, &(0x7f00000000c0)={0x3, 0x0, 0xffffffff, {0x40, 0x7}, 0x1, 0x1000}) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:32:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:32:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2257.079520] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x3, 0x8, 0x0, 0x0, 0x0, {0x9, 0x0, 0x6}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x22f0}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x4000) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000300)="b42e949f91dfb1e18bc06624bd10fbd2143fb39ea77e4f7bca3077930a3eedec2185f423041ca642878c9e1aa782709cf85be1f9399adb93aa3cb3fae775097f4c8a81dedf9ba62991e947ad27f4d3ecf8b1501200d76bf2a3efc3ced080fe08b18470124a582d3f5e5ef1fcee184f722c77ab1630148249d1263e500e455d3f7a251927e26c1198f285bf27a24b8d920aa4ce2d0c0ca5ffbb", 0x99}, {&(0x7f00000003c0)="08d2f9113bf1580799c1d072d5e36cf9a43b4eec4a7682560efc57e198231a2c490bf0e4a846dfeed4a28e24dd88796ad4947422db5b0f003f64020643510a4502f4ee135252a9d879c7bb0c3a3a8127716a38d8b8258179a54cc80be1a438ff66a84c8ae70e59c50be8b5b7577228c89dcd5d34b17d3d7e2b5cadfccb1dbad3728bb88b8a9b92ae429c7287c9ca301688f5869c496352d032081a291e6f97f1600ebab9fb4f0d4fcc8e7c192938743920d77543b9373430590660396ff2637fe4376821ec32e64d224aee2200"/218, 0xda}, {&(0x7f00000004c0)="d004167fee274ffb10ed858f501a28f6527d0e24f1aad9264e38784f1d841a0b58fdbd6132eae7eb1da82dcc28c00d16d7d70bb9367eb147abee2159c532804e7eeddee5cc407a510dab9919", 0x85}, {&(0x7f0000000540)="777e87f4ffe61e670a6f7e2ab2a785dcf2f7e0b87eaa40e233c2d33aa2e8ad61bebbd4349f3d322b21e1f2dca3d9fda933c12932b41869acd983e7cd81e2ffe2c099f4c12c077668760cf0fa5b4e2b62dfbfe1e0363d71473f3ad38a", 0x5c}], 0x4, 0x1) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, &(0x7f0000000100)=0x80) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2257.146225] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept4(r2, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:59 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2257.361890] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2257.408357] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept4(r2, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2257.629522] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2257.682413] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept4(r2, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:59 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x80000000, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0x100000d, 0xffffffffffffffff, 0x0) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCGRS485(r4, 0x542e, &(0x7f0000000000)) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x32) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x10000073, 0x0, 0x2, 0xf692, 0x841, 0x10, 0xfffffff9, 0x1}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:32:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2257.887385] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:32:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:32:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:00 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = getpgid(r0) sched_setattr(r1, &(0x7f0000000040)={0x38, 0x1, 0x65, 0x9, 0x1, 0x800, 0x4, 0xfffffffffffffffe, 0x6}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x18, 0x1411, 0x8, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x8000) fcntl$setpipe(r4, 0x407, 0x0) fsync(r3) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept4(r2, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40), 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40), 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:00 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000000)) r2 = socket$inet6(0xa, 0x5, 0x0) recvmmsg(r2, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:33:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40), 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2258.944033] IPVS: ftp: loaded support on port[0] = 21 21:33:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x0, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40), 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:01 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() sendmsg(r3, &(0x7f0000000980)={&(0x7f00000000c0)=@pppoe={0x18, 0x0, {0x0, @dev={[], 0x37}, 'veth0_to_team\x00'}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000200)="62b11f82030b3c4a8701efdf4747e86827b095dc07994e6d1d79e88b9d734cd28ca0bbcd6d29b370f0b06b58810007ad40c0ee43ad767ef8bf840948dbf472458e29cbd1c4df83513513dd61aed9a38e26380f3621d2fa252a6846e92f99db851d1b4c8bf52d993026b42dfd92b8456b3bcab5b4073666", 0x77}, {&(0x7f0000000380)="451ee09c2535037c7b6a7a1b74c075898aa415c6a0237d96a8bb129aee544ca2437dfd50cd6f0d9666cc7900f2a1bcfa77e3ae315e962cb0e07148e353ddf0dde524503eda7bb6c5b806327f7d7d462f36a9313d2eba4f242a7b696a6c5213f24191e2742a7ee3e1110ec979ea257d5803ac5b08225261e356faca1e843a7dde82b42cc8c4c8c100c4f387e4364ce7c59ce67e1bde4ad0606f80b5eef32868302fbb070755ff40ffbc4e13854a96190b9b4151d0f49b507a7ea09aada3047e9b4985e1205d7e2bc8b4", 0xc9}, {&(0x7f0000000480)="de89673daebcef61d0653c6fe24a7c05c2b713084e7f4a5b3b614afa6daf7354fe1c061c44eac32c430e47464d00a45fda73b40e81b7e0929b06042f8be1bb7d9edc7850c3a16d0bff05f5e45cb2a8ec62b3fb481386bf2a82049d3f95a05a27c3163632cb99067828e6c8aa784112014e2d07ff80f5ee9844b7e1a7df5eb231c977d646b2a0a64d42f14ed4b6ed6c992ffb1f358da4d72bf22795ad0212ec7f38e339e2f2c64197ad4d59f7d08765d787a201ed7f6a40c11d4a3d4c8fefea553e2f188805a21f108d29720e", 0xcc}, {&(0x7f0000000180)="f8dc99f414ddb0dbc531e29cd78620b5d3d18c6399d934f3226b52d9e6a74806", 0x20}, {&(0x7f00000002c0)="4ed64416c85662d2dbcc5675d5d91a9501a277f720b290e034fa5fef4c4f646badfe9e44802ed933165bf1e655b95049b802e895c733c46212e0d77448c2c21b95efa8e25e0ffed0ae0314ba2958cfcb23206703b7e83fdcc6f37239583a765e6181989f95df518e2fc1b621912c3e98c7d8aac15f63b9a83cad76b772554c", 0x7f}, {&(0x7f0000000580)="1bfb33e1fe450114366e6eab3275e134fc13ad34037f81965ce694199d29401c64923dcc83456ec93f3008e05aa584aad9a26b774e70be3e6814acdad384867d60ef160e07bbe3c0c34a875778449d78d02e9b9f5849fb1ebed7d23e322f0cfdad56e1f98b43ef2a1597c79e7623c92abe0eed0a808006c753ef8b2225", 0x7d}, {&(0x7f0000000600)="2abba91da14f33eaf570c1f07832d85182a01eeaa9c3b631c72094591398748356a3bfe57b51e1f8eee7d4829c4c304ae41d5f5e79aa9485dca6d449e1b979e7beef9c1d320562ce2eeaf99258db273131f9b352ab4f4a2da3af67cd5d4d666da5482414676aa57be29c0537c3dd9c0f3d870066448efd120b332653e351a11558f51d9ac503a3a95ce90b7171530ac368df2777f0458c4e15dbcd491ee68463ebdda5493a", 0xa5}, {&(0x7f00000006c0)="78186433f6157903bdd29e3d", 0xc}], 0x8, &(0x7f0000000780)=[{0x100, 0x1, 0xffff9c1a, "af54dec23b70f00ab7511666683ff4cf655c01d64bd5847f431e6dbec6e05639f1da7c70099cb50975be9e53a424ebd917a5188131f799955857cf953adf31152d08d93f6fc3065fc7706c6b53566bfa4604725a474993791f57bcc3623c35e6104521b175d2892b207a2676b34c0fed6045400fdfb01c90600efac0e3904016811aa6927aa5d54552521cb112076f0beb0916353caf12a7b26c47fa501525861ba0a3798882625eefde64c5fbb4f59c65046a2eec6aa270db3b53beb6da995be9eff861ed779d9b5489aa2028e2fdd7e37a1ea4accd8c0743b2a5c7ef26479e49a1093e339c144206eb67a3"}, {0xf0, 0x110, 0x9, "91579612a352b2f0cb013be1ec0d135c045b2d985990fc8695b899250b5117885e6f88d34c4a486684f6e49cca70827e4b66b340321bf3ca60d7d04dc1118aa6c5f525da51dc1f286a59a356d621628b9c1d3f32f93a0d8950f054951c861943488cdc2760837a5b124eba0a4ef9b2bf8d31f1f0865862ba863004ce1cf4f0a8029529cdd0076f3f90fe1875dd08ad55d3e6bb1f1ce8ca631147ddd50a31b5a08a53eb7d0ec5cfb357a3f6e179d825b4e1eaf8350c66e4f9d9dbb7e2c137d39c1ad6e2468124ab7706d69453ec3eb088b6d2bbc059b31c2f842e"}], 0x1f0}, 0x20000890) tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept4(r2, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x0, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:02 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x81000, &(0x7f00000000c0)='\x80\n}z\x0f#\xf9\xd7\xb8Df\xa8g\xfb\x9d\x16\xc4q\xbfc\xfe\xf5\xe8\xc1\x85`\x18\xee\x85\\\xf3\xbc!\x89\x90x\x1b\xff\x7f\t\xae\xe2S\x1d\xa9a\xe6`-\x82\r\xcc\x806p\x95') 21:33:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() sendmsg(r3, &(0x7f0000000980)={&(0x7f00000000c0)=@pppoe={0x18, 0x0, {0x0, @dev={[], 0x37}, 'veth0_to_team\x00'}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000200)="62b11f82030b3c4a8701efdf4747e86827b095dc07994e6d1d79e88b9d734cd28ca0bbcd6d29b370f0b06b58810007ad40c0ee43ad767ef8bf840948dbf472458e29cbd1c4df83513513dd61aed9a38e26380f3621d2fa252a6846e92f99db851d1b4c8bf52d993026b42dfd92b8456b3bcab5b4073666", 0x77}, {&(0x7f0000000380)="451ee09c2535037c7b6a7a1b74c075898aa415c6a0237d96a8bb129aee544ca2437dfd50cd6f0d9666cc7900f2a1bcfa77e3ae315e962cb0e07148e353ddf0dde524503eda7bb6c5b806327f7d7d462f36a9313d2eba4f242a7b696a6c5213f24191e2742a7ee3e1110ec979ea257d5803ac5b08225261e356faca1e843a7dde82b42cc8c4c8c100c4f387e4364ce7c59ce67e1bde4ad0606f80b5eef32868302fbb070755ff40ffbc4e13854a96190b9b4151d0f49b507a7ea09aada3047e9b4985e1205d7e2bc8b4", 0xc9}, {&(0x7f0000000480)="de89673daebcef61d0653c6fe24a7c05c2b713084e7f4a5b3b614afa6daf7354fe1c061c44eac32c430e47464d00a45fda73b40e81b7e0929b06042f8be1bb7d9edc7850c3a16d0bff05f5e45cb2a8ec62b3fb481386bf2a82049d3f95a05a27c3163632cb99067828e6c8aa784112014e2d07ff80f5ee9844b7e1a7df5eb231c977d646b2a0a64d42f14ed4b6ed6c992ffb1f358da4d72bf22795ad0212ec7f38e339e2f2c64197ad4d59f7d08765d787a201ed7f6a40c11d4a3d4c8fefea553e2f188805a21f108d29720e", 0xcc}, {&(0x7f0000000180)="f8dc99f414ddb0dbc531e29cd78620b5d3d18c6399d934f3226b52d9e6a74806", 0x20}, {&(0x7f00000002c0)="4ed64416c85662d2dbcc5675d5d91a9501a277f720b290e034fa5fef4c4f646badfe9e44802ed933165bf1e655b95049b802e895c733c46212e0d77448c2c21b95efa8e25e0ffed0ae0314ba2958cfcb23206703b7e83fdcc6f37239583a765e6181989f95df518e2fc1b621912c3e98c7d8aac15f63b9a83cad76b772554c", 0x7f}, {&(0x7f0000000580)="1bfb33e1fe450114366e6eab3275e134fc13ad34037f81965ce694199d29401c64923dcc83456ec93f3008e05aa584aad9a26b774e70be3e6814acdad384867d60ef160e07bbe3c0c34a875778449d78d02e9b9f5849fb1ebed7d23e322f0cfdad56e1f98b43ef2a1597c79e7623c92abe0eed0a808006c753ef8b2225", 0x7d}, {&(0x7f0000000600)="2abba91da14f33eaf570c1f07832d85182a01eeaa9c3b631c72094591398748356a3bfe57b51e1f8eee7d4829c4c304ae41d5f5e79aa9485dca6d449e1b979e7beef9c1d320562ce2eeaf99258db273131f9b352ab4f4a2da3af67cd5d4d666da5482414676aa57be29c0537c3dd9c0f3d870066448efd120b332653e351a11558f51d9ac503a3a95ce90b7171530ac368df2777f0458c4e15dbcd491ee68463ebdda5493a", 0xa5}, {&(0x7f00000006c0)="78186433f6157903bdd29e3d", 0xc}], 0x8, &(0x7f0000000780)=[{0x100, 0x1, 0xffff9c1a, "af54dec23b70f00ab7511666683ff4cf655c01d64bd5847f431e6dbec6e05639f1da7c70099cb50975be9e53a424ebd917a5188131f799955857cf953adf31152d08d93f6fc3065fc7706c6b53566bfa4604725a474993791f57bcc3623c35e6104521b175d2892b207a2676b34c0fed6045400fdfb01c90600efac0e3904016811aa6927aa5d54552521cb112076f0beb0916353caf12a7b26c47fa501525861ba0a3798882625eefde64c5fbb4f59c65046a2eec6aa270db3b53beb6da995be9eff861ed779d9b5489aa2028e2fdd7e37a1ea4accd8c0743b2a5c7ef26479e49a1093e339c144206eb67a3"}, {0xf0, 0x110, 0x9, "91579612a352b2f0cb013be1ec0d135c045b2d985990fc8695b899250b5117885e6f88d34c4a486684f6e49cca70827e4b66b340321bf3ca60d7d04dc1118aa6c5f525da51dc1f286a59a356d621628b9c1d3f32f93a0d8950f054951c861943488cdc2760837a5b124eba0a4ef9b2bf8d31f1f0865862ba863004ce1cf4f0a8029529cdd0076f3f90fe1875dd08ad55d3e6bb1f1ce8ca631147ddd50a31b5a08a53eb7d0ec5cfb357a3f6e179d825b4e1eaf8350c66e4f9d9dbb7e2c137d39c1ad6e2468124ab7706d69453ec3eb088b6d2bbc059b31c2f842e"}], 0x1f0}, 0x20000890) tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:02 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x10b, 0x401, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_ARM_SET_DEVICE_ADDR(0xffffffffffffffff, 0x4010aeab, &(0x7f00000000c0)={0x40, 0x1000}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2261.292378] IPVS: ftp: loaded support on port[0] = 21 21:33:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x0, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:03 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x0, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:03 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4000000010000507753f0000000010000000000000d1", @ANYRES32=0x0, @ANYBLOB="00000000000000002000128009000100626f6e640000000010000280040008800800070003000000"], 0x40}}, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xd, 0xffffffffffffffff, 0xa) semctl$GETZCNT(0x0, 0x4, 0xf, 0x0) semop(0x0, &(0x7f0000000180), 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() tkill(r2, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2261.683203] net_ratelimit: 14 callbacks suppressed [ 2261.683208] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2261.771850] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:03 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01d67c7b8000000000001700000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000"], 0x28}}, 0x0) sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fcdbdf250c00000008003700020000000800090005ac0f00"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4004080) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x10b, 0x401, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_ARM_SET_DEVICE_ADDR(0xffffffffffffffff, 0x4010aeab, &(0x7f00000000c0)={0x40, 0x1000}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2261.918535] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2261.961627] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x0, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x10b, 0x401, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_ARM_SET_DEVICE_ADDR(0xffffffffffffffff, 0x4010aeab, &(0x7f00000000c0)={0x40, 0x1000}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2262.760981] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. 21:33:04 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0xa0b493e0, 0x0, 0xfffffffffffffffe, 0x0, 0x401}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:33:04 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0xfffffffffffffffc, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x1ff}, 0x0, 0xd, 0xffffffffffffffff, 0x2) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) r5 = socket$isdn(0x22, 0x3, 0x4) setsockopt$sock_void(r5, 0x1, 0x36, 0x0, 0x0) [ 2262.842680] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2262.989952] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2263.009848] IPVS: ftp: loaded support on port[0] = 21 21:33:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x10b, 0x401, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_ARM_SET_DEVICE_ADDR(0xffffffffffffffff, 0x4010aeab, &(0x7f00000000c0)={0x40, 0x1000}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2263.506094] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:05 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:05 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x0, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:05 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x200000, 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f00000000c0)=0x2000c008) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2263.755611] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2264.325610] oom_reaper: reaped process 11348 (syz-executor.5), now anon-rss:0kB, file-rss:24kB, shmem-rss:0kB 21:33:06 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x0, 0x20b493e0, 0x0, 0xffffffffffffdffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9, 0x0, 0xffffffff}, 0x0, 0xd, 0xffffffffffffffff, 0xa) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvme-fabrics\x00', 0x404b02, 0x0) setsockopt$PNPIPE_ENCAP(r4, 0x113, 0x1, &(0x7f0000000140), 0x4) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2000040, &(0x7f0000000100)) [ 2264.447467] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:06 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2264.640101] IPVS: ftp: loaded support on port[0] = 21 [ 2265.227440] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2265.442325] IPVS: ftp: loaded support on port[0] = 21 21:33:07 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2265.978883] kworker/u4:12 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 21:33:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:08 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x80000001, 0x3, 0x0, 0xfffffffffffffffd, 0x0, 0x4, 0x1}, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000200)={0x69, 0x3, 0x4, 0x10, 0x0, {}, {0x5, 0x8, 0x1f, 0xa2, 0x5, 0x36, "2a3150bb"}, 0x1, 0x1, @fd=r5, 0x93, 0x0, r2}) getpeername$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000100)=0x1c) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2266.108540] kworker/u4:12 cpuset=/ mems_allowed=0-1 [ 2266.122021] CPU: 0 PID: 6533 Comm: kworker/u4:12 Not tainted 4.14.182-syzkaller #0 [ 2266.129752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2266.141116] Workqueue: events_unbound call_usermodehelper_exec_work [ 2266.147526] Call Trace: [ 2266.150120] dump_stack+0x1b2/0x283 [ 2266.153755] dump_header+0x178/0x7aa [ 2266.157473] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2266.162503] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2266.167619] ? ___ratelimit+0x2cd/0x522 [ 2266.171607] oom_kill_process.cold+0x10/0xc16 [ 2266.176303] ? lock_downgrade+0x6e0/0x6e0 [ 2266.182661] out_of_memory+0x2d5/0x10f0 [ 2266.186637] ? oom_killer_disable+0x1c0/0x1c0 [ 2266.191112] ? mutex_trylock+0x152/0x1a0 [ 2266.195849] __alloc_pages_nodemask+0x2556/0x2730 [ 2266.200687] ? __lock_acquire+0x655/0x42a0 [ 2266.204919] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2266.209774] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2266.214784] ? kmem_cache_alloc_node+0x387/0x400 [ 2266.219549] copy_process.part.0+0x26a/0x6fa0 [ 2266.224038] ? __lock_acquire+0x655/0x42a0 [ 2266.228269] ? check_preemption_disabled+0x35/0x240 [ 2266.233265] ? kvm_clock_read+0x1f/0x30 [ 2266.237227] ? kvm_sched_clock_read+0x5/0x10 [ 2266.241711] ? _find_next_bit+0xdb/0x100 [ 2266.245751] ? static_obj+0x50/0x50 [ 2266.249358] ? umh_complete+0x80/0x80 [ 2266.253137] ? __cleanup_sighand+0x40/0x40 [ 2266.257368] ? account_entity_enqueue+0x2ee/0x450 [ 2266.262199] ? umh_complete+0x80/0x80 [ 2266.265983] _do_fork+0x180/0xc80 [ 2266.269427] ? fork_idle+0x270/0x270 [ 2266.273121] ? lock_downgrade+0x6e0/0x6e0 [ 2266.277254] ? lock_downgrade+0x6e0/0x6e0 [ 2266.281385] ? process_one_work+0x6ec/0x14c0 [ 2266.285782] ? umh_complete+0x80/0x80 [ 2266.289564] kernel_thread+0x2f/0x40 [ 2266.293257] call_usermodehelper_exec_work+0x193/0x210 [ 2266.298546] ? call_usermodehelper_exec_async+0x4c0/0x4c0 [ 2266.304413] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2266.309847] process_one_work+0x7c0/0x14c0 [ 2266.314070] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 2266.318769] ? worker_thread+0x163/0x1080 [ 2266.322900] ? _raw_spin_unlock_irq+0x24/0x90 [ 2266.327385] worker_thread+0x5d7/0x1080 [ 2266.331343] ? process_one_work+0x14c0/0x14c0 [ 2266.335837] kthread+0x30d/0x420 [ 2266.339191] ? kthread_create_on_node+0xd0/0xd0 [ 2266.343852] ret_from_fork+0x24/0x30 [ 2266.867610] Mem-Info: [ 2266.870221] active_anon:1233710 inactive_anon:6139 isolated_anon:0 [ 2266.870221] active_file:144 inactive_file:265 isolated_file:10 [ 2266.870221] unevictable:1839 dirty:23 writeback:19 unstable:0 [ 2266.870221] slab_reclaimable:17929 slab_unreclaimable:169533 [ 2266.870221] mapped:54143 shmem:7616 pagetables:43706 bounce:0 [ 2266.870221] free:29514 free_pcp:4 free_cma:0 [ 2266.909531] Node 0 active_anon:1668668kB inactive_anon:16144kB active_file:572kB inactive_file:1252kB unevictable:1032kB isolated(anon):0kB isolated(file):40kB mapped:211156kB dirty:88kB writeback:72kB shmem:22052kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2267.202486] Node 1 active_anon:3266172kB inactive_anon:8412kB active_file:4kB inactive_file:8kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5516kB dirty:4kB writeback:4kB shmem:8412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2267.347953] Node 0 DMA free:10460kB min:220kB low:272kB high:324kB active_anon:1368kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2267.426161] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2267.476211] Node 0 DMA32 free:50072kB min:36296kB low:45368kB high:54440kB active_anon:1667300kB inactive_anon:16144kB active_file:888kB inactive_file:1868kB unevictable:1032kB writepending:160kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15232kB pagetables:37412kB bounce:0kB free_pcp:764kB local_pcp:636kB free_cma:0kB [ 2267.772196] lowmem_reserve[]: 0 0 0 0 0 [ 2267.776228] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2267.867752] lowmem_reserve[]: 0 0 0 0 0 21:33:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(0xffffffffffffffff) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2267.892464] Node 1 Normal free:55556kB min:53592kB low:66988kB high:80384kB active_anon:3266172kB inactive_anon:8412kB active_file:4kB inactive_file:8kB unevictable:6324kB writepending:4kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59648kB pagetables:137340kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2268.018867] lowmem_reserve[]: 0 0 0 0 0 [ 2268.023856] Node 0 DMA: 45*4kB (UME) 63*8kB (UME) 23*16kB (UME) 10*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10460kB [ 2268.040430] Node 0 DMA32: 2700*4kB (UME) 2022*8kB (UME) 401*16kB (UME) 54*32kB (UM) 197*64kB (UM) 20*128kB (UM) 3*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 51056kB [ 2268.068862] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2268.079998] Node 1 Normal: 2239*4kB (UME) 402*8kB (UMEH) 166*16kB (UMEH) 506*32kB (UME) 316*64kB (ME) 34*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 55596kB [ 2268.095628] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2268.104989] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2268.121565] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2268.223235] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2268.431535] 8022 total pagecache pages [ 2268.435464] 0 pages in swap cache [ 2268.461793] Swap cache stats: add 0, delete 0, find 0/0 [ 2268.467175] Free swap = 0kB [ 2268.498273] Total swap = 0kB [ 2268.501312] 1965979 pages RAM [ 2268.504416] 0 pages HighMem/MovableOnly [ 2268.517283] 338455 pages reserved [ 2268.521044] 0 pages cma reserved [ 2268.524562] Out of memory: Kill process 10899 (syz-executor.5) score 1007 or sacrifice child [ 2268.533339] Killed process 10899 (syz-executor.5) total-vm:75632kB, anon-rss:16588kB, file-rss:35820kB, shmem-rss:0kB [ 2268.796369] oom_reaper: reaped process 10899 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2269.056642] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2269.844741] IPVS: ftp: loaded support on port[0] = 21 [ 2269.997918] IPVS: ftp: loaded support on port[0] = 21 [ 2270.147053] IPVS: ftp: loaded support on port[0] = 21 [ 2270.323392] IPVS: ftp: loaded support on port[0] = 21 [ 2270.515137] IPVS: ftp: loaded support on port[0] = 21 21:33:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:12 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x1, 0x2) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) io_setup(0x7fff, &(0x7f0000000100)) 21:33:12 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_STOPDAEMON(r5, 0x0, 0x48c, &(0x7f0000000000)={0x2, 'bridge_slave_0\x00', 0x4}, 0x18) 21:33:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(0xffffffffffffffff) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2270.703890] IPVS: ftp: loaded support on port[0] = 21 [ 2270.765514] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2270.860722] IPVS: ftp: loaded support on port[0] = 21 [ 2270.905840] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2271.134714] kworker/u4:19 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2271.157431] IPVS: ftp: loaded support on port[0] = 21 21:33:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2271.346858] IPVS: ftp: loaded support on port[0] = 21 [ 2271.436096] kworker/u4:19 cpuset=/ mems_allowed=0-1 [ 2271.451867] CPU: 1 PID: 7367 Comm: kworker/u4:19 Not tainted 4.14.182-syzkaller #0 [ 2271.459600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2271.468978] Workqueue: events_unbound call_usermodehelper_exec_work [ 2271.475418] Call Trace: [ 2271.478013] dump_stack+0x1b2/0x283 [ 2271.481655] dump_header+0x178/0x7aa [ 2271.485376] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2271.490407] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2271.495524] ? ___ratelimit+0x2cd/0x522 [ 2271.499511] oom_kill_process.cold+0x10/0xc16 [ 2271.504038] ? lock_downgrade+0x6e0/0x6e0 [ 2271.508193] out_of_memory+0x2d5/0x10f0 [ 2271.512177] ? oom_killer_disable+0x1c0/0x1c0 [ 2271.516674] ? mutex_trylock+0x152/0x1a0 [ 2271.520744] __alloc_pages_nodemask+0x2556/0x2730 [ 2271.525604] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2271.530454] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2271.535459] ? retint_kernel+0x2d/0x2d [ 2271.539333] cache_grow_begin+0x91/0x410 [ 2271.543385] fallback_alloc+0x205/0x2b0 [ 2271.547340] kmem_cache_alloc_node+0xe3/0x400 [ 2271.551827] copy_process.part.0+0x17d5/0x6fa0 [ 2271.556387] ? __lock_acquire+0x655/0x42a0 [ 2271.560612] ? check_preemption_disabled+0x35/0x240 [ 2271.565620] ? kvm_clock_read+0x1f/0x30 [ 2271.569583] ? kvm_sched_clock_read+0x5/0x10 [ 2271.573967] ? _find_next_bit+0xdb/0x100 [ 2271.578005] ? static_obj+0x50/0x50 [ 2271.581632] ? umh_complete+0x80/0x80 [ 2271.585417] ? __cleanup_sighand+0x40/0x40 [ 2271.589646] ? account_entity_enqueue+0x2ee/0x450 [ 2271.594478] ? umh_complete+0x80/0x80 [ 2271.598270] _do_fork+0x180/0xc80 [ 2271.601701] ? fork_idle+0x270/0x270 [ 2271.605412] ? lock_downgrade+0x6e0/0x6e0 [ 2271.609535] ? lock_downgrade+0x6e0/0x6e0 [ 2271.613674] ? process_one_work+0x6ec/0x14c0 [ 2271.618060] ? umh_complete+0x80/0x80 [ 2271.621837] kernel_thread+0x2f/0x40 [ 2271.625542] call_usermodehelper_exec_work+0x193/0x210 [ 2271.630797] ? call_usermodehelper_exec_async+0x4c0/0x4c0 [ 2271.636322] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2271.641748] process_one_work+0x7c0/0x14c0 [ 2271.645964] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 2271.650621] ? worker_thread+0x163/0x1080 [ 2271.654760] ? _raw_spin_unlock_irq+0x24/0x90 [ 2271.659233] worker_thread+0x5d7/0x1080 [ 2271.663198] ? process_one_work+0x14c0/0x14c0 [ 2271.667673] kthread+0x30d/0x420 [ 2271.671017] ? kthread_create_on_node+0xd0/0xd0 [ 2271.675662] ret_from_fork+0x24/0x30 [ 2271.864605] IPVS: ftp: loaded support on port[0] = 21 [ 2271.897617] Mem-Info: [ 2271.901324] active_anon:1230177 inactive_anon:6139 isolated_anon:0 [ 2271.901324] active_file:323 inactive_file:342 isolated_file:43 [ 2271.901324] unevictable:1839 dirty:17 writeback:1 unstable:0 [ 2271.901324] slab_reclaimable:17949 slab_unreclaimable:174201 [ 2271.901324] mapped:54453 shmem:7616 pagetables:43774 bounce:0 [ 2271.901324] free:27638 free_pcp:152 free_cma:0 [ 2271.946580] Node 0 active_anon:1670768kB inactive_anon:16148kB active_file:1292kB inactive_file:1356kB unevictable:1032kB isolated(anon):0kB isolated(file):172kB mapped:212248kB dirty:56kB writeback:104kB shmem:22056kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2272.007533] Node 1 active_anon:3249940kB inactive_anon:8408kB active_file:0kB inactive_file:12kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5564kB dirty:12kB writeback:0kB shmem:8408kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 21:33:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(0xffffffffffffffff) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:14 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x85) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x3) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/nvram\x00', 0x0, 0x0) recvfrom$rxrpc(r5, &(0x7f0000002800)=""/159, 0x9f, 0x10100, 0x0, 0x0) 21:33:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x0, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2272.380001] Node 0 DMA free:10452kB min:220kB low:272kB high:324kB active_anon:1368kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2272.653283] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2272.681364] Node 0 DMA32 free:46424kB min:36296kB low:45368kB high:54440kB active_anon:1669200kB inactive_anon:16148kB active_file:808kB inactive_file:860kB unevictable:1032kB writepending:60kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15040kB pagetables:37684kB bounce:0kB free_pcp:1008kB local_pcp:704kB free_cma:0kB [ 2272.744572] lowmem_reserve[]: 0 0 0 0 0 [ 2272.749297] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2272.778631] lowmem_reserve[]: 0 0 0 0 0 [ 2272.782865] Node 1 Normal free:56324kB min:53592kB low:66988kB high:80384kB active_anon:3249748kB inactive_anon:8408kB active_file:4kB inactive_file:8kB unevictable:6324kB writepending:0kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59840kB pagetables:137312kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2272.833194] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2272.849438] lowmem_reserve[]: 0 0 0 0 0 [ 2272.873883] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2272.884909] Node 0 DMA: 43*4kB (UME) 69*8kB (UME) 24*16kB (UME) 10*32kB (UME) 5*64kB (M) 2*128kB (UM) 1*256kB (E) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10452kB [ 2272.908760] Node 0 DMA32: 1354*4kB (UMEH) 1587*8kB (UMEH) 546*16kB (UMEH) 83*32kB (UMH) 197*64kB (UMH) 17*128kB (UM) 2*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 44800kB [ 2272.927383] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2272.938901] Node 1 Normal: 3911*4kB (UME) 1621*8kB (UME) 140*16kB (MEH) 507*32kB (UME) 141*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 56100kB [ 2272.955213] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2272.966540] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2272.976605] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2272.993148] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2273.005727] 8811 total pagecache pages [ 2273.009711] 0 pages in swap cache [ 2273.013254] Swap cache stats: add 0, delete 0, find 0/0 [ 2273.019487] Free swap = 0kB [ 2273.022506] Total swap = 0kB [ 2273.025518] 1965979 pages RAM [ 2273.030364] 0 pages HighMem/MovableOnly [ 2273.034986] 338455 pages reserved [ 2273.039124] 0 pages cma reserved [ 2273.047711] Out of memory: Kill process 10953 (syz-executor.5) score 1007 or sacrifice child [ 2273.058601] Killed process 10953 (syz-executor.5) total-vm:75632kB, anon-rss:16588kB, file-rss:35820kB, shmem-rss:0kB [ 2273.125971] oom_reaper: reaped process 10953 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2273.666550] IPVS: ftp: loaded support on port[0] = 21 21:33:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x0, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:15 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:15 executing program 3: prlimit64(0x0, 0x5, &(0x7f0000000280)={0x6, 0x101}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000100)={0x38, 0x1, 0x0, 0x0, 0x1, 0x6, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a005d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x72, &(0x7f000059aff8), &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e23, @empty}}, [0x7fff, 0x2, 0x8, 0x200, 0x10001, 0x3000000000000000, 0x7c7c, 0xf9, 0x6, 0x2, 0x7fffffff, 0x2, 0x2, 0x1, 0x3]}, &(0x7f00000000c0)=0x100) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000000)={0x0, 0xc97f}, 0x8) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000000040)) 21:33:15 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2273.916297] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2273.996707] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x0, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2274.435388] syz-executor.4 invoked oom-killer: gfp_mask=0x15200c2(GFP_HIGHUSER|__GFP_ACCOUNT), nodemask=(null), order=0, oom_score_adj=1000 [ 2274.555100] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 2274.612212] CPU: 1 PID: 11836 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0 [ 2274.620128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2274.629484] Call Trace: [ 2274.632114] dump_stack+0x1b2/0x283 [ 2274.635758] dump_header+0x178/0x7aa [ 2274.639482] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2274.644511] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2274.649627] ? ___ratelimit+0x2cd/0x522 [ 2274.653617] oom_kill_process.cold+0x10/0xc16 [ 2274.658135] ? lock_downgrade+0x6e0/0x6e0 [ 2274.662826] out_of_memory+0x2d5/0x10f0 [ 2274.666824] ? oom_killer_disable+0x1c0/0x1c0 [ 2274.671705] ? mutex_trylock+0x152/0x1a0 [ 2274.675781] __alloc_pages_nodemask+0x2556/0x2730 [ 2274.680642] ? finish_task_switch+0x14d/0x610 [ 2274.685168] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2274.690022] ? __might_fault+0x104/0x1b0 [ 2274.694115] alloc_pages_current+0xe7/0x1e0 [ 2274.698454] pipe_write+0x91e/0xe10 [ 2274.702100] __vfs_write+0x44e/0x630 [ 2274.705826] ? kernel_read+0x110/0x110 [ 2274.710360] ? selinux_file_permission+0x7a/0x440 [ 2274.715221] ? rw_verify_area+0xe1/0x290 [ 2274.719299] vfs_write+0x17f/0x4d0 [ 2274.722863] SyS_write+0xf2/0x210 [ 2274.726325] ? SyS_read+0x210/0x210 [ 2274.729990] ? SyS_clock_settime+0x1a0/0x1a0 [ 2274.734435] ? do_syscall_64+0x4c/0x640 [ 2274.738445] ? SyS_read+0x210/0x210 [ 2274.742088] do_syscall_64+0x1d5/0x640 [ 2274.746026] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2274.751222] RIP: 0033:0x45ca69 [ 2274.754410] RSP: 002b:00007fe17ee0dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2274.762122] RAX: ffffffffffffffda RBX: 000000000050a500 RCX: 000000000045ca69 [ 2274.769394] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000004 [ 2274.776706] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2274.783982] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2274.791369] R13: 0000000000000c5a R14: 00000000004ca33d R15: 00007fe17ee0e6d4 [ 2275.620505] Mem-Info: [ 2275.624528] active_anon:1232203 inactive_anon:6140 isolated_anon:0 [ 2275.624528] active_file:125 inactive_file:67 isolated_file:25 [ 2275.624528] unevictable:1839 dirty:54 writeback:0 unstable:0 [ 2275.624528] slab_reclaimable:18020 slab_unreclaimable:174659 [ 2275.624528] mapped:53969 shmem:7616 pagetables:43849 bounce:0 [ 2275.624528] free:25521 free_pcp:116 free_cma:0 [ 2275.662987] Node 0 active_anon:1681600kB inactive_anon:16136kB active_file:232kB inactive_file:176kB unevictable:1032kB isolated(anon):0kB isolated(file):76kB mapped:210064kB dirty:160kB writeback:0kB shmem:22040kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2275.696664] Node 1 active_anon:3247280kB inactive_anon:8424kB active_file:120kB inactive_file:44kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5684kB dirty:44kB writeback:0kB shmem:8424kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2275.751120] Node 0 DMA free:10392kB min:220kB low:272kB high:324kB active_anon:1388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2275.813048] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2275.821999] Node 0 DMA32 free:42348kB min:36296kB low:45368kB high:54440kB active_anon:1680212kB inactive_anon:16136kB active_file:232kB inactive_file:176kB unevictable:1032kB writepending:148kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15168kB pagetables:37728kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 2275.856026] lowmem_reserve[]: 0 0 0 0 0 [ 2275.860111] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2275.903100] lowmem_reserve[]: 0 0 0 0 0 [ 2275.907171] Node 1 Normal free:50468kB min:53592kB low:66988kB high:80384kB active_anon:3247280kB inactive_anon:8424kB active_file:16kB inactive_file:20kB unevictable:6324kB writepending:12kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59808kB pagetables:137596kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2276.284477] lowmem_reserve[]: 0 0 0 0 0 [ 2276.322585] Node 0 DMA: 38*4kB (UME) 68*8kB (UME) 24*16kB (UME) 10*32kB (UME) 5*64kB (M) 2*128kB (UM) 1*256kB (E) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10424kB [ 2276.380045] Node 0 DMA32: 2245*4kB (UME) 1047*8kB (UME) 378*16kB (UME) 112*32kB (UM) 204*64kB (UM) 17*128kB (UM) 2*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 42732kB [ 2276.396312] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2276.407534] Node 1 Normal: 2882*4kB (UME) 1630*8kB (UME) 431*16kB (MEH) 509*32kB (ME) 47*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 50760kB [ 2276.428391] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2276.447860] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2276.481615] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2276.518140] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2276.643741] 7948 total pagecache pages [ 2276.657595] 0 pages in swap cache [ 2276.661076] Swap cache stats: add 0, delete 0, find 0/0 [ 2276.666433] Free swap = 0kB [ 2276.807535] Total swap = 0kB [ 2276.810597] 1965979 pages RAM [ 2276.813697] 0 pages HighMem/MovableOnly [ 2276.937528] 338455 pages reserved [ 2276.941006] 0 pages cma reserved [ 2276.944372] Out of memory: Kill process 11392 (syz-executor.4) score 1007 or sacrifice child [ 2277.033646] Killed process 11392 (syz-executor.4) total-vm:75368kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2277.172582] syz-executor.4 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=1000 [ 2277.185942] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 2277.299103] CPU: 0 PID: 11789 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0 [ 2277.307136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2277.316494] Call Trace: [ 2277.319092] dump_stack+0x1b2/0x283 [ 2277.322741] dump_header+0x178/0x7aa [ 2277.326455] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2277.331476] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2277.336598] ? ___ratelimit+0x2cd/0x522 [ 2277.340557] oom_kill_process.cold+0x10/0xc16 [ 2277.345035] ? lock_downgrade+0x6e0/0x6e0 [ 2277.349164] out_of_memory+0x2d5/0x10f0 [ 2277.353469] ? oom_killer_disable+0x1c0/0x1c0 [ 2277.357943] ? mutex_trylock+0x152/0x1a0 [ 2277.361983] __alloc_pages_nodemask+0x2556/0x2730 [ 2277.366817] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2277.371713] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2277.376572] ? trace_hardirqs_on+0x10/0x10 [ 2277.380783] ? tipc_server_start+0x150/0x880 [ 2277.385207] ? do_syscall_64+0x1d5/0x640 [ 2277.389243] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2277.394593] ? mark_held_locks+0xa6/0xf0 [ 2277.398629] ? cache_grow_begin+0x3f/0x410 [ 2277.402851] cache_grow_begin+0x91/0x410 [ 2277.406890] fallback_alloc+0x205/0x2b0 [ 2277.410869] kmem_cache_alloc_node_trace+0xed/0x400 [ 2277.415907] __kmalloc_node+0x38/0x70 [ 2277.419683] setup_kmem_cache_node+0x105/0x3c0 [ 2277.424283] __do_tune_cpucache+0x151/0x200 [ 2277.428627] do_tune_cpucache+0x21/0xc0 [ 2277.432577] enable_cpucache+0x3a/0xd0 [ 2277.436439] __kmem_cache_create+0x19c/0x240 [ 2277.440826] create_cache+0xab/0x1b0 [ 2277.444516] kmem_cache_create+0x1b7/0x260 [ 2277.448792] tipc_server_start+0x150/0x880 [ 2277.453001] ? tipc_conn_terminate+0x40/0x40 [ 2277.457382] ? strscpy+0x8a/0x280 [ 2277.460810] ? kmem_cache_alloc_trace+0x389/0x3f0 [ 2277.465640] tipc_topsrv_init_net+0x53b/0x730 [ 2277.470110] ? tipc_subscrp_get+0x20/0x20 [ 2277.474249] ? tipc_subscrp_get+0x20/0x20 [ 2277.478383] ops_init+0xaa/0x3e0 [ 2277.481728] setup_net+0x22f/0x500 [ 2277.485241] ? ops_free_list.part.0+0x330/0x330 [ 2277.489908] copy_net_ns+0x19b/0x440 [ 2277.493608] create_new_namespaces+0x375/0x730 [ 2277.498165] copy_namespaces+0x27b/0x310 [ 2277.502200] copy_process.part.0+0x2616/0x6fa0 [ 2277.506757] ? trace_hardirqs_on+0x10/0x10 [ 2277.510966] ? trace_hardirqs_on+0x10/0x10 [ 2277.515179] ? __cleanup_sighand+0x40/0x40 [ 2277.519387] ? lock_downgrade+0x6e0/0x6e0 [ 2277.523523] _do_fork+0x180/0xc80 [ 2277.526950] ? put_timespec64+0xaa/0xf0 [ 2277.530897] ? fork_idle+0x270/0x270 [ 2277.534585] ? SyS_clock_gettime+0xf5/0x180 [ 2277.538881] ? SyS_clock_settime+0x1a0/0x1a0 [ 2277.543275] ? do_syscall_64+0x4c/0x640 [ 2277.547233] ? sys_vfork+0x20/0x20 [ 2277.550765] do_syscall_64+0x1d5/0x640 [ 2277.554628] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2277.559802] RIP: 0033:0x45ca69 [ 2277.562977] RSP: 002b:00007fe17ee0dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2277.570658] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 2277.577917] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000069005100 [ 2277.585164] RBP: 000000000078bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 2277.592421] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2277.599666] R13: 0000000000000076 R14: 00000000004c335e R15: 00007fe17ee0e6d4 [ 2277.609502] Mem-Info: [ 2277.611942] active_anon:1228139 inactive_anon:6140 isolated_anon:0 [ 2277.611942] active_file:24 inactive_file:70 isolated_file:0 [ 2277.611942] unevictable:1839 dirty:0 writeback:12 unstable:0 [ 2277.611942] slab_reclaimable:18020 slab_unreclaimable:174467 [ 2277.611942] mapped:53898 shmem:7616 pagetables:43849 bounce:0 [ 2277.611942] free:30046 free_pcp:4 free_cma:0 [ 2277.646382] Node 0 active_anon:1669576kB inactive_anon:16136kB active_file:92kB inactive_file:276kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210104kB dirty:0kB writeback:44kB shmem:22040kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2277.674902] Node 1 active_anon:3242980kB inactive_anon:8424kB active_file:4kB inactive_file:4kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5588kB dirty:0kB writeback:4kB shmem:8424kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2277.702376] Node 0 DMA free:10424kB min:220kB low:272kB high:324kB active_anon:1388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2277.729299] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2277.734459] Node 0 DMA32 free:54884kB min:36296kB low:45368kB high:54440kB active_anon:1668188kB inactive_anon:16136kB active_file:60kB inactive_file:288kB unevictable:1032kB writepending:32kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15040kB pagetables:37728kB bounce:0kB free_pcp:112kB local_pcp:0kB free_cma:0kB [ 2277.767446] lowmem_reserve[]: 0 0 0 0 0 [ 2277.771555] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2277.957439] lowmem_reserve[]: 0 0 0 0 0 [ 2277.961467] Node 1 Normal free:55312kB min:53592kB low:66988kB high:80384kB active_anon:3242920kB inactive_anon:8424kB active_file:4kB inactive_file:4kB unevictable:6324kB writepending:0kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59776kB pagetables:137484kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 21:33:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2278.074637] lowmem_reserve[]: 0 0 0 0 0 [ 2278.114586] Node 0 DMA: 38*4kB (UME) 68*8kB (UME) 24*16kB (UME) 10*32kB (UME) 5*64kB (M) 2*128kB (UM) 1*256kB (E) 2*512kB (UE) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10424kB [ 2278.134722] Node 0 DMA32: 1803*4kB (UME) 1196*8kB (UME) 425*16kB (UME) 382*32kB (UM) 223*64kB (UM) 17*128kB (UM) 2*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 52764kB [ 2278.150615] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2278.161373] Node 1 Normal: 3154*4kB (UME) 1861*8kB (UME) 528*16kB (MEH) 511*32kB (ME) 47*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 55312kB [ 2278.175785] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2278.184693] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2278.193327] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2278.202323] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2278.210943] 8146 total pagecache pages [ 2278.214832] 0 pages in swap cache [ 2278.218320] Swap cache stats: add 0, delete 0, find 0/0 [ 2278.223681] Free swap = 0kB [ 2278.226689] Total swap = 0kB [ 2278.332585] 1965979 pages RAM [ 2278.335722] 0 pages HighMem/MovableOnly [ 2278.397385] 338455 pages reserved [ 2278.400867] 0 pages cma reserved [ 2278.404236] Out of memory: Kill process 11821 (syz-executor.1) score 1007 or sacrifice child [ 2278.477806] Killed process 11858 (syz-executor.1) total-vm:75500kB, anon-rss:16584kB, file-rss:35828kB, shmem-rss:0kB [ 2278.718607] oom_reaper: reaped process 11858 (syz-executor.1), now anon-rss:0kB, file-rss:8kB, shmem-rss:0kB [ 2279.000670] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2279.026332] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:21 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:21 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x800) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1b, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r3) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:21 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$VIDIOC_DECODER_CMD(r5, 0xc0485660, &(0x7f00000000c0)={0x4, 0x2, @stop_pts=0x4}) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2279.367357] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2279.389125] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2279.467662] IPVS: ftp: loaded support on port[0] = 21 [ 2279.664748] IPVS: ftp: loaded support on port[0] = 21 21:33:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:21 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2279.887136] IPVS: ftp: loaded support on port[0] = 21 [ 2279.918081] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2280.048983] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:33:22 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2280.265418] kworker/u4:17 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 2280.280101] IPVS: ftp: loaded support on port[0] = 21 [ 2280.520044] IPVS: ftp: loaded support on port[0] = 21 [ 2280.779160] kworker/u4:17 cpuset=/ mems_allowed=0-1 [ 2280.784256] CPU: 1 PID: 6933 Comm: kworker/u4:17 Not tainted 4.14.182-syzkaller #0 [ 2280.791960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2280.801590] Workqueue: events_unbound call_usermodehelper_exec_work [ 2280.807991] Call Trace: [ 2280.810581] dump_stack+0x1b2/0x283 [ 2280.814190] dump_header+0x178/0x7aa [ 2280.817895] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2280.822898] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2280.827987] ? ___ratelimit+0x2cd/0x522 [ 2280.831950] oom_kill_process.cold+0x10/0xc16 [ 2280.836441] ? lock_downgrade+0x6e0/0x6e0 [ 2280.840566] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2280.845570] out_of_memory+0x2d5/0x10f0 [ 2280.849527] ? oom_killer_disable+0x1c0/0x1c0 [ 2280.854010] ? mutex_trylock+0x152/0x1a0 [ 2280.858053] __alloc_pages_nodemask+0x2556/0x2730 [ 2280.862882] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2280.867711] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2280.872703] ? kmem_cache_alloc_node+0x387/0x400 [ 2280.877462] copy_process.part.0+0x26a/0x6fa0 [ 2280.881945] ? __lock_acquire+0x655/0x42a0 [ 2280.886174] ? static_obj+0x50/0x50 [ 2280.889779] ? trace_hardirqs_on+0x10/0x10 [ 2280.893989] ? __lock_acquire+0x655/0x42a0 [ 2280.898204] ? umh_complete+0x80/0x80 [ 2280.901989] ? __cleanup_sighand+0x40/0x40 [ 2280.906215] ? umh_complete+0x80/0x80 [ 2280.909993] _do_fork+0x180/0xc80 [ 2280.913442] ? lock_downgrade+0x6e0/0x6e0 [ 2280.917576] ? fork_idle+0x270/0x270 [ 2280.921268] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2280.926347] ? debug_object_deactivate+0x1cc/0x350 [ 2280.931253] ? process_one_work+0x6ec/0x14c0 [ 2280.935649] ? umh_complete+0x80/0x80 [ 2280.939427] kernel_thread+0x2f/0x40 [ 2280.943118] call_usermodehelper_exec_work+0x193/0x210 [ 2280.948371] ? call_usermodehelper_exec_async+0x4c0/0x4c0 [ 2280.953885] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2280.959332] process_one_work+0x7c0/0x14c0 [ 2280.963561] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 2280.968205] ? worker_thread+0x163/0x1080 [ 2280.972354] ? _raw_spin_unlock_irq+0x24/0x90 [ 2280.976853] worker_thread+0x5d7/0x1080 [ 2280.987410] ? process_one_work+0x14c0/0x14c0 [ 2280.991881] kthread+0x30d/0x420 [ 2280.995236] ? kthread_create_on_node+0xd0/0xd0 [ 2280.999883] ret_from_fork+0x24/0x30 [ 2281.173320] Mem-Info: [ 2281.175919] active_anon:1232973 inactive_anon:6140 isolated_anon:0 [ 2281.175919] active_file:427 inactive_file:419 isolated_file:46 [ 2281.175919] unevictable:1839 dirty:45 writeback:0 unstable:0 [ 2281.175919] slab_reclaimable:18102 slab_unreclaimable:175032 [ 2281.175919] mapped:54590 shmem:7616 pagetables:43822 bounce:0 [ 2281.175919] free:23622 free_pcp:24 free_cma:0 [ 2281.221084] Node 0 active_anon:1688360kB inactive_anon:16148kB active_file:212kB inactive_file:220kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210256kB dirty:140kB writeback:0kB shmem:22052kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2281.342892] Node 1 active_anon:3243512kB inactive_anon:8412kB active_file:996kB inactive_file:948kB unevictable:6324kB isolated(anon):0kB isolated(file):192kB mapped:7244kB dirty:44kB writeback:4kB shmem:8412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2281.502049] Node 0 DMA free:10396kB min:220kB low:272kB high:324kB active_anon:1388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2281.720698] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2281.725831] Node 0 DMA32 free:28612kB min:36296kB low:45368kB high:54440kB active_anon:1687032kB inactive_anon:16148kB active_file:148kB inactive_file:88kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15296kB pagetables:37664kB bounce:0kB free_pcp:96kB local_pcp:44kB free_cma:0kB [ 2281.835180] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2281.845976] lowmem_reserve[]: 0 0 0 0 0 [ 2281.857597] IPVS: ftp: loaded support on port[0] = 21 [ 2281.860257] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2281.889778] lowmem_reserve[]: 0 0 0 0 0 [ 2281.894884] Node 1 Normal free:57832kB min:53592kB low:66988kB high:80384kB active_anon:3243640kB inactive_anon:8412kB active_file:332kB inactive_file:400kB unevictable:6324kB writepending:160kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59808kB pagetables:137552kB bounce:0kB free_pcp:728kB local_pcp:596kB free_cma:0kB [ 2282.062275] lowmem_reserve[]: 0 0 0 0 0 [ 2282.169637] Node 0 DMA: 31*4kB (MEH) 66*8kB (UMEH) 23*16kB (UMEH) 11*32kB (UME) 5*64kB (M) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10396kB [ 2282.253764] Node 0 DMA32: 393*4kB (UME) 457*8kB (UME) 31*16kB (ME) 138*32kB (UM) 223*64kB (UM) 17*128kB (UM) 2*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27100kB [ 2282.377527] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2282.563387] Node 1 Normal: 628*4kB (UME) 2068*8kB (UME) 616*16kB (UME) 517*32kB (UM) 6*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45840kB [ 2282.739346] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2282.772401] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2282.823511] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2282.881310] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2283.013086] 8892 total pagecache pages [ 2283.087619] 0 pages in swap cache [ 2283.105530] Swap cache stats: add 0, delete 0, find 0/0 [ 2283.169806] Free swap = 0kB [ 2283.173297] Total swap = 0kB [ 2283.176317] 1965979 pages RAM [ 2283.217452] 0 pages HighMem/MovableOnly [ 2283.221587] 338455 pages reserved [ 2283.225184] 0 pages cma reserved [ 2283.297541] Out of memory: Kill process 11957 (syz-executor.1) score 1007 or sacrifice child [ 2283.306232] Killed process 11957 (syz-executor.1) total-vm:75500kB, anon-rss:16584kB, file-rss:35828kB, shmem-rss:0kB 21:33:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:25 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(0xffffffffffffffff) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2284.221217] oom_reaper: reaped process 11931 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2284.474501] syz-executor.2 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2284.498422] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 2284.507110] CPU: 0 PID: 10414 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 2284.515031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2284.532021] Call Trace: [ 2284.534620] dump_stack+0x1b2/0x283 [ 2284.538248] dump_header+0x178/0x7aa [ 2284.541958] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2284.546973] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2284.552076] ? ___ratelimit+0x2cd/0x522 [ 2284.556051] oom_kill_process.cold+0x10/0xc16 [ 2284.560545] ? lock_downgrade+0x6e0/0x6e0 [ 2284.564706] out_of_memory+0x2d5/0x10f0 [ 2284.568694] ? oom_killer_disable+0x1c0/0x1c0 [ 2284.573187] ? mutex_trylock+0x152/0x1a0 [ 2284.577249] __alloc_pages_nodemask+0x2556/0x2730 [ 2284.582109] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2284.586953] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2284.591798] ? trace_hardirqs_on+0x10/0x10 [ 2284.596051] ? avc_has_extended_perms+0xbe0/0xbe0 [ 2284.600896] ? cache_grow_begin+0x3f/0x410 [ 2284.605130] cache_grow_begin+0x91/0x410 [ 2284.609193] fallback_alloc+0x205/0x2b0 [ 2284.613168] kmem_cache_alloc+0x1e5/0x3c0 [ 2284.617319] getname_flags+0xc8/0x550 [ 2284.621124] user_path_mountpoint_at+0x23/0x40 [ 2284.625711] SyS_umount+0x11b/0xc00 [ 2284.629340] ? lock_downgrade+0x6e0/0x6e0 [ 2284.634362] ? __detach_mounts+0x2e0/0x2e0 [ 2284.638595] ? up_read+0x17/0x30 [ 2284.641961] ? __do_page_fault+0x19a/0xb50 [ 2284.646202] ? do_syscall_64+0x4c/0x640 [ 2284.650185] ? __detach_mounts+0x2e0/0x2e0 [ 2284.654430] do_syscall_64+0x1d5/0x640 [ 2284.658334] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2284.663524] RIP: 0033:0x45f497 [ 2284.666713] RSP: 002b:00007ffd227aa7b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2284.674431] RAX: ffffffffffffffda RBX: 000000000022d9a6 RCX: 000000000045f497 [ 2284.681793] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd227ab8f0 [ 2284.689241] RBP: 0000000000000084 R08: 0000000000000001 R09: 000000000176e940 [ 2284.696607] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd227ab8f0 [ 2284.703873] R13: 00007ffd227ab8e0 R14: 0000000000000000 R15: 00007ffd227ab8f0 [ 2284.742746] Mem-Info: [ 2284.761647] active_anon:1233636 inactive_anon:6140 isolated_anon:0 [ 2284.761647] active_file:28 inactive_file:31 isolated_file:0 [ 2284.761647] unevictable:1839 dirty:32 writeback:0 unstable:0 [ 2284.761647] slab_reclaimable:18098 slab_unreclaimable:174558 [ 2284.761647] mapped:53899 shmem:7616 pagetables:43797 bounce:0 [ 2284.761647] free:24517 free_pcp:59 free_cma:0 [ 2285.094296] Node 0 active_anon:1681108kB inactive_anon:16148kB active_file:188kB inactive_file:52kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209936kB dirty:116kB writeback:0kB shmem:22052kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2285.383174] Node 1 active_anon:3253436kB inactive_anon:8412kB active_file:16kB inactive_file:8kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5656kB dirty:8kB writeback:0kB shmem:8412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2285.625504] Node 0 DMA free:10408kB min:220kB low:272kB high:324kB active_anon:1404kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:76kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2285.860287] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2285.873565] Node 0 DMA32 free:35200kB min:36296kB low:45368kB high:54440kB active_anon:1679704kB inactive_anon:16148kB active_file:100kB inactive_file:60kB unevictable:1032kB writepending:116kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15264kB pagetables:37756kB bounce:0kB free_pcp:184kB local_pcp:108kB free_cma:0kB [ 2285.932667] lowmem_reserve[]: 0 0 0 0 0 [ 2285.936940] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2285.988537] lowmem_reserve[]: 0 0 0 0 0 [ 2285.998421] Node 1 Normal free:54292kB min:53592kB low:66988kB high:80384kB active_anon:3253436kB inactive_anon:8412kB active_file:12kB inactive_file:12kB unevictable:6324kB writepending:4kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59680kB pagetables:137356kB bounce:0kB free_pcp:244kB local_pcp:236kB free_cma:0kB [ 2286.199133] lowmem_reserve[]: 0 0 0 0 0 [ 2286.213990] Node 0 DMA: 28*4kB (UMEH) 65*8kB (UMEH) 23*16kB (UMEH) 10*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10408kB [ 2286.344003] Node 0 DMA32: 711*4kB (UME) 560*8kB (UME) 239*16kB (ME) 221*32kB (UM) 221*64kB (M) 17*128kB (UM) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 34796kB [ 2286.425168] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2286.470729] Node 1 Normal: 359*4kB (UME) 3187*8kB (UME) 655*16kB (UME) 526*32kB (UM) 6*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 54628kB [ 2286.520023] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2286.533948] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2286.626666] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2286.635538] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2286.666648] 7994 total pagecache pages [ 2286.670576] 0 pages in swap cache [ 2286.674027] Swap cache stats: add 0, delete 0, find 0/0 [ 2286.683483] Free swap = 0kB [ 2286.693660] Total swap = 0kB [ 2286.697294] 1965979 pages RAM [ 2286.701382] 0 pages HighMem/MovableOnly [ 2286.705351] 338455 pages reserved [ 2286.726636] 0 pages cma reserved [ 2286.730058] Out of memory: Kill process 12060 (syz-executor.1) score 1007 or sacrifice child [ 2286.753413] Killed process 12079 (syz-executor.1) total-vm:75500kB, anon-rss:16584kB, file-rss:35828kB, shmem-rss:0kB 21:33:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2287.076701] oom_reaper: reaped process 12079 (syz-executor.1), now anon-rss:0kB, file-rss:8kB, shmem-rss:0kB 21:33:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:29 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(0xffffffffffffffff) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2290.216500] systemd-udevd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2290.286367] systemd-udevd cpuset=/ mems_allowed=0-1 [ 2290.291440] CPU: 1 PID: 12097 Comm: systemd-udevd Not tainted 4.14.182-syzkaller #0 [ 2290.299237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2290.308591] Call Trace: [ 2290.311189] dump_stack+0x1b2/0x283 [ 2290.314829] dump_header+0x178/0x7aa [ 2290.318549] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2290.323575] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2290.328773] ? ___ratelimit+0x2cd/0x522 [ 2290.332757] oom_kill_process.cold+0x10/0xc16 [ 2290.337261] ? lock_downgrade+0x6e0/0x6e0 [ 2290.341417] out_of_memory+0x2d5/0x10f0 [ 2290.345398] ? oom_killer_disable+0x1c0/0x1c0 [ 2290.349892] ? mutex_trylock+0x152/0x1a0 [ 2290.353957] __alloc_pages_nodemask+0x2556/0x2730 [ 2290.358903] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2290.364092] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2290.368938] ? trace_hardirqs_on+0x10/0x10 [ 2290.373185] ? cache_grow_begin+0x3f/0x410 [ 2290.377511] cache_grow_begin+0x91/0x410 [ 2290.381578] fallback_alloc+0x205/0x2b0 [ 2290.385559] kmem_cache_alloc+0x1e5/0x3c0 [ 2290.389710] getname_flags+0xc8/0x550 [ 2290.393510] user_path_at_empty+0x2a/0x50 [ 2290.397692] SyS_readlinkat+0xa8/0x270 [ 2290.401580] ? SyS_newfstat+0xd0/0xd0 [ 2290.405378] ? do_syscall_64+0x4c/0x640 [ 2290.409346] ? SyS_newfstat+0xd0/0xd0 [ 2290.413144] do_syscall_64+0x1d5/0x640 [ 2290.417035] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2290.422219] RIP: 0033:0x7faa403b10ba [ 2290.426386] RSP: 002b:00007ffeed209d18 EFLAGS: 00000202 ORIG_RAX: 000000000000010b [ 2290.434091] RAX: ffffffffffffffda RBX: 0000560143120710 RCX: 00007faa403b10ba [ 2290.441361] RDX: 0000560143120710 RSI: 000056014312c690 RDI: 00000000ffffff9c [ 2290.448627] RBP: 0000000000000064 R08: 0000560141c05670 R09: 0000000000000070 [ 2290.455895] R10: 0000000000000063 R11: 0000000000000202 R12: 000056014312c690 [ 2290.463162] R13: 00000000ffffff9c R14: 00007ffeed209d70 R15: 0000000000000063 [ 2290.634385] Mem-Info: [ 2290.646346] active_anon:1236921 inactive_anon:6138 isolated_anon:0 [ 2290.646346] active_file:42 inactive_file:76 isolated_file:15 [ 2290.646346] unevictable:1839 dirty:31 writeback:25 unstable:0 [ 2290.646346] slab_reclaimable:18096 slab_unreclaimable:173032 [ 2290.646346] mapped:53974 shmem:7616 pagetables:43832 bounce:0 [ 2290.646346] free:22533 free_pcp:17 free_cma:0 [ 2290.709823] Node 0 active_anon:1687800kB inactive_anon:16140kB active_file:36kB inactive_file:84kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210084kB dirty:24kB writeback:0kB shmem:22052kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2290.750233] Node 1 active_anon:3259884kB inactive_anon:8412kB active_file:132kB inactive_file:0kB unevictable:6324kB isolated(anon):0kB isolated(file):60kB mapped:5812kB dirty:100kB writeback:0kB shmem:8412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2290.777959] Node 0 DMA free:10428kB min:220kB low:272kB high:324kB active_anon:1388kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2290.804924] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2290.810062] Node 0 DMA32 free:36168kB min:36296kB low:45368kB high:54440kB active_anon:1677788kB inactive_anon:16140kB active_file:44kB inactive_file:40kB unevictable:1032kB writepending:44kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15200kB pagetables:37736kB bounce:0kB free_pcp:704kB local_pcp:64kB free_cma:0kB [ 2290.840029] lowmem_reserve[]: 0 0 0 0 0 [ 2290.844029] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2290.896580] lowmem_reserve[]: 0 0 0 0 0 [ 2290.900592] Node 1 Normal free:59192kB min:53592kB low:66988kB high:80384kB active_anon:3252168kB inactive_anon:8412kB active_file:148kB inactive_file:236kB unevictable:6324kB writepending:52kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59680kB pagetables:137432kB bounce:0kB free_pcp:944kB local_pcp:356kB free_cma:0kB [ 2291.015990] lowmem_reserve[]: 0 0 0 0 0 [ 2291.051373] Node 0 DMA: 31*4kB (MEH) 66*8kB (UMEH) 23*16kB (UMEH) 10*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10428kB [ 2291.131207] Node 0 DMA32: 401*4kB (UE) 230*8kB (UME) 167*16kB (UME) 222*32kB (UM) 220*64kB (UM) 15*128kB (UM) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29476kB [ 2291.165174] IPVS: ftp: loaded support on port[0] = 21 [ 2291.388092] IPVS: ftp: loaded support on port[0] = 21 [ 2291.610105] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2291.706325] Node 1 Normal: 191*4kB (UME) 1490*8kB (UMEH) 955*16kB (UMEH) 524*32kB (UMH) 7*64kB (UMH) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 45180kB [ 2292.195248] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2292.254391] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2292.444071] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2292.566114] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2292.574805] 8032 total pagecache pages [ 2292.692214] 0 pages in swap cache [ 2292.695807] Swap cache stats: add 0, delete 0, find 0/0 [ 2292.719062] Free swap = 0kB [ 2292.722869] Total swap = 0kB [ 2292.726376] 1965979 pages RAM [ 2292.730049] 0 pages HighMem/MovableOnly [ 2292.735502] 338455 pages reserved [ 2292.756397] 0 pages cma reserved [ 2292.774956] Out of memory: Kill process 11449 (syz-executor.4) score 1007 or sacrifice child [ 2292.866403] Killed process 11449 (syz-executor.4) total-vm:75368kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB 21:33:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(0xffffffffffffffff) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:35 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe, 0xffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x33}}}, 0x6, 0x1}, &(0x7f0000000000)=0x90) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f00000000c0)={r4, 0x18, 0x0, 0x2ead, 0x3}, &(0x7f0000000100)=0x18) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0x7f, 0x0, 0x48, 0x14a0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000180), 0x6}, 0x0, 0x4, 0x3, 0x0, 0xb}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:33:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2294.738521] syz-executor.3 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=1000 [ 2294.805961] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 2294.815632] CPU: 0 PID: 12202 Comm: syz-executor.3 Not tainted 4.14.182-syzkaller #0 [ 2294.823533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2294.832886] Call Trace: [ 2294.835482] dump_stack+0x1b2/0x283 [ 2294.839173] dump_header+0x178/0x7aa [ 2294.843584] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2294.848602] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2294.853706] ? ___ratelimit+0x2cd/0x522 [ 2294.857686] oom_kill_process.cold+0x10/0xc16 [ 2294.862187] ? lock_downgrade+0x6e0/0x6e0 [ 2294.866348] out_of_memory+0x2d5/0x10f0 [ 2294.870332] ? oom_killer_disable+0x1c0/0x1c0 [ 2294.874831] ? mutex_trylock+0x152/0x1a0 [ 2294.878933] __alloc_pages_nodemask+0x2556/0x2730 [ 2294.883792] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2294.898275] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2294.903128] ? trace_hardirqs_on+0x10/0x10 [ 2294.907381] ? cache_grow_begin+0x3f/0x410 [ 2294.911617] cache_grow_begin+0x91/0x410 [ 2294.915677] fallback_alloc+0x205/0x2b0 [ 2294.919653] kmem_cache_alloc_node+0xe3/0x400 [ 2294.924150] copy_process.part.0+0x17d5/0x6fa0 [ 2294.928734] ? trace_hardirqs_on+0x10/0x10 [ 2294.932965] ? trace_hardirqs_on+0x10/0x10 [ 2294.937201] ? lock_downgrade+0x6e0/0x6e0 [ 2294.941357] ? futex_exit_release+0x60/0x60 [ 2294.945675] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 2294.950866] ? __cleanup_sighand+0x40/0x40 [ 2294.955093] ? lock_downgrade+0x6e0/0x6e0 [ 2294.959242] _do_fork+0x180/0xc80 [ 2294.963141] ? put_timespec64+0xaa/0xf0 [ 2294.967112] ? fork_idle+0x270/0x270 [ 2294.970825] ? SyS_clock_gettime+0xf5/0x180 [ 2294.975173] ? SyS_clock_settime+0x1a0/0x1a0 [ 2294.979577] ? do_syscall_64+0x4c/0x640 [ 2294.983546] ? sys_vfork+0x20/0x20 [ 2294.987082] do_syscall_64+0x1d5/0x640 [ 2294.990971] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2294.996161] RIP: 0033:0x45ca69 [ 2294.999349] RSP: 002b:00007fd92e4c5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2295.007064] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 2295.014335] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000069005100 [ 2295.021603] RBP: 000000000078bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 2295.028874] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2295.036137] R13: 0000000000000076 R14: 00000000004c335e R15: 00007fd92e4c66d4 [ 2295.131609] Mem-Info: [ 2295.173364] active_anon:1239663 inactive_anon:6140 isolated_anon:0 [ 2295.173364] active_file:93 inactive_file:68 isolated_file:0 [ 2295.173364] unevictable:1839 dirty:43 writeback:1 unstable:0 [ 2295.173364] slab_reclaimable:18115 slab_unreclaimable:171895 [ 2295.173364] mapped:54004 shmem:7616 pagetables:43838 bounce:0 [ 2295.173364] free:20895 free_pcp:31 free_cma:0 [ 2295.485345] Node 0 active_anon:1684348kB inactive_anon:16148kB active_file:92kB inactive_file:76kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210060kB dirty:144kB writeback:0kB shmem:22052kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2295.810042] Node 1 active_anon:3274304kB inactive_anon:8412kB active_file:76kB inactive_file:108kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5856kB dirty:28kB writeback:4kB shmem:8412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2295.923573] Node 0 DMA free:10380kB min:220kB low:272kB high:324kB active_anon:1428kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2296.003519] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2296.008632] Node 0 DMA32 free:30764kB min:36296kB low:45368kB high:54440kB active_anon:1682920kB inactive_anon:16148kB active_file:88kB inactive_file:0kB unevictable:1032kB writepending:144kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15360kB pagetables:37652kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2296.047598] lowmem_reserve[]: 0 0 0 0 0 [ 2296.051797] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2296.093531] lowmem_reserve[]: 0 0 0 0 0 [ 2296.104602] Node 1 Normal free:43228kB min:53592kB low:66988kB high:80384kB active_anon:3274304kB inactive_anon:8412kB active_file:76kB inactive_file:92kB unevictable:6324kB writepending:32kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59680kB pagetables:137628kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2296.149632] lowmem_reserve[]: 0 0 0 0 0 [ 2296.153743] Node 0 DMA: 21*4kB (MEH) 65*8kB (UMEH) 23*16kB (UMEH) 10*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10380kB [ 2296.177231] Node 0 DMA32: 1272*4kB (UME) 249*8kB (UME) 113*16kB (UME) 228*32kB (UME) 213*64kB (M) 8*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30840kB [ 2296.193288] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2296.204283] Node 1 Normal: 195*4kB (UME) 1066*8kB (UME) 1153*16kB (UME) 479*32kB (UM) 9*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 43660kB [ 2296.230698] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2296.240747] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2296.249542] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2296.264332] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2296.284957] 7985 total pagecache pages [ 2296.295300] 0 pages in swap cache [ 2296.308145] Swap cache stats: add 0, delete 0, find 0/0 [ 2296.321279] Free swap = 0kB [ 2296.328340] Total swap = 0kB [ 2296.334877] 1965979 pages RAM [ 2296.341508] 0 pages HighMem/MovableOnly [ 2296.361656] 338455 pages reserved [ 2296.368632] 0 pages cma reserved [ 2296.375398] Out of memory: Kill process 12181 (syz-executor.0) score 1007 or sacrifice child [ 2296.423441] Killed process 12204 (syz-executor.0) total-vm:75500kB, anon-rss:16588kB, file-rss:35756kB, shmem-rss:0kB [ 2296.551915] oom_reaper: reaped process 12204 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2296.830157] IPVS: ftp: loaded support on port[0] = 21 [ 2297.022896] kworker/u4:6 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2297.197837] kworker/u4:6 cpuset=/ mems_allowed=0-1 [ 2297.211190] CPU: 0 PID: 4293 Comm: kworker/u4:6 Not tainted 4.14.182-syzkaller #0 [ 2297.219712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2297.229075] Workqueue: events_unbound call_usermodehelper_exec_work [ 2297.235487] Call Trace: [ 2297.238079] dump_stack+0x1b2/0x283 [ 2297.241699] dump_header+0x178/0x7aa [ 2297.245391] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2297.250399] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2297.255489] ? ___ratelimit+0x2cd/0x522 [ 2297.259444] oom_kill_process.cold+0x10/0xc16 [ 2297.264028] ? lock_acquire+0x170/0x3f0 [ 2297.267979] ? lock_downgrade+0x6e0/0x6e0 [ 2297.272121] out_of_memory+0x2d5/0x10f0 [ 2297.276077] ? oom_killer_disable+0x1c0/0x1c0 [ 2297.280550] ? mutex_trylock+0x152/0x1a0 [ 2297.284594] __alloc_pages_nodemask+0x2556/0x2730 [ 2297.289424] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2297.294248] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2297.299067] ? trace_hardirqs_on+0x10/0x10 [ 2297.303284] ? mark_held_locks+0xa6/0xf0 [ 2297.307359] ? cache_grow_begin+0x3f/0x410 [ 2297.311573] cache_grow_begin+0x91/0x410 [ 2297.315615] fallback_alloc+0x205/0x2b0 [ 2297.319574] kmem_cache_alloc_node+0xe3/0x400 [ 2297.324052] copy_process.part.0+0x17d5/0x6fa0 [ 2297.328630] ? __lock_acquire+0x655/0x42a0 [ 2297.332842] ? __lock_acquire+0x655/0x42a0 [ 2297.337058] ? check_preemption_disabled+0x35/0x240 [ 2297.342065] ? cpuacct_charge+0x1ce/0x350 [ 2297.346298] ? umh_complete+0x80/0x80 [ 2297.350077] ? __cleanup_sighand+0x40/0x40 [ 2297.354297] ? update_curr+0x28d/0x670 [ 2297.358163] ? umh_complete+0x80/0x80 [ 2297.361945] _do_fork+0x180/0xc80 [ 2297.365378] ? fork_idle+0x270/0x270 [ 2297.369079] ? mark_held_locks+0xa6/0xf0 [ 2297.373132] ? _raw_spin_unlock_irq+0x24/0x90 [ 2297.377605] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2297.382617] ? _raw_spin_unlock_irq+0x5a/0x90 [ 2297.387103] ? kernel_sigaction+0x13b/0x200 [ 2297.391492] ? flush_sigqueue_mask.isra.0+0x340/0x340 [ 2297.396660] ? umh_complete+0x80/0x80 [ 2297.400449] kernel_thread+0x2f/0x40 [ 2297.404150] call_usermodehelper_exec_work+0x97/0x210 [ 2297.409319] ? call_usermodehelper_exec_async+0x4c0/0x4c0 [ 2297.414834] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2297.420261] process_one_work+0x7c0/0x14c0 [ 2297.424476] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 2297.429133] ? worker_thread+0x163/0x1080 [ 2297.433272] ? _raw_spin_unlock_irq+0x24/0x90 [ 2297.437758] worker_thread+0x5d7/0x1080 [ 2297.441730] ? process_one_work+0x14c0/0x14c0 [ 2297.446208] kthread+0x30d/0x420 [ 2297.449589] ? kthread_create_on_node+0xd0/0xd0 [ 2297.454236] ret_from_fork+0x24/0x30 21:33:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="400000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002000128009000100626f6e640000000010000280040008800874104e19000000"], 0x40}}, 0x0) write(r4, &(0x7f0000000380)="440512551248212eb8d277cf92ad50aac00f4cc01f1c7f211e56bf89a1b801c3921d91d7ab808904e4c75fcaafd442e525a0668cd86cd136fc43f25fe44e9739a71989080dbc3a1eb54429f4e58d819a3be56decab1b41dcfd625a5f96448c74f3ac0cb0fa170be1689f61ef1fe7311739411b90f77c4704f22aefcfa90471502373339c339802886dd0e5745cd0f0c0ef959a0a43fb8abb15d4ddfa43657256d23467af9b2282d1fb34a00aa1b013bb83a13a30ba576bb2001b42aee73738e9a9f955a257c0d4c62aad54446b2e6885022066471db2c11339dfa259b89d34a5ce7d4d7f1487831b0df173283ad03edcbb3e200cab654a7f8691db9cdd70810edd7407158abd4bbc7685d12aed69342d72efad2760490762c9a14ab7c78697fe7d363cc4bcbdd4a62760a76555985d4855d7cc5da0bb4cadc012cb212098919ec275199210abb978df799171c6ac93ca6c434b2f", 0x154) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x1, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8d44, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a}, 0x0, 0xd, 0xffffffffffffffff, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x100}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='vegas\x00', 0x6) 21:33:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000200)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x102, 0x8a95}, 0x0, 0xfff, 0x40, 0x5, 0x0, 0x0, 0x8cd6}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@int=0x7, 0x4) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x1f, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x7, 0xfffffff5}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2297.743397] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 21:33:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2298.784674] Mem-Info: [ 2298.787472] active_anon:1236256 inactive_anon:6139 isolated_anon:0 [ 2298.787472] active_file:33 inactive_file:52 isolated_file:7 [ 2298.787472] unevictable:1839 dirty:39 writeback:12 unstable:0 [ 2298.787472] slab_reclaimable:18133 slab_unreclaimable:171108 [ 2298.787472] mapped:53946 shmem:7616 pagetables:43901 bounce:0 [ 2298.787472] free:24814 free_pcp:71 free_cma:0 [ 2298.825716] Node 0 active_anon:1675060kB inactive_anon:16144kB active_file:164kB inactive_file:316kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209996kB dirty:56kB writeback:0kB shmem:22052kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2298.854937] Node 1 active_anon:3269964kB inactive_anon:8412kB active_file:124kB inactive_file:4kB unevictable:6324kB isolated(anon):0kB isolated(file):28kB mapped:5848kB dirty:92kB writeback:56kB shmem:8412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2298.885017] Node 0 DMA free:10380kB min:220kB low:272kB high:324kB active_anon:1428kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2299.050120] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2299.105569] Node 0 DMA32 free:36276kB min:36296kB low:45368kB high:54440kB active_anon:1673628kB inactive_anon:16144kB active_file:68kB inactive_file:48kB unevictable:1032kB writepending:44kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15520kB pagetables:37652kB bounce:0kB free_pcp:364kB local_pcp:232kB free_cma:0kB [ 2299.254627] lowmem_reserve[]: 0 0 0 0 0 [ 2299.260405] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2299.362877] lowmem_reserve[]: 0 0 0 0 0 [ 2299.366994] Node 1 Normal free:53100kB min:53592kB low:66988kB high:80384kB active_anon:3269872kB inactive_anon:8412kB active_file:76kB inactive_file:84kB unevictable:6324kB writepending:64kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59936kB pagetables:137804kB bounce:0kB free_pcp:8kB local_pcp:4kB free_cma:0kB [ 2299.407678] lowmem_reserve[]: 0 0 0 0 0 [ 2299.470462] Node 0 DMA: 21*4kB (MEH) 65*8kB (UMEH) 23*16kB (UMEH) 10*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10380kB [ 2299.531762] Node 0 DMA32: 2701*4kB (ME) 604*8kB (ME) 112*16kB (UME) 219*32kB (UME) 188*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36468kB [ 2299.548768] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2299.575494] Node 1 Normal: 522*4kB (UME) 1494*8kB (UME) 1469*16kB (UME) 453*32kB (UM) 20*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53320kB [ 2299.604646] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2299.621122] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2299.632331] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2299.643738] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2299.655029] 7933 total pagecache pages [ 2299.658992] 0 pages in swap cache [ 2299.662441] Swap cache stats: add 0, delete 0, find 0/0 [ 2299.673164] Free swap = 0kB [ 2299.680210] Total swap = 0kB [ 2299.683242] 1965979 pages RAM [ 2299.710497] 0 pages HighMem/MovableOnly [ 2299.714499] 338455 pages reserved [ 2299.747992] 0 pages cma reserved [ 2299.751384] Out of memory: Kill process 12186 (syz-executor.1) score 1007 or sacrifice child [ 2299.832502] oom_reaper: reaped process 12241 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2300.120078] syz-fuzzer invoked oom-killer: gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0, oom_score_adj=0 [ 2300.227559] syz-fuzzer cpuset=/ mems_allowed=0-1 [ 2300.232380] CPU: 1 PID: 24283 Comm: syz-fuzzer Not tainted 4.14.182-syzkaller #0 [ 2300.239911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2300.249357] Call Trace: [ 2300.251952] dump_stack+0x1b2/0x283 [ 2300.255586] dump_header+0x178/0x7aa [ 2300.259304] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2300.264336] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2300.269448] ? ___ratelimit+0x2cd/0x522 [ 2300.273453] oom_kill_process.cold+0x10/0xc16 [ 2300.277950] ? lock_downgrade+0x6e0/0x6e0 [ 2300.282104] out_of_memory+0x2d5/0x10f0 [ 2300.286080] ? oom_killer_disable+0x1c0/0x1c0 [ 2300.290575] ? mutex_trylock+0x152/0x1a0 [ 2300.294639] __alloc_pages_nodemask+0x2556/0x2730 [ 2300.299511] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2300.304357] ? trace_hardirqs_on+0x10/0x10 [ 2300.308589] ? find_get_entry+0x31b/0x660 [ 2300.312759] alloc_pages_current+0xe7/0x1e0 [ 2300.317085] __page_cache_alloc+0x243/0x3c0 [ 2300.321442] filemap_fault+0xd42/0x18f0 [ 2300.325449] ext4_filemap_fault+0x84/0xb0 [ 2300.329597] __do_fault+0xfa/0x380 [ 2300.333228] __handle_mm_fault+0x2055/0x3700 [ 2300.337641] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 2300.342406] handle_mm_fault+0x306/0x794 [ 2300.346477] __do_page_fault+0x578/0xb50 [ 2300.350543] ? mm_fault_error+0x2c0/0x2c0 [ 2300.354696] ? do_page_fault+0x60/0x4f2 [ 2300.358705] ? page_fault+0x2f/0x50 [ 2300.362328] page_fault+0x45/0x50 [ 2300.365781] RIP: 0000: (null) [ 2300.369655] RSP: b08d44:000000c00294d8b0 EFLAGS: c0001f55a8 [ 2301.696258] Mem-Info: [ 2301.771577] active_anon:1236200 inactive_anon:6139 isolated_anon:0 [ 2301.771577] active_file:19 inactive_file:30 isolated_file:0 [ 2301.771577] unevictable:1839 dirty:1 writeback:0 unstable:0 [ 2301.771577] slab_reclaimable:18133 slab_unreclaimable:171187 [ 2301.771577] mapped:53925 shmem:7616 pagetables:43866 bounce:0 [ 2301.771577] free:24960 free_pcp:70 free_cma:0 [ 2302.229278] Node 0 active_anon:1675036kB inactive_anon:16144kB active_file:72kB inactive_file:0kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209936kB dirty:4kB writeback:0kB shmem:22052kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2302.597776] Node 1 active_anon:3269764kB inactive_anon:8412kB active_file:48kB inactive_file:24kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5876kB dirty:0kB writeback:0kB shmem:8412kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2303.061269] Node 0 DMA free:10380kB min:220kB low:272kB high:324kB active_anon:1428kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2303.545160] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2303.550233] Node 0 DMA32 free:36256kB min:36296kB low:45368kB high:54440kB active_anon:1673608kB inactive_anon:16144kB active_file:56kB inactive_file:0kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15424kB pagetables:37604kB bounce:0kB free_pcp:220kB local_pcp:220kB free_cma:0kB [ 2304.177690] lowmem_reserve[]: 0 0 0 0 0 [ 2304.181730] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2304.600003] lowmem_reserve[]: 0 0 0 0 0 [ 2304.604043] Node 1 Normal free:54096kB min:53592kB low:66988kB high:80384kB active_anon:3269764kB inactive_anon:8412kB active_file:556kB inactive_file:28kB unevictable:6324kB writepending:0kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59776kB pagetables:137788kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2304.743377] lowmem_reserve[]: 0 0 0 0 0 [ 2304.750601] Node 0 DMA: 21*4kB (MEH) 65*8kB (UMEH) 23*16kB (UMEH) 10*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10380kB [ 2304.766882] Node 0 DMA32: 2728*4kB (ME) 609*8kB (ME) 110*16kB (ME) 210*32kB (ME) 184*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36040kB [ 2304.792489] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2304.925062] Node 1 Normal: 252*4kB (UME) 1617*8kB (UME) 1495*16kB (UME) 462*32kB (UM) 21*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 53992kB [ 2304.949659] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2304.975064] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2304.983785] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2305.061572] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2305.070531] 8017 total pagecache pages [ 2305.074457] 0 pages in swap cache [ 2305.082743] Swap cache stats: add 0, delete 0, find 0/0 [ 2305.088197] Free swap = 0kB [ 2305.091224] Total swap = 0kB [ 2305.094396] 1965979 pages RAM [ 2305.105715] 0 pages HighMem/MovableOnly [ 2305.109714] 338455 pages reserved [ 2305.113182] 0 pages cma reserved [ 2305.150042] Out of memory: Kill process 12249 (syz-executor.5) score 1007 or sacrifice child [ 2305.215167] Killed process 12263 (syz-executor.5) total-vm:75896kB, anon-rss:16608kB, file-rss:35820kB, shmem-rss:0kB [ 2305.329540] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2305.464365] oom_reaper: reaped process 12263 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 21:33:47 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:33:47 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:47 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) rt_tgsigqueueinfo(0xffffffffffffffff, r0, 0x10, &(0x7f0000000200)={0x3f, 0xff, 0x563}) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000080), &(0x7f0000000100)=0x8) sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:33:47 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, @perf_bp={&(0x7f0000000000), 0x2}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f00000000c0)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x25}}, @in6={0xa, 0x4e23, 0x7, @private2, 0x2}], 0x2c) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:33:48 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2307.129669] systemd-udevd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=-1000 [ 2307.239148] systemd-udevd cpuset=/ mems_allowed=0-1 [ 2307.255274] CPU: 0 PID: 3638 Comm: systemd-udevd Not tainted 4.14.182-syzkaller #0 [ 2307.263196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2307.272562] Call Trace: [ 2307.275166] dump_stack+0x1b2/0x283 [ 2307.278803] dump_header+0x178/0x7aa [ 2307.283321] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2307.288372] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2307.293494] ? ___ratelimit+0x2cd/0x522 [ 2307.297485] oom_kill_process.cold+0x10/0xc16 [ 2307.301995] ? lock_downgrade+0x6e0/0x6e0 [ 2307.306156] out_of_memory+0x2d5/0x10f0 [ 2307.310145] ? oom_killer_disable+0x1c0/0x1c0 [ 2307.314763] ? mutex_trylock+0x152/0x1a0 [ 2307.318839] __alloc_pages_nodemask+0x2556/0x2730 [ 2307.323710] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2307.328565] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2307.333452] ? trace_hardirqs_on+0x10/0x10 [ 2307.337707] ? putname+0xcd/0x110 [ 2307.341176] ? kmem_cache_free+0x23a/0x2b0 [ 2307.345428] ? cache_grow_begin+0x3f/0x410 [ 2307.349676] cache_grow_begin+0x91/0x410 [ 2307.353753] fallback_alloc+0x205/0x2b0 [ 2307.357748] kmem_cache_alloc+0x1e5/0x3c0 [ 2307.361912] getname_flags+0xc8/0x550 [ 2307.365742] user_path_at_empty+0x2a/0x50 [ 2307.369999] vfs_statx+0xd1/0x160 [ 2307.373468] ? vfs_statx_fd+0x90/0x90 [ 2307.377290] SyS_newstat+0x83/0xe0 [ 2307.380846] ? SyS_fstat+0xd0/0xd0 [ 2307.384398] ? __secure_computing+0xe5/0x3e0 [ 2307.388912] ? syscall_trace_enter+0x486/0xc20 [ 2307.393592] ? syscall_slow_exit_work+0x560/0x560 [ 2307.398458] ? do_syscall_64+0x4c/0x640 [ 2307.402446] ? SyS_fstat+0xd0/0xd0 [ 2307.406164] do_syscall_64+0x1d5/0x640 [ 2307.410071] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2307.415267] RIP: 0033:0x7faa403af295 [ 2307.419084] RSP: 002b:00007ffeed20ed48 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 2307.426801] RAX: ffffffffffffffda RBX: 0000560141c13ead RCX: 00007faa403af295 [ 2307.434770] RDX: 00007ffeed20ed50 RSI: 00007ffeed20ed50 RDI: 0000560141c13ead [ 2307.442055] RBP: 00007ffeed20ed50 R08: 00000000000000e2 R09: 0000000000000018 [ 2307.449344] R10: 0005a1ac222dab38 R11: 0000000000000246 R12: 000056014306eb30 [ 2307.456683] R13: 000056014306ea60 R14: 00007ffeed20ef00 R15: 000056014306ea78 [ 2307.604015] Mem-Info: [ 2307.642909] active_anon:1238343 inactive_anon:6139 isolated_anon:0 [ 2307.642909] active_file:121 inactive_file:156 isolated_file:26 [ 2307.642909] unevictable:1839 dirty:26 writeback:0 unstable:0 [ 2307.642909] slab_reclaimable:18114 slab_unreclaimable:170758 [ 2307.642909] mapped:54187 shmem:7616 pagetables:43975 bounce:0 [ 2307.642909] free:22687 free_pcp:237 free_cma:0 [ 2307.680361] Node 0 active_anon:1682852kB inactive_anon:16136kB active_file:104kB inactive_file:92kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210088kB dirty:8kB writeback:4kB shmem:22044kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 698368kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2307.786068] Node 1 active_anon:3270520kB inactive_anon:8420kB active_file:480kB inactive_file:532kB unevictable:6324kB isolated(anon):0kB isolated(file):104kB mapped:6660kB dirty:96kB writeback:0kB shmem:8420kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2307.818989] Node 0 DMA free:10380kB min:220kB low:272kB high:324kB active_anon:1428kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2307.847040] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2307.852575] Node 0 DMA32 free:27768kB min:36296kB low:45368kB high:54440kB active_anon:1681456kB inactive_anon:16136kB active_file:40kB inactive_file:40kB unevictable:1032kB writepending:24kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15680kB pagetables:37556kB bounce:0kB free_pcp:40kB local_pcp:8kB free_cma:0kB [ 2307.933299] lowmem_reserve[]: 0 0 0 0 0 [ 2307.941259] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2307.941275] lowmem_reserve[]: 0 0 0 0 0 [ 2307.941288] Node 1 Normal free:54164kB min:53592kB low:66988kB high:80384kB active_anon:3270548kB inactive_anon:8420kB active_file:336kB inactive_file:384kB unevictable:6324kB writepending:48kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60000kB pagetables:138276kB bounce:0kB free_pcp:52kB local_pcp:0kB free_cma:0kB [ 2307.941302] lowmem_reserve[]: 0 0 0 0 0 [ 2307.941314] Node 0 DMA: 21*4kB (MEH) 65*8kB (UMEH) 23*16kB (UMEH) 10*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10380kB [ 2307.941447] Node 0 DMA32: 693*4kB (UME) 660*8kB (UME) 114*16kB (UME) 211*32kB (UME) 175*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27828kB [ 2307.941613] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2307.941743] Node 1 Normal: 400*4kB (UME) 557*8kB (UME) 1293*16kB (UME) 738*32kB (UM) 51*64kB (UM) 4*128kB (UM) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 54392kB [ 2307.941938] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2307.941965] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2307.941971] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2307.941997] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2307.942001] 7990 total pagecache pages [ 2307.942035] 0 pages in swap cache [ 2307.942040] Swap cache stats: add 0, delete 0, find 0/0 [ 2307.942065] Free swap = 0kB [ 2307.942068] Total swap = 0kB [ 2307.942095] 1965979 pages RAM [ 2307.942099] 0 pages HighMem/MovableOnly [ 2307.942102] 338455 pages reserved [ 2308.150078] 0 pages cma reserved [ 2308.153851] Out of memory: Kill process 4691 (syz-executor.0) score 1007 or sacrifice child [ 2308.162850] Killed process 4691 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2308.401251] oom_reaper: reaped process 12334 (syz-executor.1), now anon-rss:0kB, file-rss:8kB, shmem-rss:0kB [ 2308.531602] syz-executor.3 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2308.645979] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 2308.667676] CPU: 1 PID: 12323 Comm: syz-executor.3 Not tainted 4.14.182-syzkaller #0 [ 2308.675708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2308.685248] Call Trace: [ 2308.687867] dump_stack+0x1b2/0x283 [ 2308.691649] dump_header+0x178/0x7aa [ 2308.695376] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2308.700409] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2308.706480] ? ___ratelimit+0x2cd/0x522 [ 2308.710474] oom_kill_process.cold+0x10/0xc16 [ 2308.714985] ? lock_acquire+0x170/0x3f0 [ 2308.718976] ? lock_downgrade+0x6e0/0x6e0 [ 2308.723150] out_of_memory+0x2d5/0x10f0 [ 2308.727237] ? oom_killer_disable+0x1c0/0x1c0 [ 2308.731832] ? mutex_trylock+0x152/0x1a0 [ 2308.735913] __alloc_pages_nodemask+0x2556/0x2730 [ 2308.740880] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2308.745749] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2308.750782] ? kmem_cache_alloc_node+0x387/0x400 [ 2308.755558] copy_process.part.0+0x26a/0x6fa0 [ 2308.760169] ? do_raw_spin_unlock+0x164/0x250 [ 2308.764861] ? _raw_spin_unlock+0x29/0x40 [ 2308.769115] ? do_anonymous_page+0x62d/0x17d0 [ 2308.773871] ? finish_fault+0x290/0x290 [ 2308.778297] ? trace_hardirqs_on+0x10/0x10 [ 2308.783386] ? __cleanup_sighand+0x40/0x40 [ 2308.788008] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 2308.792788] _do_fork+0x180/0xc80 [ 2308.796262] ? fork_idle+0x270/0x270 [ 2308.800271] ? up_read+0x17/0x30 [ 2308.803826] ? __do_page_fault+0x19a/0xb50 [ 2308.808077] ? do_syscall_64+0x4c/0x640 [ 2308.812277] ? sys_vfork+0x20/0x20 [ 2308.816136] do_syscall_64+0x1d5/0x640 [ 2308.820588] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2308.826005] RIP: 0033:0x45f439 [ 2308.829555] RSP: 002b:00007fff6a476818 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2308.838395] RAX: ffffffffffffffda RBX: 00007fd92e4e7700 RCX: 000000000045f439 [ 2308.845809] RDX: 00007fd92e4e79d0 RSI: 00007fd92e4e6db0 RDI: 00000000003d0f00 [ 2308.853263] RBP: 00007fff6a476a40 R08: 00007fd92e4e7700 R09: 00007fd92e4e7700 [ 2308.860722] R10: 00007fd92e4e79d0 R11: 0000000000000202 R12: 0000000000000000 [ 2308.868113] R13: 00007fff6a4768cf R14: 00007fd92e4e79c0 R15: 000000000078bf0c [ 2308.926067] Mem-Info: [ 2308.929335] active_anon:1233173 inactive_anon:6139 isolated_anon:0 [ 2308.929335] active_file:17 inactive_file:59 isolated_file:0 [ 2308.929335] unevictable:1839 dirty:0 writeback:0 unstable:0 [ 2308.929335] slab_reclaimable:18119 slab_unreclaimable:170759 [ 2308.929335] mapped:53949 shmem:7616 pagetables:43914 bounce:0 [ 2308.929335] free:28381 free_pcp:33 free_cma:0 [ 2308.999478] Node 0 active_anon:1664264kB inactive_anon:16136kB active_file:64kB inactive_file:0kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209964kB dirty:0kB writeback:0kB shmem:22044kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 684032kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2309.084812] Node 1 active_anon:3268428kB inactive_anon:8420kB active_file:104kB inactive_file:0kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:5832kB dirty:0kB writeback:0kB shmem:8420kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2309.354624] Node 0 DMA free:10380kB min:220kB low:272kB high:324kB active_anon:1428kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2309.655062] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2309.660322] Node 0 DMA32 free:45076kB min:36296kB low:45368kB high:54440kB active_anon:1662836kB inactive_anon:16136kB active_file:120kB inactive_file:308kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15392kB pagetables:37416kB bounce:0kB free_pcp:560kB local_pcp:300kB free_cma:0kB [ 2310.004568] lowmem_reserve[]: 0 0 0 0 0 [ 2310.008718] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2310.132811] lowmem_reserve[]: 0 0 0 0 0 [ 2310.141060] Node 1 Normal free:66260kB min:53592kB low:66988kB high:80384kB active_anon:3258232kB inactive_anon:8420kB active_file:36kB inactive_file:36kB unevictable:6324kB writepending:0kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59840kB pagetables:138064kB bounce:0kB free_pcp:732kB local_pcp:732kB free_cma:0kB [ 2310.223179] lowmem_reserve[]: 0 0 0 0 0 [ 2310.227778] Node 0 DMA: 21*4kB (MEH) 65*8kB (UMEH) 23*16kB (UMEH) 10*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10380kB [ 2310.252850] Node 0 DMA32: 2437*4kB (UME) 889*8kB (UME) 125*16kB (UME) 215*32kB (UME) 178*64kB (M) 1*128kB (U) 0*256kB 1*512kB (U) 1*1024kB (U) 4*2048kB (UM) 1*4096kB (M) = 51084kB [ 2310.274245] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2310.287914] Node 1 Normal: 529*4kB (UME) 854*8kB (UME) 1701*16kB (UME) 798*32kB (UM) 52*64kB (UM) 4*128kB (UM) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 65796kB [ 2310.404554] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2310.456981] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2310.507759] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2310.545526] IPVS: ftp: loaded support on port[0] = 21 [ 2310.588047] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2310.766914] IPVS: ftp: loaded support on port[0] = 21 [ 2310.944972] 10343 total pagecache pages [ 2310.949158] 0 pages in swap cache [ 2310.952780] Swap cache stats: add 0, delete 0, find 0/0 [ 2310.990329] IPVS: ftp: loaded support on port[0] = 21 [ 2311.177720] Free swap = 0kB [ 2311.180769] Total swap = 0kB [ 2311.183784] 1965979 pages RAM [ 2311.188021] 0 pages HighMem/MovableOnly [ 2311.191986] 338455 pages reserved [ 2311.195498] 0 pages cma reserved [ 2311.198856] Out of memory: Kill process 12326 (syz-executor.5) score 1007 or sacrifice child 21:33:52 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:33:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:00 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f00000000c0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x9}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) ioctl$TCGETS2(r3, 0x802c542a, &(0x7f0000000100)) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2318.516609] IPVS: ftp: loaded support on port[0] = 21 21:34:00 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000000)='cmdline\x00') ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f00000000c0)) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) fsetxattr$trusted_overlay_redirect(r6, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2318.750044] IPVS: ftp: loaded support on port[0] = 21 [ 2319.166624] kworker/u4:30 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 2319.181803] IPVS: ftp: loaded support on port[0] = 21 [ 2319.436056] kworker/u4:30 cpuset=/ mems_allowed=0-1 [ 2319.436308] IPVS: ftp: loaded support on port[0] = 21 [ 2319.448717] CPU: 0 PID: 12158 Comm: kworker/u4:30 Not tainted 4.14.182-syzkaller #0 [ 2319.456530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2319.465892] Workqueue: events_unbound call_usermodehelper_exec_work [ 2319.472276] Call Trace: [ 2319.474846] dump_stack+0x1b2/0x283 [ 2319.478463] dump_header+0x178/0x7aa [ 2319.482164] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2319.487155] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2319.492244] ? ___ratelimit+0x2cd/0x522 [ 2319.496195] oom_kill_process.cold+0x10/0xc16 [ 2319.500666] ? lock_downgrade+0x6e0/0x6e0 [ 2319.504809] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2319.509804] out_of_memory+0x2d5/0x10f0 [ 2319.513757] ? oom_killer_disable+0x1c0/0x1c0 [ 2319.518228] ? mutex_trylock+0x152/0x1a0 [ 2319.522266] __alloc_pages_nodemask+0x2556/0x2730 [ 2319.527105] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2319.531942] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2319.536935] ? kmem_cache_alloc_node+0x387/0x400 [ 2319.541667] copy_process.part.0+0x26a/0x6fa0 [ 2319.546140] ? __lock_acquire+0x655/0x42a0 [ 2319.550360] ? update_curr+0x28d/0x670 [ 2319.554228] ? static_obj+0x50/0x50 [ 2319.557828] ? trace_hardirqs_on+0x10/0x10 [ 2319.562037] ? __lock_acquire+0x655/0x42a0 [ 2319.566249] ? umh_complete+0x80/0x80 [ 2319.570025] ? __cleanup_sighand+0x40/0x40 [ 2319.574238] ? umh_complete+0x80/0x80 [ 2319.578014] _do_fork+0x180/0xc80 [ 2319.581455] ? lock_downgrade+0x6e0/0x6e0 [ 2319.585578] ? fork_idle+0x270/0x270 [ 2319.589268] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2319.594346] ? debug_object_deactivate+0x1cc/0x350 [ 2319.599250] ? process_one_work+0x6ec/0x14c0 [ 2319.603647] ? umh_complete+0x80/0x80 [ 2319.607441] kernel_thread+0x2f/0x40 [ 2319.611142] call_usermodehelper_exec_work+0x193/0x210 [ 2319.616413] ? call_usermodehelper_exec_async+0x4c0/0x4c0 [ 2319.621935] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2319.627364] process_one_work+0x7c0/0x14c0 [ 2319.631595] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 2319.636266] ? worker_thread+0x163/0x1080 [ 2319.640390] ? _raw_spin_unlock_irq+0x24/0x90 [ 2319.645838] worker_thread+0x5d7/0x1080 [ 2319.649795] ? process_one_work+0x14c0/0x14c0 [ 2319.654279] kthread+0x30d/0x420 [ 2319.657633] ? kthread_create_on_node+0xd0/0xd0 [ 2319.662276] ret_from_fork+0x24/0x30 [ 2319.915757] Mem-Info: [ 2319.919132] active_anon:1234562 inactive_anon:6140 isolated_anon:0 [ 2319.919132] active_file:94 inactive_file:85 isolated_file:2 [ 2319.919132] unevictable:1839 dirty:7 writeback:0 unstable:0 [ 2319.919132] slab_reclaimable:18135 slab_unreclaimable:172202 [ 2319.919132] mapped:54040 shmem:7616 pagetables:43936 bounce:0 [ 2319.919132] free:25563 free_pcp:61 free_cma:0 [ 2320.526324] Node 0 active_anon:1666032kB inactive_anon:16136kB active_file:92kB inactive_file:92kB unevictable:1032kB isolated(anon):0kB isolated(file):8kB mapped:210052kB dirty:12kB writeback:0kB shmem:22040kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 690176kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2320.702146] Node 1 active_anon:3272216kB inactive_anon:8424kB active_file:388kB inactive_file:328kB unevictable:6324kB isolated(anon):0kB isolated(file):100kB mapped:6508kB dirty:16kB writeback:0kB shmem:8424kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2320.843632] Node 0 DMA free:10392kB min:220kB low:272kB high:324kB active_anon:1428kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2321.168482] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2321.183553] Node 0 DMA32 free:35228kB min:36296kB low:45368kB high:54440kB active_anon:1664604kB inactive_anon:16136kB active_file:4kB inactive_file:20kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15648kB pagetables:37528kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2321.361725] lowmem_reserve[]: 0 0 0 0 0 [ 2321.552078] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2322.010191] lowmem_reserve[]: 0 0 0 0 0 [ 2322.173963] Node 1 Normal free:57216kB min:53592kB low:66988kB high:80384kB active_anon:3272256kB inactive_anon:8424kB active_file:284kB inactive_file:588kB unevictable:6324kB writepending:4kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59840kB pagetables:138144kB bounce:0kB free_pcp:1248kB local_pcp:536kB free_cma:0kB [ 2322.421684] lowmem_reserve[]: 0 0 0 0 0 [ 2322.430547] Node 0 DMA: 22*4kB (UMEH) 64*8kB (UMEH) 22*16kB (UMEH) 11*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10392kB [ 2322.542499] Node 0 DMA32: 2543*4kB (UMEH) 958*8kB (UME) 111*16kB (UME) 207*32kB (UME) 148*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 35708kB [ 2322.761419] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 21:34:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2322.853651] Node 1 Normal: 25*4kB (UME) 277*8kB (UME) 1627*16kB (UME) 888*32kB (UM) 93*64kB (UM) 11*128kB (UM) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 64380kB [ 2323.021758] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 21:34:05 executing program 3: prlimit64(0x0, 0x2, &(0x7f0000000280)={0x9, 0x8a}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) fsetxattr$security_evm(r2, &(0x7f0000000100)='security.evm\x00', &(0x7f0000000180)=ANY=[@ANYBLOB='_\x00\x00'], 0x3, 0x3) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x40000, 0x0) tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) bind$phonet(r3, &(0x7f00000000c0)={0x23, 0xf7, 0x40, 0x5}, 0x10) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x1, 0x3ff, 0x1000, 0xfffffffffffffffe, 0x80000000000, 0x0, 0x8}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:34:05 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9, 0x6}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r4, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0x8000000000000}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2323.208069] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 21:34:05 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() ustat(0x800, &(0x7f0000000100)) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f00000000c0)={0x7fffffff}, 0x4) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x2044, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0xb}}, 0x0, 0xd, 0xffffffffffffffff, 0x8) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2323.391424] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2323.530360] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 21:34:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2323.661318] 9902 total pagecache pages [ 2323.717620] 0 pages in swap cache 21:34:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2323.768322] IPVS: ftp: loaded support on port[0] = 21 [ 2323.779780] Swap cache stats: add 0, delete 0, find 0/0 21:34:05 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2323.833331] Free swap = 0kB [ 2323.841112] Total swap = 0kB [ 2323.859639] 1965979 pages RAM [ 2323.881217] 0 pages HighMem/MovableOnly [ 2323.898786] 338455 pages reserved [ 2323.924459] 0 pages cma reserved 21:34:06 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2324.031776] Out of memory: Kill process 4723 (syz-executor.0) score 1007 or sacrifice child [ 2324.064220] IPVS: ftp: loaded support on port[0] = 21 [ 2324.282277] Killed process 4723 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB 21:34:06 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f00000000c0)={0x0, 0x1, @raw_data=[0x513, 0x6, 0x3, 0x0, 0xff, 0x80, 0x4, 0xe956, 0x4, 0xc31d, 0xc93, 0x1, 0x2, 0x1, 0x9f0d, 0x4]}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:34:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(0xffffffffffffffff) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:06 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2325.204520] xt_cgroup: no path or classid specified 21:34:08 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:08 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000180)='SMC_PNETID\x00') sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x50, r1, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'erspan0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, 0x0, 0x0, 0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x205, 0x351083) ioctl$VIDIOC_TRY_ENCODER_CMD(r5, 0xc028564e, &(0x7f00000000c0)={0x2, 0x0, [0x9, 0x6, 0x8001, 0x80, 0xec0, 0xf7, 0x7526000, 0x7]}) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x250}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:34:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() tkill(r3, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(0xffffffffffffffff) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2326.318899] xt_cgroup: no path or classid specified 21:34:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2326.672200] syz-executor.5 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 2326.711895] syz-executor.5 cpuset=/ mems_allowed=0-1 [ 2326.728646] CPU: 1 PID: 12706 Comm: syz-executor.5 Not tainted 4.14.182-syzkaller #0 [ 2326.739513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2326.748870] Call Trace: [ 2326.751479] dump_stack+0x1b2/0x283 [ 2326.755126] dump_header+0x178/0x7aa [ 2326.758851] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2326.763880] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2326.769004] ? ___ratelimit+0x2cd/0x522 [ 2326.772994] oom_kill_process.cold+0x10/0xc16 [ 2326.777504] ? lock_downgrade+0x6e0/0x6e0 [ 2326.781669] out_of_memory+0x2d5/0x10f0 [ 2326.785654] ? oom_killer_disable+0x1c0/0x1c0 [ 2326.790158] ? mutex_trylock+0x152/0x1a0 [ 2326.794248] __alloc_pages_nodemask+0x2556/0x2730 [ 2326.799117] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2326.803981] ? check_preemption_disabled+0x35/0x240 [ 2326.809013] alloc_pages_current+0xe7/0x1e0 [ 2326.813348] pte_alloc_one+0x15/0x100 [ 2326.817250] do_huge_pmd_anonymous_page+0x529/0x1690 [ 2326.822369] ? prep_transhuge_page+0xa0/0xa0 [ 2326.826872] ? trace_hardirqs_on+0x10/0x10 [ 2326.831116] ? trace_hardirqs_on+0x10/0x10 [ 2326.835407] __handle_mm_fault+0x2153/0x3700 [ 2326.839829] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 2326.844606] handle_mm_fault+0x306/0x794 [ 2326.848718] __do_page_fault+0x578/0xb50 [ 2326.852824] ? mm_fault_error+0x2c0/0x2c0 [ 2326.857075] ? do_page_fault+0x60/0x4f2 [ 2326.861087] page_fault+0x25/0x50 [ 2326.864554] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 2326.870443] RSP: 0018:ffff8882015cfbe8 EFLAGS: 00010206 [ 2326.875810] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000000340 [ 2326.883088] RDX: 0000000000001000 RSI: 0000000020c00000 RDI: ffff888094c6ccc0 [ 2326.890364] RBP: 0000000020bff340 R08: ffffed101298da00 R09: 0000000000000000 [ 2326.897811] R10: ffffed101298d9ff R11: ffff888094c6cfff R12: ffff888094c6c000 [ 2326.905087] R13: 00007ffffffff000 R14: 0000000020c00340 R15: ffff8882015cfd48 [ 2326.913250] copyin+0x99/0xc0 [ 2326.916369] copy_page_from_iter+0x325/0x730 [ 2326.920792] pipe_write+0x250/0xe10 [ 2326.924445] __vfs_write+0x44e/0x630 [ 2326.928171] ? kernel_read+0x110/0x110 [ 2326.932073] ? selinux_file_permission+0x7a/0x440 [ 2326.936930] ? rw_verify_area+0xe1/0x290 [ 2326.940999] vfs_write+0x17f/0x4d0 [ 2326.944549] SyS_write+0xf2/0x210 [ 2326.948010] ? SyS_read+0x210/0x210 [ 2326.951651] ? SyS_clock_settime+0x1a0/0x1a0 [ 2326.956069] ? do_syscall_64+0x4c/0x640 [ 2326.960075] ? SyS_read+0x210/0x210 [ 2326.963821] do_syscall_64+0x1d5/0x640 [ 2326.967720] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2326.972913] RIP: 0033:0x45ca69 [ 2326.976186] RSP: 002b:00007fdca89afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2326.983901] RAX: ffffffffffffffda RBX: 000000000050a500 RCX: 000000000045ca69 [ 2326.991171] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000005 [ 2326.998452] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2327.005725] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2327.013000] R13: 0000000000000c5a R14: 00000000004ca33d R15: 00007fdca89b06d4 21:34:09 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(0xffffffffffffffff) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2327.629537] IPVS: ftp: loaded support on port[0] = 21 [ 2327.836207] IPVS: ftp: loaded support on port[0] = 21 [ 2327.851714] Mem-Info: [ 2327.855269] active_anon:1230713 inactive_anon:6140 isolated_anon:0 [ 2327.855269] active_file:131 inactive_file:154 isolated_file:0 [ 2327.855269] unevictable:1839 dirty:12 writeback:0 unstable:0 [ 2327.855269] slab_reclaimable:18124 slab_unreclaimable:172934 [ 2327.855269] mapped:54164 shmem:7616 pagetables:44050 bounce:0 [ 2327.855269] free:27945 free_pcp:200 free_cma:0 [ 2327.890832] Node 0 active_anon:1663824kB inactive_anon:16152kB active_file:852kB inactive_file:1344kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:211368kB dirty:16kB writeback:0kB shmem:22056kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 688128kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2327.924093] Node 1 active_anon:3259028kB inactive_anon:8408kB active_file:72kB inactive_file:68kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:6088kB dirty:32kB writeback:0kB shmem:8408kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2327.952416] Node 0 DMA free:10396kB min:220kB low:272kB high:324kB active_anon:1428kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2327.979682] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2327.985454] Node 0 DMA32 free:40892kB min:36296kB low:45368kB high:54440kB active_anon:1662496kB inactive_anon:16152kB active_file:1760kB inactive_file:2868kB unevictable:1032kB writepending:84kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16032kB pagetables:38008kB bounce:0kB free_pcp:680kB local_pcp:40kB free_cma:0kB [ 2328.046914] xt_cgroup: no path or classid specified [ 2328.293626] lowmem_reserve[]: 0 0 0 0 0 [ 2328.338230] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2328.461402] lowmem_reserve[]: 0 0 0 0 0 [ 2328.485015] Node 1 Normal free:53680kB min:53592kB low:66988kB high:80384kB active_anon:3259028kB inactive_anon:8408kB active_file:272kB inactive_file:1112kB unevictable:6324kB writepending:16kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59968kB pagetables:138120kB bounce:0kB free_pcp:668kB local_pcp:44kB free_cma:0kB [ 2328.760809] lowmem_reserve[]: 0 0 0 0 0 [ 2328.816986] Node 0 DMA: 23*4kB (UMEH) 64*8kB (UMEH) 22*16kB (UMEH) 11*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10396kB [ 2328.947810] Node 0 DMA32: 3585*4kB (UME) 1082*8kB (UME) 131*16kB (UME) 208*32kB (UME) 141*64kB (M) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 0*4096kB = 43844kB [ 2329.139134] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2329.215288] Node 1 Normal: 482*4kB (UME) 875*8kB (UMEH) 638*16kB (UME) 648*32kB (UM) 208*64kB (UM) 25*128kB (UM) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 56640kB [ 2329.284296] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2329.404347] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2329.489218] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2329.594338] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2329.690225] 8282 total pagecache pages [ 2329.735986] 0 pages in swap cache 21:34:10 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x100000000) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x4e23, 0x0, @mcast1, 0x8000}, @in={0x2, 0x4e22, @empty}, @in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e21, 0xde, @mcast1, 0x1}, @in={0x2, 0x4e22, @remote}, @in6={0xa, 0x4e21, 0x9c, @local, 0x80000001}], 0x84) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2329.775043] Swap cache stats: add 0, delete 0, find 0/0 [ 2329.837009] Free swap = 0kB 21:34:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2329.870595] Total swap = 0kB [ 2329.897195] 1965979 pages RAM [ 2329.921010] 0 pages HighMem/MovableOnly [ 2329.936561] 338455 pages reserved [ 2329.944251] 0 pages cma reserved [ 2329.951221] Out of memory: Kill process 5701 (syz-executor.0) score 1007 or sacrifice child [ 2329.960276] Killed process 5701 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2330.278886] xt_cgroup: no path or classid specified 21:34:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2330.873476] xt_HMARK: hash modulus can't be zero [ 2331.128654] IPVS: ftp: loaded support on port[0] = 21 [ 2331.331986] IPVS: ftp: loaded support on port[0] = 21 [ 2331.564694] IPVS: ftp: loaded support on port[0] = 21 21:34:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:13 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:13 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:13 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) sendto$phonet(0xffffffffffffffff, &(0x7f00000000c0)="6d682838218b792d158f27ede0bd7101", 0x10, 0x24004000, 0x0, 0x0) setsockopt$netrom_NETROM_T1(0xffffffffffffffff, 0x103, 0x1, &(0x7f0000000000)=0xb95, 0x4) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x4, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x7, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffc00, 0x1}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_sctp(0x2, 0x5, 0x84) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x44009, &(0x7f000000a000)) [ 2331.892832] xt_HMARK: hash modulus can't be zero 21:34:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:14 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) accept4$x25(0xffffffffffffffff, &(0x7f0000000500)={0x9, @remote}, &(0x7f00000000c0)=0x12, 0x80000) vmsplice(r2, &(0x7f0000000480)=[{&(0x7f0000000200)="cf391066ae68dc294d750da559d43269fdeb6e54ba25e0747a45c6fc536c7d9fbf58420b5f9e16849224966305defb13263ca9ffb9d3251523e473a035c24252bd9db975c89463be87a89c30f1cdd7683f8491320220300fc6b49cf27dee313e947bf92f7c4b1314bbfda34471d3a9fdc38534ea0097f8c9b5b33c280c", 0x7d}, {&(0x7f0000000100)="312bcf7407ff762a180ebf8ac3dd2a", 0xf}, {&(0x7f00000002c0)="fee681563cf91db3bf5a9a97f9a2989d706e34754d313a0cc51b7df4cfa8dc767f6c5bcfa869d8768ea7f3053bca993b50a83ca9c46d559228157faa0ddb5cbb8ae2a9576de4cfe10c93d8d4fb68590d19941d16f99692e295589ed9cbdee88ae4d3f51f1f1bc483157ba2b207", 0x6d}, {&(0x7f0000000380)="67b17a31f95aa18cbe127cac48eaebdf8d764a7cc4e3b537735edb7af5ee6184f77c7a1b7a1708251d6f175ae689e9a635efccef898a4a2e08bdf8b7c617eac53d18685a756835f5b621fd7dcfdfe21d", 0x50}, {&(0x7f0000000400)="08415317161f25b5c728e9a12e0a253d0d8474442c0b81f5ecfc8835b138abc203e981239189cbd75e7be25d0b6c249015d17e6c9f50497fa87c48c8e3126333e884ee5b9df2ac0e25293ccee9150957f436ad6a8e8025b075c14445fd0d448afc0f5be8640567f5798e59c879d5678a5b", 0x71}, {&(0x7f0000000180)="7ea629101c546f6c9a4d0e9295ba8768e968a594b1d277685ee6f40e0165d10e4d33bc0f2d43121360b1a3f0260f1f3b0138bb86f1de53645ac32e", 0x3b}], 0x6, 0xa) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() tkill(r3, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) write$P9_RSYMLINK(r2, &(0x7f0000000000)={0x14, 0x11, 0x1, {0x10, 0x0, 0x7}}, 0x14) [ 2332.752812] xt_cgroup: no path or classid specified [ 2333.426429] systemd-udevd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=-1000 [ 2333.542461] systemd-udevd cpuset=/ mems_allowed=0-1 [ 2333.547534] CPU: 1 PID: 3638 Comm: systemd-udevd Not tainted 4.14.182-syzkaller #0 [ 2333.555236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2333.564569] Call Trace: [ 2333.567140] dump_stack+0x1b2/0x283 [ 2333.570746] dump_header+0x178/0x7aa [ 2333.574441] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2333.579437] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2333.584518] ? ___ratelimit+0x2cd/0x522 [ 2333.588478] oom_kill_process.cold+0x10/0xc16 [ 2333.592965] ? lock_downgrade+0x6e0/0x6e0 [ 2333.597091] out_of_memory+0x2d5/0x10f0 [ 2333.601046] ? oom_killer_disable+0x1c0/0x1c0 [ 2333.605515] ? mutex_trylock+0x152/0x1a0 [ 2333.609565] __alloc_pages_nodemask+0x2556/0x2730 [ 2333.614407] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2333.619226] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2333.624225] ? trace_hardirqs_on+0x10/0x10 [ 2333.628441] ? cache_grow_begin+0x3f/0x410 [ 2333.632669] cache_grow_begin+0x91/0x410 [ 2333.636711] fallback_alloc+0x205/0x2b0 [ 2333.640671] kmem_cache_alloc+0x1e5/0x3c0 [ 2333.644799] getname_flags+0xc8/0x550 [ 2333.648593] user_path_at_empty+0x2a/0x50 [ 2333.652721] vfs_statx+0xd1/0x160 [ 2333.656153] ? vfs_statx_fd+0x90/0x90 [ 2333.659941] SyS_newlstat+0x83/0xe0 [ 2333.663548] ? SyS_newstat+0xe0/0xe0 [ 2333.667238] ? __secure_computing+0xe5/0x3e0 [ 2333.671637] ? syscall_trace_enter+0x486/0xc20 [ 2333.676198] ? syscall_slow_exit_work+0x560/0x560 [ 2333.681020] ? do_syscall_64+0x4c/0x640 [ 2333.684971] ? SyS_newstat+0xe0/0xe0 [ 2333.688660] do_syscall_64+0x1d5/0x640 [ 2333.692529] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2333.697704] RIP: 0033:0x7faa403af335 [ 2333.701390] RSP: 002b:00007ffeed20e7c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 2333.709159] RAX: ffffffffffffffda RBX: 0000560143134ff0 RCX: 00007faa403af335 [ 2333.716408] RDX: 00007ffeed20e800 RSI: 00007ffeed20e800 RDI: 0000560143133ff0 [ 2333.723673] RBP: 00007ffeed20e8c0 R08: 00007faa4066e1d8 R09: 0000000000001010 [ 2333.730920] R10: 0000000000000020 R11: 0000000000000246 R12: 0000560143133ff0 [ 2333.738167] R13: 0000560143134004 R14: 000056014311ff4d R15: 000056014311ff54 21:34:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:15 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2333.801407] xt_HMARK: hash modulus can't be zero 21:34:15 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x8000}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2334.142332] xt_HMARK: hash modulus can't be zero [ 2334.681271] Mem-Info: [ 2334.686930] active_anon:1231575 inactive_anon:6139 isolated_anon:0 [ 2334.686930] active_file:773 inactive_file:846 isolated_file:1 [ 2334.686930] unevictable:1839 dirty:43 writeback:1 unstable:0 [ 2334.686930] slab_reclaimable:18138 slab_unreclaimable:173406 [ 2334.686930] mapped:55391 shmem:7616 pagetables:44201 bounce:0 [ 2334.686930] free:25268 free_pcp:14 free_cma:0 [ 2334.985424] Node 0 active_anon:1658752kB inactive_anon:16128kB active_file:1616kB inactive_file:2104kB unevictable:1032kB isolated(anon):0kB isolated(file):128kB mapped:213192kB dirty:84kB writeback:0kB shmem:22032kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2335.138574] Node 1 active_anon:3267872kB inactive_anon:8428kB active_file:164kB inactive_file:288kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:6520kB dirty:12kB writeback:0kB shmem:8432kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2335.346627] Node 0 DMA free:10448kB min:220kB low:272kB high:324kB active_anon:1412kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2335.574347] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2335.614595] Node 0 DMA32 free:41504kB min:36296kB low:45368kB high:54440kB active_anon:1657340kB inactive_anon:16128kB active_file:384kB inactive_file:308kB unevictable:1032kB writepending:84kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16064kB pagetables:38136kB bounce:0kB free_pcp:24kB local_pcp:0kB free_cma:0kB [ 2335.854708] lowmem_reserve[]: 0 0 0 0 0 [ 2335.889463] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2336.121564] lowmem_reserve[]: 0 0 0 0 0 [ 2336.157434] Node 1 Normal free:55284kB min:53592kB low:66988kB high:80384kB active_anon:3267872kB inactive_anon:8428kB active_file:12kB inactive_file:8kB unevictable:6324kB writepending:12kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60000kB pagetables:138408kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2336.351222] lowmem_reserve[]: 0 0 0 0 0 [ 2336.452305] Node 0 DMA: 20*4kB (UMEH) 66*8kB (UMEH) 23*16kB (UMEH) 12*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10448kB [ 2336.595196] Node 0 DMA32: 909*4kB (UME) 1005*8kB (UME) 479*16kB (UME) 388*32kB (UME) 144*64kB (UM) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 41484kB [ 2336.738001] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2336.850171] Node 1 Normal: 341*4kB (UME) 411*8kB (UME) 629*16kB (ME) 631*32kB (UM) 271*64kB (UMH) 24*128kB (UMH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 55324kB [ 2337.014477] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2337.097081] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2337.162388] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2337.222174] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2337.231298] 8061 total pagecache pages [ 2337.342304] 0 pages in swap cache [ 2337.345781] Swap cache stats: add 0, delete 0, find 0/0 [ 2337.422219] Free swap = 0kB [ 2337.425263] Total swap = 0kB [ 2337.428280] 1965979 pages RAM [ 2337.431376] 0 pages HighMem/MovableOnly [ 2337.515367] 338455 pages reserved [ 2337.541874] 0 pages cma reserved [ 2337.574673] Out of memory: Kill process 12906 (syz-executor.1) score 1007 or sacrifice child [ 2337.736163] oom_reaper: reaped process 12949 (syz-executor.3), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2337.800767] systemd-udevd invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask= [ 2337.812303] IPVS: ftp: loaded support on port[0] = 21 [ 2337.831528] (null), order=1, oom_score_adj=-1000 [ 2337.837943] systemd-udevd cpuset=/ mems_allowed=0-1 [ 2337.845347] CPU: 0 PID: 3638 Comm: systemd-udevd Not tainted 4.14.182-syzkaller #0 [ 2337.853061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2337.862403] Call Trace: [ 2337.864990] dump_stack+0x1b2/0x283 [ 2337.868615] dump_header+0x178/0x7aa [ 2337.872321] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2337.877333] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2337.882429] ? ___ratelimit+0x2cd/0x522 [ 2337.886387] oom_kill_process.cold+0x10/0xc16 [ 2337.890863] ? lock_downgrade+0x6e0/0x6e0 [ 2337.894995] out_of_memory+0x2d5/0x10f0 [ 2337.898960] ? oom_killer_disable+0x1c0/0x1c0 [ 2337.903431] ? mutex_trylock+0x152/0x1a0 [ 2337.907470] __alloc_pages_nodemask+0x2556/0x2730 [ 2337.912309] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2337.917139] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2337.921958] ? trace_hardirqs_on+0x10/0x10 [ 2337.926189] ? cache_grow_begin+0x3f/0x410 [ 2337.930401] cache_grow_begin+0x91/0x410 [ 2337.934441] fallback_alloc+0x205/0x2b0 [ 2337.938408] kmem_cache_alloc+0x1e5/0x3c0 [ 2337.942537] getname_flags+0xc8/0x550 [ 2337.946323] user_path_at_empty+0x2a/0x50 [ 2337.950450] vfs_statx+0xd1/0x160 [ 2337.953903] ? vfs_statx_fd+0x90/0x90 [ 2337.957686] SyS_newlstat+0x83/0xe0 [ 2337.961287] ? SyS_newstat+0xe0/0xe0 [ 2337.964978] ? __secure_computing+0xe5/0x3e0 [ 2337.969378] ? syscall_trace_enter+0x486/0xc20 [ 2337.973937] ? syscall_slow_exit_work+0x560/0x560 [ 2337.978780] ? do_syscall_64+0x4c/0x640 [ 2337.982729] ? SyS_newstat+0xe0/0xe0 [ 2337.986420] do_syscall_64+0x1d5/0x640 [ 2337.990286] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2337.995470] RIP: 0033:0x7faa403af335 [ 2337.999166] RSP: 002b:00007ffeed20e7c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 2338.006851] RAX: ffffffffffffffda RBX: 0000560143134ff0 RCX: 00007faa403af335 [ 2338.014187] RDX: 00007ffeed20e800 RSI: 00007ffeed20e800 RDI: 0000560143133ff0 [ 2338.021433] RBP: 00007ffeed20e8c0 R08: 00007faa4066e1d8 R09: 0000000000001010 [ 2338.028679] R10: 0000000000000020 R11: 0000000000000246 R12: 0000560143133ff0 [ 2338.035935] R13: 0000560143134004 R14: 000056014311ff4d R15: 000056014311ff54 [ 2338.060724] Mem-Info: [ 2338.067075] active_anon:1231627 inactive_anon:6139 isolated_anon:0 [ 2338.067075] active_file:31 inactive_file:41 isolated_file:13 [ 2338.067075] unevictable:1839 dirty:7 writeback:7 unstable:0 [ 2338.067075] slab_reclaimable:18140 slab_unreclaimable:173249 [ 2338.067075] mapped:54031 shmem:7616 pagetables:44154 bounce:0 [ 2338.067075] free:26799 free_pcp:310 free_cma:0 [ 2338.105922] Node 0 active_anon:1658652kB inactive_anon:16128kB active_file:120kB inactive_file:356kB unevictable:1032kB isolated(anon):0kB isolated(file):52kB mapped:210008kB dirty:24kB writeback:24kB shmem:22032kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2338.139728] Node 1 active_anon:3267856kB inactive_anon:8428kB active_file:4kB inactive_file:8kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:6016kB dirty:4kB writeback:4kB shmem:8432kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2338.187049] Node 0 DMA free:10452kB min:220kB low:272kB high:324kB active_anon:1412kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2338.218908] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2338.224653] Node 0 DMA32 free:41084kB min:36296kB low:45368kB high:54440kB active_anon:1657240kB inactive_anon:16128kB active_file:120kB inactive_file:356kB unevictable:1032kB writepending:48kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:15936kB pagetables:38136kB bounce:0kB free_pcp:364kB local_pcp:236kB free_cma:0kB [ 2338.289363] IPVS: ftp: loaded support on port[0] = 21 [ 2338.412036] lowmem_reserve[]: 0 0 0 0 0 [ 2338.436381] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2338.492556] lowmem_reserve[]: 0 0 0 0 0 [ 2338.496580] Node 1 Normal free:56016kB min:53592kB low:66988kB high:80384kB active_anon:3267856kB inactive_anon:8428kB active_file:4kB inactive_file:8kB unevictable:6324kB writepending:8kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59968kB pagetables:138408kB bounce:0kB free_pcp:960kB local_pcp:304kB free_cma:0kB [ 2338.562039] lowmem_reserve[]: 0 0 0 0 0 [ 2338.566054] Node 0 DMA: 21*4kB (UMEH) 66*8kB (UMEH) 23*16kB (UMEH) 12*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10452kB [ 2338.617794] Node 0 DMA32: 505*4kB (UME) 930*8kB (UME) 485*16kB (UME) 390*32kB (UME) 144*64kB (UM) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 39300kB [ 2338.662056] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2338.691464] Node 1 Normal: 918*4kB (UMEH) 317*8kB (MEH) 622*16kB (UME) 635*32kB (UM) 268*64kB (MH) 18*128kB (UMH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 55936kB [ 2338.774172] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2338.842173] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2338.851058] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2338.892020] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2338.892025] 8367 total pagecache pages [ 2338.892032] 0 pages in swap cache [ 2338.892035] Swap cache stats: add 0, delete 0, find 0/0 [ 2338.892037] Free swap = 0kB [ 2338.892039] Total swap = 0kB [ 2338.892044] 1965979 pages RAM [ 2338.892047] 0 pages HighMem/MovableOnly [ 2338.892049] 338455 pages reserved [ 2338.892052] 0 pages cma reserved [ 2338.892058] Out of memory: Kill process 5740 (syz-executor.4) score 1007 or sacrifice child [ 2338.892091] Killed process 5740 (syz-executor.4) total-vm:75236kB, anon-rss:16564kB, file-rss:35756kB, shmem-rss:0kB 21:34:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:21 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:21 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f00000000c0)='\xc7\x1f\xfdbn\xd0\xee\xa6\x80N\xb1\xbb>\xb8i\xfc\xad7/\x99\x05Y\x9d\xcd\x9e\xae2\xd8`\xe9\xd2T6R\xd8\xaf\xa6Z\x8f\xd9\xb6\xfeB\x1b\xab\x9f~&-\xd2\x1c0@\xf0\x8d\x98\x06\xedT\x92Z8\x06\r\xf1\x9f,\x18\xa7\xf6\xc7\xda\xf0wb\x16h\x89\x87\xd3c\xd1\xaa\xaev\xedG\xc5\xbd\xc8G\xbc\x95\x1f\xd7\x11%c(\x97\xaaUG\x19\xf8)\xe7~\xa7h\xce\xbcQ') [ 2339.318811] IPVS: ftp: loaded support on port[0] = 21 [ 2339.377930] xt_HMARK: hash modulus can't be zero 21:34:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:21 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2339.948634] xt_HMARK: hash modulus can't be zero [ 2340.121205] IPVS: ftp: loaded support on port[0] = 21 [ 2341.067647] IPVS: ftp: loaded support on port[0] = 21 [ 2341.741228] kworker/u4:25 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 2341.862872] kworker/u4:25 cpuset=/ mems_allowed=0-1 [ 2341.868709] CPU: 0 PID: 8072 Comm: kworker/u4:25 Not tainted 4.14.182-syzkaller #0 [ 2341.876415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2341.885785] Workqueue: events_unbound call_usermodehelper_exec_work [ 2341.892165] Call Trace: [ 2341.894744] dump_stack+0x1b2/0x283 [ 2341.898352] dump_header+0x178/0x7aa [ 2341.902043] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2341.907034] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2341.912124] ? ___ratelimit+0x2cd/0x522 [ 2341.916077] oom_kill_process.cold+0x10/0xc16 [ 2341.920549] ? lock_downgrade+0x6e0/0x6e0 [ 2341.924675] out_of_memory+0x2d5/0x10f0 [ 2341.928632] ? oom_killer_disable+0x1c0/0x1c0 [ 2341.933105] ? mutex_trylock+0x152/0x1a0 [ 2341.937143] __alloc_pages_nodemask+0x2556/0x2730 [ 2341.941973] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 2341.947835] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2341.952660] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2341.957651] ? kmem_cache_alloc_node+0x387/0x400 [ 2341.962395] copy_process.part.0+0x26a/0x6fa0 [ 2341.966870] ? __lock_acquire+0x655/0x42a0 [ 2341.971082] ? __save_stack_trace+0x6b/0xd0 [ 2341.975820] ? static_obj+0x50/0x50 [ 2341.979427] ? umh_complete+0x80/0x80 [ 2341.983205] ? __cleanup_sighand+0x40/0x40 [ 2341.987414] ? free_object+0xe4/0x240 [ 2341.991191] ? umh_complete+0x80/0x80 [ 2341.994968] _do_fork+0x180/0xc80 [ 2341.998398] ? fork_idle+0x270/0x270 [ 2342.002088] ? lock_downgrade+0x6e0/0x6e0 [ 2342.006215] ? process_one_work+0x6ec/0x14c0 [ 2342.010616] ? umh_complete+0x80/0x80 [ 2342.014402] kernel_thread+0x2f/0x40 [ 2342.018093] call_usermodehelper_exec_work+0x193/0x210 [ 2342.023346] ? call_usermodehelper_exec_async+0x4c0/0x4c0 [ 2342.028862] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2342.034288] process_one_work+0x7c0/0x14c0 [ 2342.038511] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 2342.043171] ? worker_thread+0x163/0x1080 [ 2342.047419] ? _raw_spin_unlock_irq+0x24/0x90 [ 2342.051901] worker_thread+0x5d7/0x1080 [ 2342.055864] ? process_one_work+0x14c0/0x14c0 [ 2342.060342] kthread+0x30d/0x420 [ 2342.063689] ? kthread_create_on_node+0xd0/0xd0 [ 2342.068337] ret_from_fork+0x24/0x30 [ 2342.092334] Mem-Info: [ 2342.094809] active_anon:1232357 inactive_anon:6139 isolated_anon:0 [ 2342.094809] active_file:323 inactive_file:309 isolated_file:27 [ 2342.094809] unevictable:1839 dirty:5 writeback:0 unstable:0 [ 2342.094809] slab_reclaimable:18141 slab_unreclaimable:174831 [ 2342.094809] mapped:54510 shmem:7616 pagetables:44195 bounce:0 [ 2342.094809] free:23840 free_pcp:317 free_cma:0 [ 2342.367108] Node 0 active_anon:1663452kB inactive_anon:16144kB active_file:68kB inactive_file:52kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209964kB dirty:4kB writeback:0kB shmem:22048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2342.597276] Node 1 active_anon:3265976kB inactive_anon:8412kB active_file:1608kB inactive_file:1164kB unevictable:6324kB isolated(anon):0kB isolated(file):96kB mapped:8476kB dirty:16kB writeback:0kB shmem:8416kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2342.700012] Node 0 DMA free:10440kB min:220kB low:272kB high:324kB active_anon:1416kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2342.727897] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2342.736181] Node 0 DMA32 free:29372kB min:36296kB low:45368kB high:54440kB active_anon:1661936kB inactive_anon:16144kB active_file:64kB inactive_file:52kB unevictable:1032kB writepending:4kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16000kB pagetables:38172kB bounce:0kB free_pcp:224kB local_pcp:120kB free_cma:0kB [ 2342.878735] lowmem_reserve[]: 0 0 0 0 0 [ 2342.898622] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2342.932025] lowmem_reserve[]: 0 0 0 0 0 [ 2342.971766] Node 1 Normal free:54660kB min:53592kB low:66988kB high:80384kB active_anon:3265984kB inactive_anon:8416kB active_file:2132kB inactive_file:1384kB unevictable:6324kB writepending:12kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:59968kB pagetables:138388kB bounce:0kB free_pcp:876kB local_pcp:224kB free_cma:0kB [ 2343.011231] lowmem_reserve[]: 0 0 0 0 0 [ 2343.015512] Node 0 DMA: 24*4kB (UMEH) 61*8kB (UMEH) 24*16kB (UMEH) 12*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10440kB [ 2343.033298] Node 0 DMA32: 695*4kB (ME) 747*8kB (UME) 387*16kB (ME) 343*32kB (UME) 53*64kB (UME) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 29316kB [ 2343.048947] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2343.060447] Node 1 Normal: 2029*4kB (UMEH) 556*8kB (UMEH) 650*16kB (UME) 607*32kB (UMH) 230*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 57108kB [ 2343.076026] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2343.085669] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2343.095027] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2343.104796] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2343.114309] 8434 total pagecache pages [ 2343.119057] 0 pages in swap cache [ 2343.141611] Swap cache stats: add 0, delete 0, find 0/0 [ 2343.147109] Free swap = 0kB [ 2343.150210] Total swap = 0kB [ 2343.167924] 1965979 pages RAM [ 2343.172057] 0 pages HighMem/MovableOnly [ 2343.176128] 338455 pages reserved [ 2343.179705] 0 pages cma reserved [ 2343.221602] Out of memory: Kill process 13069 (syz-executor.1) score 1007 or sacrifice child 21:34:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:25 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:25 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(0xffffffffffffffff) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2344.414899] IPVS: ftp: loaded support on port[0] = 21 [ 2344.713058] systemd-journal invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2344.958325] systemd-journal cpuset=/ mems_allowed=0-1 [ 2345.021864] CPU: 1 PID: 4063 Comm: systemd-journal Not tainted 4.14.182-syzkaller #0 [ 2345.029802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2345.039506] Call Trace: [ 2345.042137] dump_stack+0x1b2/0x283 [ 2345.045775] dump_header+0x178/0x7aa [ 2345.049491] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2345.054520] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2345.059625] ? ___ratelimit+0x2cd/0x522 [ 2345.063603] oom_kill_process.cold+0x10/0xc16 [ 2345.068103] ? lock_downgrade+0x6e0/0x6e0 [ 2345.072265] out_of_memory+0x2d5/0x10f0 [ 2345.076256] ? oom_killer_disable+0x1c0/0x1c0 [ 2345.080753] ? mutex_trylock+0x152/0x1a0 [ 2345.084818] __alloc_pages_nodemask+0x2556/0x2730 [ 2345.089669] ? kmemdup+0x23/0x50 [ 2345.093045] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2345.097887] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2345.102726] ? trace_hardirqs_on+0x10/0x10 [ 2345.107001] ? cache_grow_begin+0x3f/0x410 [ 2345.111241] cache_grow_begin+0x91/0x410 [ 2345.115303] fallback_alloc+0x205/0x2b0 [ 2345.119280] kmem_cache_alloc+0x1e5/0x3c0 [ 2345.123430] getname_flags+0xc8/0x550 [ 2345.127236] user_path_at_empty+0x2a/0x50 [ 2345.131388] SyS_faccessat+0x21b/0x680 [ 2345.135275] ? SyS_fallocate+0x80/0x80 [ 2345.139159] ? do_syscall_64+0x4c/0x640 [ 2345.143131] ? SyS_faccessat+0x680/0x680 [ 2345.147192] do_syscall_64+0x1d5/0x640 [ 2345.151082] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2345.156263] RIP: 0033:0x7f6f703829c7 [ 2345.159966] RSP: 002b:00007ffc5f6be8e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 2345.167674] RAX: ffffffffffffffda RBX: 00007ffc5f6c1910 RCX: 00007f6f703829c7 [ 2345.174940] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055ff4839b9a3 [ 2345.182213] RBP: 00007ffc5f6bea30 R08: 000055ff483913e5 R09: 0000000000000018 [ 2345.189488] R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000 [ 2345.196759] R13: 0000000000000000 R14: 000055ff483b2eb0 R15: 00007ffc5f6bef20 [ 2346.057112] Mem-Info: [ 2346.059742] active_anon:1233452 inactive_anon:6139 isolated_anon:0 [ 2346.059742] active_file:40 inactive_file:9 isolated_file:21 [ 2346.059742] unevictable:1839 dirty:11 writeback:0 unstable:0 [ 2346.059742] slab_reclaimable:18115 slab_unreclaimable:175384 [ 2346.059742] mapped:54026 shmem:7616 pagetables:44245 bounce:0 [ 2346.059742] free:22839 free_pcp:32 free_cma:0 [ 2346.108860] Node 0 active_anon:1665124kB inactive_anon:16140kB active_file:36kB inactive_file:28kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209932kB dirty:36kB writeback:0kB shmem:22048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2346.182629] Node 1 active_anon:3268684kB inactive_anon:8416kB active_file:124kB inactive_file:8kB unevictable:6324kB isolated(anon):0kB isolated(file):84kB mapped:6172kB dirty:8kB writeback:0kB shmem:8416kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2346.234412] Node 0 DMA free:10404kB min:220kB low:272kB high:324kB active_anon:1456kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2346.265210] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2346.270257] Node 0 DMA32 free:27412kB min:36296kB low:45368kB high:54440kB active_anon:1663668kB inactive_anon:16140kB active_file:36kB inactive_file:28kB unevictable:1032kB writepending:36kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16032kB pagetables:38220kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2346.332168] lowmem_reserve[]: 0 0 0 0 0 [ 2346.336194] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2346.374142] lowmem_reserve[]: 0 0 0 0 0 [ 2346.378157] Node 1 Normal free:55552kB min:53592kB low:66988kB high:80384kB active_anon:3268684kB inactive_anon:8416kB active_file:56kB inactive_file:0kB unevictable:6324kB writepending:8kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60096kB pagetables:138688kB bounce:0kB free_pcp:372kB local_pcp:120kB free_cma:0kB [ 2346.411739] lowmem_reserve[]: 0 0 0 0 0 [ 2346.415749] Node 0 DMA: 21*4kB (UMEH) 58*8kB (UMEH) 24*16kB (UMEH) 12*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10404kB [ 2346.487808] Node 0 DMA32: 386*4kB (ME) 677*8kB (ME) 383*16kB (UME) 340*32kB (UM) 53*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27360kB [ 2346.517902] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2346.532800] Node 1 Normal: 1088*4kB (UME) 847*8kB (UME) 658*16kB (UME) 605*32kB (UMH) 229*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 55672kB [ 2346.550281] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2346.566814] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2346.604002] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2346.671471] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2346.680058] 7942 total pagecache pages [ 2346.693349] 0 pages in swap cache [ 2346.696829] Swap cache stats: add 0, delete 0, find 0/0 [ 2346.707860] Free swap = 0kB [ 2346.798000] Total swap = 0kB [ 2346.823488] 1965979 pages RAM [ 2346.833294] 0 pages HighMem/MovableOnly [ 2346.842036] 338455 pages reserved [ 2346.849999] 0 pages cma reserved [ 2346.858665] Out of memory: Kill process 13082 (syz-executor.1) score 1007 or sacrifice child [ 2346.901727] Killed process 13082 (syz-executor.1) total-vm:75368kB, anon-rss:16576kB, file-rss:35828kB, shmem-rss:0kB 21:34:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(0xffffffffffffffff) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:29 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2347.226284] xt_HMARK: hash modulus can't be zero 21:34:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:30 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2348.897995] syz-executor.4 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=1000 [ 2348.990549] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 2349.021788] CPU: 1 PID: 13150 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0 [ 2349.030400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2349.039760] Call Trace: [ 2349.042364] dump_stack+0x1b2/0x283 [ 2349.046003] dump_header+0x178/0x7aa [ 2349.049721] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2349.054754] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2349.059858] ? ___ratelimit+0x2cd/0x522 [ 2349.063817] oom_kill_process.cold+0x10/0xc16 [ 2349.068306] ? lock_downgrade+0x6e0/0x6e0 [ 2349.072437] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2349.077439] out_of_memory+0x2d5/0x10f0 [ 2349.081394] ? oom_killer_disable+0x1c0/0x1c0 [ 2349.085953] ? mutex_trylock+0x152/0x1a0 [ 2349.089994] __alloc_pages_nodemask+0x2556/0x2730 [ 2349.094826] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2349.099645] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2349.104467] ? trace_hardirqs_on+0x10/0x10 [ 2349.108688] ? cache_grow_begin+0x3f/0x410 [ 2349.113599] cache_grow_begin+0x91/0x410 [ 2349.117648] fallback_alloc+0x205/0x2b0 [ 2349.121604] kmem_cache_alloc+0x1e5/0x3c0 [ 2349.125733] getname_flags+0xc8/0x550 [ 2349.129520] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2349.134517] user_path_at_empty+0x2a/0x50 [ 2349.138646] do_mount+0x10b/0x25e0 [ 2349.142169] ? copy_mount_string+0x40/0x40 [ 2349.146380] ? copy_mount_options+0x17d/0x2e0 [ 2349.150855] ? __sanitizer_cov_trace_pc+0x4a/0x50 [ 2349.155676] ? copy_mount_options+0x1ec/0x2e0 [ 2349.160147] ? copy_mnt_ns+0x8a0/0x8a0 [ 2349.164013] SyS_mount+0xa8/0x120 [ 2349.167459] ? copy_mnt_ns+0x8a0/0x8a0 [ 2349.171331] do_syscall_64+0x1d5/0x640 [ 2349.175214] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2349.180380] RIP: 0033:0x45ca69 [ 2349.183554] RSP: 002b:00007fe17edcbc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2349.191241] RAX: ffffffffffffffda RBX: 00000000004f62c0 RCX: 000000000045ca69 [ 2349.198515] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000000 [ 2349.206040] RBP: 000000000078c040 R08: 000000002000a000 R09: 0000000000000000 [ 2349.213307] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2349.220583] R13: 0000000000000751 R14: 00000000004ca3ea R15: 00007fe17edcc6d4 [ 2349.603690] xt_HMARK: hash modulus can't be zero [ 2350.010500] Mem-Info: [ 2350.020627] active_anon:1230940 inactive_anon:6140 isolated_anon:0 [ 2350.020627] active_file:445 inactive_file:445 isolated_file:12 [ 2350.020627] unevictable:1839 dirty:43 writeback:7 unstable:0 [ 2350.020627] slab_reclaimable:18109 slab_unreclaimable:174310 [ 2350.020627] mapped:54764 shmem:7616 pagetables:44258 bounce:0 [ 2350.020627] free:25387 free_pcp:160 free_cma:0 [ 2350.161006] Node 0 active_anon:1652516kB inactive_anon:16144kB active_file:808kB inactive_file:916kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:211284kB dirty:152kB writeback:12kB shmem:22048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2350.339986] Node 1 active_anon:3271244kB inactive_anon:8416kB active_file:56kB inactive_file:124kB unevictable:6324kB isolated(anon):0kB isolated(file):48kB mapped:6272kB dirty:20kB writeback:16kB shmem:8416kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2350.510962] Node 0 DMA free:10468kB min:220kB low:272kB high:324kB active_anon:1376kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 21:34:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(0xffffffffffffffff) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2350.703619] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2350.708806] Node 0 DMA32 free:36244kB min:36296kB low:45368kB high:54440kB active_anon:1651140kB inactive_anon:16144kB active_file:752kB inactive_file:1508kB unevictable:1032kB writepending:164kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16000kB pagetables:38212kB bounce:0kB free_pcp:1180kB local_pcp:676kB free_cma:0kB [ 2350.929236] lowmem_reserve[]: 0 0 0 0 0 [ 2350.940935] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2351.044856] lowmem_reserve[]: 0 0 0 0 0 [ 2351.048894] Node 1 Normal free:55072kB min:53592kB low:66988kB high:80384kB active_anon:3271324kB inactive_anon:8416kB active_file:444kB inactive_file:376kB unevictable:6324kB writepending:8kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60160kB pagetables:138748kB bounce:0kB free_pcp:52kB local_pcp:0kB free_cma:0kB [ 2351.098279] lowmem_reserve[]: 0 0 0 0 0 [ 2351.146034] Node 0 DMA: 25*4kB (UMEH) 66*8kB (UMEH) 23*16kB (UMEH) 12*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10468kB [ 2351.219552] Node 0 DMA32: 1558*4kB (ME) 1285*8kB (ME) 417*16kB (ME) 371*32kB (UME) 64*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 39152kB [ 2351.256377] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2351.287755] Node 1 Normal: 1032*4kB (UME) 1097*8kB (UMEH) 567*16kB (UMEH) 605*32kB (UMH) 229*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 55992kB [ 2351.318121] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2351.340594] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2351.359532] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2351.368647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2351.381392] 8008 total pagecache pages [ 2351.385464] 0 pages in swap cache [ 2351.389071] Swap cache stats: add 0, delete 0, find 0/0 [ 2351.404458] Free swap = 0kB [ 2351.407673] Total swap = 0kB [ 2351.414306] 1965979 pages RAM [ 2351.417571] 0 pages HighMem/MovableOnly [ 2351.422353] 338455 pages reserved [ 2351.425959] 0 pages cma reserved [ 2351.429519] Out of memory: Kill process 5768 (syz-executor.0) score 1007 or sacrifice child [ 2351.442506] Killed process 5768 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2351.508044] oom_reaper: reaped process 5768 (syz-executor.0), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB 21:34:33 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="2401007cb0f9867c0717bca3a369a4505800", @ANYRES16, @ANYBLOB="000228bd7000fddbd7250200000008000200020000000800010001000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000084}, 0x14) sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)={0x4c, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c001}, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2352.138158] xt_HMARK: hash modulus can't be zero [ 2352.716907] syz-executor.2 invoked oom-killer: gfp_mask=0x15200c2(GFP_HIGHUSER|__GFP_ACCOUNT), nodemask=(null), order=0, oom_score_adj=1000 [ 2352.848953] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 2352.895454] CPU: 0 PID: 13167 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 2352.903362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2352.912903] Call Trace: [ 2352.915498] dump_stack+0x1b2/0x283 [ 2352.919127] dump_header+0x178/0x7aa [ 2352.922841] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2352.927859] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2352.932962] ? ___ratelimit+0x2cd/0x522 [ 2352.936946] oom_kill_process.cold+0x10/0xc16 [ 2352.941442] ? lock_downgrade+0x6e0/0x6e0 [ 2352.945592] out_of_memory+0x2d5/0x10f0 [ 2352.949570] ? oom_killer_disable+0x1c0/0x1c0 [ 2352.954066] ? mutex_trylock+0x152/0x1a0 [ 2352.958130] __alloc_pages_nodemask+0x2556/0x2730 [ 2352.963000] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2352.967847] ? retint_kernel+0x2d/0x2d [ 2352.971767] alloc_pages_current+0xe7/0x1e0 [ 2352.976095] pipe_write+0x91e/0xe10 [ 2352.979733] __vfs_write+0x44e/0x630 [ 2352.983449] ? kernel_read+0x110/0x110 [ 2352.987354] ? selinux_file_permission+0x7a/0x440 [ 2352.992203] ? rw_verify_area+0xe1/0x290 [ 2352.996440] vfs_write+0x17f/0x4d0 [ 2352.999982] SyS_write+0xf2/0x210 [ 2353.003439] ? SyS_read+0x210/0x210 [ 2353.007063] ? SyS_clock_settime+0x1a0/0x1a0 [ 2353.011471] ? do_syscall_64+0x4c/0x640 [ 2353.015440] ? SyS_read+0x210/0x210 [ 2353.019047] do_syscall_64+0x1d5/0x640 [ 2353.022937] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2353.028129] RIP: 0033:0x45ca69 [ 2353.031302] RSP: 002b:00007f0d738a6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2353.038994] RAX: ffffffffffffffda RBX: 000000000050a500 RCX: 000000000045ca69 [ 2353.047041] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000005 [ 2353.054297] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2353.061556] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2353.068803] R13: 0000000000000c5a R14: 00000000004ca33d R15: 00007f0d738a76d4 [ 2353.116844] Mem-Info: [ 2353.119384] active_anon:1233179 inactive_anon:6140 isolated_anon:0 [ 2353.119384] active_file:27 inactive_file:0 isolated_file:30 [ 2353.119384] unevictable:1839 dirty:8 writeback:0 unstable:0 [ 2353.119384] slab_reclaimable:18121 slab_unreclaimable:175250 [ 2353.119384] mapped:54074 shmem:7616 pagetables:44268 bounce:0 [ 2353.119384] free:23067 free_pcp:0 free_cma:0 [ 2353.164365] Node 0 active_anon:1665720kB inactive_anon:16144kB active_file:24kB inactive_file:4kB unevictable:1032kB isolated(anon):0kB isolated(file):120kB mapped:210056kB dirty:0kB writeback:0kB shmem:22048kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2353.204693] Node 1 active_anon:3266996kB inactive_anon:8416kB active_file:84kB inactive_file:0kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:6240kB dirty:32kB writeback:0kB shmem:8416kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2353.340710] Node 0 DMA free:10380kB min:220kB low:272kB high:324kB active_anon:1468kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2353.401218] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2353.420794] Node 0 DMA32 free:28684kB min:36296kB low:45368kB high:54440kB active_anon:1664252kB inactive_anon:16144kB active_file:124kB inactive_file:104kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16064kB pagetables:38648kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2353.480693] lowmem_reserve[]: 0 0 0 0 0 [ 2353.484752] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2353.577979] lowmem_reserve[]: 0 0 0 0 0 [ 2353.590687] Node 1 Normal free:53452kB min:53592kB low:66988kB high:80384kB active_anon:3266996kB inactive_anon:8416kB active_file:84kB inactive_file:184kB unevictable:6324kB writepending:32kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60288kB pagetables:138352kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2353.710655] lowmem_reserve[]: 0 0 0 0 0 [ 2353.714682] Node 0 DMA: 21*4kB (UMEH) 57*8kB (UMEH) 23*16kB (UMEH) 12*32kB (UME) 6*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (EH) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10380kB [ 2353.749759] Node 0 DMA32: 593*4kB (UME) 596*8kB (UME) 430*16kB (ME) 371*32kB (UME) 45*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 28772kB [ 2353.901301] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2353.944439] Node 1 Normal: 976*4kB (UE) 155*8kB (UMEH) 849*16kB (UMEH) 611*32kB (UMH) 229*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 52936kB [ 2353.994832] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2354.024463] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2354.064588] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2354.090862] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2354.132567] 7986 total pagecache pages [ 2354.148082] 0 pages in swap cache [ 2354.186945] Swap cache stats: add 0, delete 0, find 0/0 [ 2354.216092] Free swap = 0kB [ 2354.219265] Total swap = 0kB [ 2354.225458] 1965979 pages RAM [ 2354.228694] 0 pages HighMem/MovableOnly [ 2354.232894] 338455 pages reserved [ 2354.236437] 0 pages cma reserved [ 2354.239893] Out of memory: Kill process 5792 (syz-executor.0) score 1007 or sacrifice child [ 2354.251828] Killed process 5792 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB 21:34:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:36 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2354.808734] IPVS: ftp: loaded support on port[0] = 21 [ 2354.851937] xt_HMARK: hash modulus can't be zero [ 2354.875287] xt_cgroup: no path or classid specified [ 2354.892329] xt_cgroup: no path or classid specified 21:34:36 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x6, 0x0, 0xfffffffe, 0x200000000003, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VIDIOC_S_STD(0xffffffffffffffff, 0x40085618, &(0x7f00000000c0)=0xc000c) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2355.194443] IPVS: ftp: loaded support on port[0] = 21 21:34:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2355.485442] IPVS: ftp: loaded support on port[0] = 21 21:34:37 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2355.722856] xt_HMARK: hash modulus can't be zero [ 2355.936572] xt_cgroup: no path or classid specified 21:34:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:38 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:38 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() ustat(0x800, &(0x7f0000000100)) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f00000000c0)={0x7fffffff}, 0x4) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x2044, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0xb}}, 0x0, 0xd, 0xffffffffffffffff, 0x8) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2356.742151] IPVS: ftp: loaded support on port[0] = 21 [ 2357.005097] IPVS: ftp: loaded support on port[0] = 21 21:34:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x6, 0x0, 0xfffffffe, 0x200000000003, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VIDIOC_S_STD(0xffffffffffffffff, 0x40085618, &(0x7f00000000c0)=0xc000c) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:39 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)=@l2tp6={0xa, 0x0, 0x7, @private1={0xfc, 0x1, [], 0x1}, 0x7}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000380)="54a6ffd73252faee14352f0b65a0b018064f13fc30929edeaf0ef24b3061232a193f9d7f94b33fd682fa3647bd92702be378dde738132b99b7e6ad7ae1205a26b445ba8de4d63fa89c5a2f725aec4dd1cbd51d777553d73564bc1b2c5238cca131b1fef00c432480a1aefa38b0f631c983585b3f753393f5361424702580a7bc76f5c61c39d714e67b0a6598c655be0e194accdabc770cc335a14687c84d6aacafb94456122093c505fac448d604144f617caca19a4c24de16383002d1f54fde0ef30539c797af0daa0112be3c29c138cf3cc6db57", 0xd5}, {&(0x7f0000000480)="b97e1b45ab492023c266eb9780265839ead30f3bf28db785b0e2e9075d86d535a3780392568674fa57ed3613b50bd7e0ac3f866cb0de3c86a3b11552fc8e46627fb96beb50540343200ac35c00b63e902f539e597073b7e6cd3713e791496cfb9e8856c25b18506f9bbfa60b0dd71e5fedf5d95192bb3e12c0bace5104fc01dea31123f8dd8e58b07ad4993e9e646c3249ce66afdea0df2b2c3aef486bdc400fd79f1998308aa65e1805cf2cb6e8b82a81dae6ba1c22ac24fd00b480bf68f2311fe4ddcfc9be68c3f98966b0020171e7b18586afc4faabd5522b355c56af950243f5d5ab72ff74dafc272da5f8db0a0924f4750934522293ca2671d719e8d12eefd01d8f98a3e6301feefa2097e3794e0c1b6e3f095c582ae11d2d5f54da16f2b62316ef426e0e2ec5bcc480d6dbba9419817a63f0edbc15e58a959ace7d8b0316804c406fdb494b5b10911a4b56d06bb1333ed2bab0ee6bd77e4b910293eabf08c1988c9e656f3c5dd6da1011d48338b5bd86af22e4be553980165575e5fbdb5b023e9cd76c9192b9c09201a3feeb1513d31c89998ea75fff8dd1c9d13d431b413c1a961001caf96ac9ba84fcabb3c20a0de7d62ba0b68ad7f6ec073fe1816f102f55c8db76496069b88d9856ff118f8b4e5638bb168f34981701db03da37d6a3cdb2d8e8919bdc87501b41a07a2f37b03d2e85a2a4c9f7335767a3d88bd0401d49659a8adc0e99899142aaaf2ece4c395568e4e557b1ff7becc9b797a3a7aff053a3368d730908e425734080e7a01cec7b6becf357be6faa715d5ecdfbbad1cd4a844c593fcbca08ebc35c317e8a3504283e896a3113188822ece81cfa9889eacd79ea1bdad4b1d2c316ccb75acdd49317fd8b1a56ea1f1e46de3796e70a27b0b84fdd3697de15427094cb614cc5a71be16fee7b13f33444ce128e90ea616acf7fbe6dde9cd1c869c3ead17f0fce726fdf968a0ac7e898317db14bcd69a7524b60d043ef7b10514a7d02f9de5e416f65e981e78419890a1a3809919557ddb4a0af4633c714c60a093255a040700c81a50a7c9178c8bcc8167699871ee08a06d7c9d55e104902e2fc02841d8b90b5521a040481bd36010c993d120213a25fed30162431a24e1aab89e19cccb8098a58347602673138495b331981c9ef16eae411c226deec6832ba96d816563ad704dfc64353b89e7bd396f179c2dc4402ac7a0622b8d72c50613306824283cc9649a5a5580c82477405b5ceff236aa7ce4c83f8a9073ffa2884afdbe3c6b513517c23a82a1c40caf3acc49fd80a6248ec50db276822decac45f4e45d6e85ee56055129d0d51781ecd08a947b554ec656acfd634076b34f07903456f0b8ec22050a15d0fd210f327aed04ad260d277deda3a9c71a385585415ac42caad3aac8f806df187bd39e0c16e74c698dafc27de838c4dbdbfa08c9243c12791d1fa9533d2a39414bea000ffc6d4d9d8e909c4ff0d00c6826fcddff806966ac426d669012431eb3c874ee0483282b3c38abda0a6f0df2e25e74eeaf8cd14d0ac4f5b22431e4d9b214047c982b5606512fd7befe20a1822282bdedd94ad145c283424720b134fe5d06e079d2ede50dc1fcf39da26734539f9488f99f6507ce9da413fa35247ea39ff6396fa97b9972f20394294b0cd22496d2c77757f95beb5af63343be0d322550466f18c0fdddce77131bf05597dea40e016f86d53f27eda6c5d810c47323e63ee3193858bda99228b4d4324a92b7752165eaf468a05c313ba662c34c3a481557de191006c474af110dd3bca96f0eb3c71452b177c9237de8982ac7c37acf6fb2c534aab547bdcf3a4421cc7fedb24eff5e502907c0f181e56dae3e822407c65b0045751f98110b1a3cdb76bc1dfd9d29a83ba15f40e3d8be6192bfd10b2718538a178c7b2b5952b4745d77902cd252465f79e581284975d67961b0780985c32262cac9b1395b9ae9a3a3638146a0180fbf49faaec488adabdbb9bf2e3b1cc7aaffbafc0d140acb0035c0b2eb93d2bfcfb26428263c9732e0737907c6bb4ade98dc1e515f1532baf2e7140783e8c4e2878bc3d1edd7110e36ab3b48b9ca2238f98ec993fe159a74dd98fc828db94b6360df5718ead0f8a750551035676254e207d329f793a37c963ebc4c874201380a9bda0bf5bc5cc968fc7f93b202bec03884ac3be49e4843b7e94de6f11e607822a0398883a2558c04bfe33053d189f3834c105d8293f4d59ea7f2952c2c25ddcee09365cab67a6c3db5ede7947ec2ed0608fd4637b8469d5d566e24009819c002e44d92e0b0b74dc26fc42db0a4ca6623ae306f89d1ee65e7046715a1a15805edea2f40ca5a2aa007dd470a4375c46553d074ad5e7dc6efc4d657b5c42e2c3e0f161fee6a88de61058ff5e7e4f4d07d84d3c43efc438c32e862c8326728683d6d5146b9f79c206af54e353e44b8c8e721e967f5a6bfc2e4d30b3a48ddbffe1db1dd7288690905e43828f19331b70c5cdb59aa3f00848453fabaf48e6b324996fbc4df4a81e0ff8ec78c62000a9484368840faf2ccf39a2b407c186ff949e152ce39f4230123b635ea8dc15ebb643256a715c961d1315be7a4b994158ae6890f24f92714c632f02611451ab5e156643b25ad09b37c9f3b197d4b899a80f38d76b42a6baebdf0ebb475f58125f77b577972c828e858286e7688169190ad9e67095571fe59774ad3705b54b29597d5a92e60ee2fa450526b25ba44a8cdc65163518f0c0c160caf619fae26690786cf454481993dac6995d2312589ed7d8811d722c3d44db9b0149d020951c478ba70ae3b6fd02c106b30f7bb44a8e1a8bf8b58d0e6e13362946b487080beb4f96718dcb5b8b1987e858d03c0e46de9a48ec589cc2c9dbdc2653d2bb7446e23fc45168d182fc7e32099a723ba81bea06983f36966be0414ccd0a404a851fbb76129b36c2a5c5d03982126be3b03837a53ec64bf95c7766cd25cb23a034809d9c97ced4b7b16f8132eb869af9654cd91a207e29e6ed70fa90f7fc9689415fcef4bad4fc3c60b5056504d0644a3adb3dc723457e38a29ac40ac9aada463366b46e5722791fa4575df70fd6c1062284df9dec1bda3781f0443fa6adabe98eba82c3d4c993e796a8c4233de533cbef60c4a79af909f4838df3c1e5d20e39490f9a79e2242780ac0f433d79bae8a74066077762a12869c259f10e66a95d0ff989bb3252e83e0bca15b9e81e06b5b0d46d86479179346ebdbd89ff2f763fe1950ea55cea95f430eafe0dcaa15f170042a0ca09b14bd53fa797681dabcca0218f8c6fcf5224cda8b402609bb8c9388e7a39c34952117d12df7ced56c91270ae653f516ac0af8b19aef71a56d66d11624be3c98350bc684474fe632a50fa7f87722c6ddac468c1926bfc1f275f319e4b9103e5cd8958ea282000f836773f34c3f216f1287e676be9a9fe31e21ede695592cda80c1dc0b36c6e37c8a95b3ed8221a73303db2525f8d91518b7b09995e43be47542bd30da0fe2a3d63b0034ba17a2a4773241f5071a021051b78446cb976bbb329a453c895bcd8ccf5dab126f1ed5d8b9060f5bc330e78a55437148d5cb9b443159797691e57fb8bd71ab21420b0923bfdffb486cd7c88509750998d99513a34e57ddd0708206e2edaa9cceb2f37965fe855b0bc2f8c3ca9586fd0ba48556c1ea6fbc707b2dc17c7388ae16c514099668959badfddd99df804d6af9a4e7ef544da9957184c4ee28ad441aaa82985a92e228dd5b88dea41f3306dc5c33628a35d330519faff2d73ac48ec31a07b246a4c79f869c01b8feef1397a48e323e4fc29bb30eec960c86010cb57ae427e9dd62f6a3fdbf17765dbf069b430f5383e6ff38d50bbdc394cfd8ce18378a023a0a28c3b0effcf4a01b42fa267816895db56680e966a9d88143be610e5221eb2eddd6f2180c7cde83a1335c304b0732d14723c297c7bcff4b4ffbce5fae5bf77ea743607ea602b50b4ffbfaf14ffe6e00f1057e298f8bd7a50097b127d22a8c7e360d4adc7a20588b530b16c5364b593709e9dd64af6d825f2e62eb8bf182eca41de2750f8e306137df1d0b05690971c26ad20ae1ad3ee4e9a9627f8344cee7ce48d9aa0c42f4b49364df05475a0c1a96b267437d4d9aaf73481a910dc3966e4c5b4122c852ae7a3b42fd34701b6692ef55e2d96cc09e6d2fa0cdb48038cb89188244d947bdf7ae20fbf7b66a2c4bfa5ca809fb2bafc4336ec633e1bbaafb07daa6bdccd51b97d6ea4491db341b416ebb4a3885ac567e9f86a01ac6619a6b52b88f147918dfdd58732126dc92fc38b7444bb857c3e407b395671dcdf1e4389964887a279dccfdb5d86068a38ef9344023531c861dbf7012a7bf16270b360a0600b56847b01e86a5e9c5525f356e9dc1e82968a79018f37c16081258c1d7a55a3f0fc2ffecc072ae79d973a66cc4d74e87e85f3bfe861015e0e08c9ea636bb047af61ab1f62a0a06bd6eb2e7791c1e63fb61872187ecc386cb76527992160d0f940cb0fc9e890083734deda19e19781bb51e35b0df48dddc3ba7b675d296d07aac85ce78750abe7bf70f310b1f79edb3787ccfee7ec942bc9c59993bc114aee454ef8a32d8872892e78df93abe07de5d820089ee2e74cb8aae1519209e5e22f3b55011d80c3858379e65b3a26aefcca9a28b2ac7780565e9de742dec4777142294a7425c55830b8e01447db9010147cc7063b15f335b809285a12e70db18fb7e4a5c26dd761aa4102deab94caf11bf67bb774651ae59f707e9a82660a16759ccafbf2b70a41cf7871d595452a3c91a769152c25ab7a9bfbdfe65a7d344c8cc45e5cb58cde2014b2b65dceb8ddea494bc05806444318201bf17551fdab9a3a89c9a08bc639ba8354ed9c69d17bfdd6f44097dea259c0c1b6fa1d63969a311061c399783453f1fba05ab58b2cbeedc18a2d57e90a015a3ffa815697eb44fee51ac0c4216dc31738de6116b5ee095dd3f45a6cc2307706326abeaf21f06fe44662aa8c3334240dcff06cd9b49993c04f1025998397e98aaa577e85c2a43db3678e52be76462857fb396e5c62a9808937160ca9e927dfc19b66a4435362963fc0922633e30967acb226ae7177c629c2c77a6b882d1c323f4ba3ac038b11ae70a6477e6dfe05f218bb26a391074b95cea2e9e185816ff64bbc08cee3b275646ec528eff1b8a5017b55f882e571936cc8908ffa90241767d5223e2da8c03e6b3e8baa5616dc82462b837fb8479a45539476580b5f2a04c8c9f145b56fc1f5eff55379e43dc6dc6e61eba8549257c963e8a5f8e0488d381db5f359af637e768f299e08398f03086da2fbaad06c850f7d06e425d1d93739ec904fa495c73e4f0f6a2ecc34257b8c18080f6a9e9c8a3bd1076602b48ee74129b1ea92abe84112c200c8f9d982800be795716ac87195739bdb8f9f151fbd5d33bd83c4fe07f01fbacb787c65044d16af524acadf84d7fe43142598b32fd1c6f1b4645d07ff0381ac0bf103d06da6aee0b7c2c589083eb2c0aa3a416f301a76864977590ee56fccc20711cb3355aa46c726039d1d16bf428579ea8d2e2b06abdab9847e5395cd7f44fb7f7534bdfdfc791216241dd93c8a3087340661ca7cf768e69c01193aada55cc8314054fe1735459741631a4bb5ec31809cbd8f106272560a5dca8fae0f8c15efad045496d46b583268a9b77d1b5c60d8745e6040d446218dbeec1f226930aab78fadc65c9f71f470e53d40fe98b94ce65e6e6412c7d54dd9be0a87013325", 0x1000}, {&(0x7f0000000200)="299c2cc33b32245244483614ff00838af551c38c82662790f2c05f5cda7281f64f63378d81756b9be5dbb4f5f97d8ebfd2e92735c51de1bc087a017447e38a77cf25e663f5d3c0a4d037bc989642fb1c179c540490388a0f404a4bac7c6527398dffe57743ce8182e5", 0x69}], 0x3}, 0x4008000) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2357.268506] IPVS: ftp: loaded support on port[0] = 21 21:34:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2357.464981] IPVS: ftp: loaded support on port[0] = 21 21:34:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x6, 0x0, 0xfffffffe, 0x200000000003, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VIDIOC_S_STD(0xffffffffffffffff, 0x40085618, &(0x7f00000000c0)=0xc000c) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2357.905779] kworker/u4:3 invoked oom-killer: gfp_mask=0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 2357.953688] kworker/u4:3 cpuset=/ mems_allowed=0-1 [ 2357.968754] CPU: 1 PID: 4124 Comm: kworker/u4:3 Not tainted 4.14.182-syzkaller #0 [ 2357.977360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2357.986728] Workqueue: events_unbound call_usermodehelper_exec_work [ 2357.993134] Call Trace: [ 2357.995737] dump_stack+0x1b2/0x283 [ 2357.999369] dump_header+0x178/0x7aa [ 2358.003083] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2358.008101] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2358.013206] ? ___ratelimit+0x2cd/0x522 [ 2358.017191] oom_kill_process.cold+0x10/0xc16 [ 2358.021697] ? lock_downgrade+0x6e0/0x6e0 [ 2358.025866] out_of_memory+0x2d5/0x10f0 [ 2358.029971] ? oom_killer_disable+0x1c0/0x1c0 [ 2358.034489] ? mutex_trylock+0x152/0x1a0 [ 2358.038557] __alloc_pages_nodemask+0x2556/0x2730 [ 2358.043414] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2358.048275] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2358.053146] ? trace_hardirqs_on+0x10/0x10 [ 2358.057423] ? mark_held_locks+0xa6/0xf0 [ 2358.061489] ? cache_grow_begin+0x3f/0x410 [ 2358.065707] cache_grow_begin+0x91/0x410 [ 2358.069749] fallback_alloc+0x205/0x2b0 [ 2358.073706] kmem_cache_alloc_node+0xe3/0x400 [ 2358.078196] copy_process.part.0+0x17d5/0x6fa0 [ 2358.082760] ? __lock_acquire+0x655/0x42a0 [ 2358.086978] ? update_curr+0x28d/0x670 [ 2358.090848] ? static_obj+0x50/0x50 [ 2358.095144] ? trace_hardirqs_on+0x10/0x10 [ 2358.099354] ? __lock_acquire+0x655/0x42a0 [ 2358.103568] ? umh_complete+0x80/0x80 [ 2358.107347] ? __cleanup_sighand+0x40/0x40 [ 2358.111575] ? umh_complete+0x80/0x80 [ 2358.115366] _do_fork+0x180/0xc80 [ 2358.118798] ? lock_downgrade+0x6e0/0x6e0 [ 2358.122920] ? fork_idle+0x270/0x270 [ 2358.126614] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2358.131695] ? debug_object_deactivate+0x1cc/0x350 [ 2358.136610] ? process_one_work+0x6ec/0x14c0 [ 2358.141048] ? umh_complete+0x80/0x80 [ 2358.144838] kernel_thread+0x2f/0x40 [ 2358.148624] call_usermodehelper_exec_work+0x193/0x210 [ 2358.153879] ? call_usermodehelper_exec_async+0x4c0/0x4c0 [ 2358.159394] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2358.164827] process_one_work+0x7c0/0x14c0 [ 2358.169058] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 2358.173711] ? worker_thread+0x163/0x1080 [ 2358.177839] ? _raw_spin_unlock_irq+0x24/0x90 [ 2358.182315] worker_thread+0x5d7/0x1080 [ 2358.186273] ? process_one_work+0x14c0/0x14c0 [ 2358.190758] kthread+0x30d/0x420 [ 2358.194123] ? kthread_create_on_node+0xd0/0xd0 [ 2358.198872] ret_from_fork+0x24/0x30 21:34:40 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:40 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:40 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:40 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x28, &(0x7f0000000380)={[], [{@obj_user={'obj_user', 0x3d, '%'}}, {@fsname={'fsname', 0x3d, '('}}, {@pcr={'pcr', 0x3d, 0x3b}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@subj_type={'subj_type', 0x3d, '-/cpuset%bdev)\'-user'}}, {@dont_measure='dont_measure'}]}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2358.895601] Mem-Info: [ 2358.898073] active_anon:1223731 inactive_anon:6139 isolated_anon:0 [ 2358.898073] active_file:883 inactive_file:1450 isolated_file:27 [ 2358.898073] unevictable:1839 dirty:42 writeback:0 unstable:0 [ 2358.898073] slab_reclaimable:18080 slab_unreclaimable:178002 [ 2358.898073] mapped:55602 shmem:7616 pagetables:44333 bounce:0 [ 2358.898073] free:27076 free_pcp:376 free_cma:0 [ 2359.107748] Node 0 active_anon:1650304kB inactive_anon:16128kB active_file:180kB inactive_file:464kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:210248kB dirty:48kB writeback:0kB shmem:22032kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2359.424335] Node 1 active_anon:3252620kB inactive_anon:8428kB active_file:2384kB inactive_file:2796kB unevictable:6324kB isolated(anon):0kB isolated(file):224kB mapped:11160kB dirty:220kB writeback:0kB shmem:8432kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2359.623292] Node 0 DMA free:10384kB min:220kB low:272kB high:324kB active_anon:1376kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 21:34:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:41 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:34:41 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000000)='cmdline\x00') ioctl$UI_GET_SYSNAME(r2, 0x8040552c, &(0x7f00000000c0)) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) fsetxattr$trusted_overlay_redirect(r6, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) [ 2359.816207] lowmem_reserve[]: 0 2559 2559 2559 2559 21:34:41 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2359.866828] Node 0 DMA32 free:27468kB min:36296kB low:45368kB high:54440kB active_anon:1657836kB inactive_anon:16128kB active_file:372kB inactive_file:352kB unevictable:1032kB writepending:32kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16480kB pagetables:38292kB bounce:0kB free_pcp:296kB local_pcp:64kB free_cma:0kB [ 2360.083627] lowmem_reserve[]: 0 0 0 0 0 [ 2360.166903] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2360.373572] lowmem_reserve[]: 0 0 0 0 0 [ 2360.425564] Node 1 Normal free:53468kB min:53592kB low:66988kB high:80384kB active_anon:3256144kB inactive_anon:8428kB active_file:1496kB inactive_file:1716kB unevictable:6324kB writepending:84kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60384kB pagetables:139136kB bounce:0kB free_pcp:1268kB local_pcp:712kB free_cma:0kB [ 2360.756124] lowmem_reserve[]: 0 0 0 0 0 [ 2360.805428] Node 0 DMA: 22*4kB (UMEH) 65*8kB (MEH) 23*16kB (UMEH) 12*32kB (UME) 7*64kB (UMH) 3*128kB (UMH) 2*256kB (EH) 1*512kB (E) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10384kB [ 2360.964039] Node 0 DMA32: 742*4kB (UE) 1028*8kB (UME) 370*16kB (UME) 307*32kB (UM) 5*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27256kB [ 2360.994655] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2361.018628] Node 1 Normal: 648*4kB (UME) 140*8kB (UME) 856*16kB (UME) 763*32kB (UM) 207*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 55072kB [ 2361.037771] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2361.087385] syz-executor.2: page allocation failure: order:4, mode:0x14040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null) [ 2361.121069] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2361.150307] syz-executor.2 cpuset=/ mems_allowed=0-1 [ 2361.165986] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2361.195137] CPU: 0 PID: 13515 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 2361.203057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2361.212413] Call Trace: [ 2361.215015] dump_stack+0x1b2/0x283 [ 2361.218655] warn_alloc.cold+0x96/0x1af [ 2361.222643] ? zone_watermark_ok_safe+0x250/0x250 [ 2361.224655] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2361.227486] ? try_to_compact_pages+0x52a/0x770 [ 2361.227504] ? __alloc_pages_direct_compact+0xba/0x360 [ 2361.227515] __alloc_pages_nodemask+0x2129/0x2730 [ 2361.253496] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2361.258541] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2361.263389] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2361.268510] ? retint_kernel+0x2d/0x2d [ 2361.271058] 8178 total pagecache pages [ 2361.272448] cache_grow_begin+0x91/0x410 [ 2361.272461] fallback_alloc+0x205/0x2b0 [ 2361.278662] 0 pages in swap cache [ 2361.280413] kmem_cache_alloc_trace+0x20e/0x3f0 [ 2361.280429] ccid2_hc_tx_alloc_seq+0xa5/0x3c0 [ 2361.280441] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2361.286724] Swap cache stats: add 0, delete 0, find 0/0 [ 2361.287841] ? __dccp_feat_activate+0x230/0x230 [ 2361.287851] ccid2_hc_tx_init+0x16f/0x490 [ 2361.298558] Free swap = 0kB [ 2361.302779] ? ccid2_hc_tx_exit+0x140/0x140 [ 2361.302786] ccid_new+0x2ae/0x390 [ 2361.302796] dccp_hdlr_ccid+0x22/0x140 [ 2361.302806] __dccp_feat_activate+0x135/0x230 [ 2361.318478] Total swap = 0kB [ 2361.320471] dccp_feat_activate_values+0x2be/0x661 [ 2361.320484] ? dccp_feat_init+0x260/0x260 [ 2361.320502] ? kfree_skbmem+0x98/0x100 [ 2361.327098] 1965979 pages RAM [ 2361.328259] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2361.328270] ? kmem_cache_free+0x23a/0x2b0 [ 2361.337873] 0 pages HighMem/MovableOnly [ 2361.339642] ? dccp_rcv_state_process+0xe9b/0x1665 [ 2361.339652] dccp_rcv_state_process+0xe9b/0x1665 [ 2361.353134] 338455 pages reserved [ 2361.353187] dccp_v6_do_rcv+0x21c/0xa50 [ 2361.359722] 0 pages cma reserved [ 2361.361285] __release_sock+0x12a/0x350 [ 2361.361301] release_sock+0x54/0x1b0 [ 2361.361316] __inet_stream_connect+0x495/0xb90 [ 2361.366474] Out of memory: Kill process 5838 (syz-executor.0) score 1007 or sacrifice child [ 2361.369595] ? inet_bind+0x950/0x950 [ 2361.369607] ? lock_sock_nested+0x86/0x100 [ 2361.383656] Killed process 5838 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2361.386655] ? do_wait_intr_irq+0x270/0x270 [ 2361.386672] ? __local_bh_enable_ip+0xed/0x160 [ 2361.439947] ? __inet_stream_connect+0xb90/0xb90 [ 2361.444712] inet_stream_connect+0x53/0xa0 [ 2361.448961] SyS_connect+0x186/0x260 [ 2361.452683] ? SyS_accept+0x30/0x30 [ 2361.456412] ? put_timespec64+0xaa/0xf0 [ 2361.460409] ? SyS_clock_gettime+0xf5/0x180 [ 2361.464725] ? SyS_clock_settime+0x1a0/0x1a0 [ 2361.469140] ? do_syscall_64+0x4c/0x640 [ 2361.473108] ? SyS_accept+0x30/0x30 [ 2361.476738] do_syscall_64+0x1d5/0x640 [ 2361.481321] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2361.486502] RIP: 0033:0x45ca69 [ 2361.489693] RSP: 002b:00007f0d738a6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 2361.498273] RAX: ffffffffffffffda RBX: 00000000004daf80 RCX: 000000000045ca69 [ 2361.505796] RDX: 000000000000001c RSI: 0000000020000180 RDI: 0000000000000005 [ 2361.513070] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2361.520428] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2361.528144] R13: 0000000000000084 R14: 00000000004c3402 R15: 00007f0d738a76d4 [ 2361.781658] Mem-Info: [ 2361.784697] active_anon:1224221 inactive_anon:6139 isolated_anon:0 [ 2361.784697] active_file:720 inactive_file:854 isolated_file:56 [ 2361.784697] unevictable:1839 dirty:20 writeback:26 unstable:0 [ 2361.784697] slab_reclaimable:18068 slab_unreclaimable:178333 [ 2361.784697] mapped:55313 shmem:7616 pagetables:44453 bounce:0 [ 2361.784697] free:26988 free_pcp:423 free_cma:0 21:34:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2361.944386] Node 0 active_anon:1656952kB inactive_anon:16128kB active_file:12kB inactive_file:44kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209952kB dirty:12kB writeback:0kB shmem:22032kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:34:44 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, &(0x7f00000000c0)=""/45) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, r0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2362.116684] Node 1 active_anon:3242688kB inactive_anon:8432kB active_file:5356kB inactive_file:6276kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:15188kB dirty:60kB writeback:0kB shmem:8432kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2362.364490] Node 0 DMA free:10404kB min:220kB low:272kB high:324kB active_anon:1356kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2362.750897] systemd-udevd invoked oom-killer: gfp_mask=0x14200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2362.785870] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2362.820016] Node 0 DMA32 free:27192kB min:36296kB low:45368kB high:54440kB active_anon:1659424kB inactive_anon:16128kB active_file:12kB inactive_file:44kB unevictable:1032kB writepending:20kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16608kB pagetables:38292kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2362.899483] systemd-udevd cpuset=/ mems_allowed=0-1 [ 2362.932383] CPU: 0 PID: 13553 Comm: systemd-udevd Not tainted 4.14.182-syzkaller #0 [ 2362.940200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2362.949567] Call Trace: [ 2362.952166] dump_stack+0x1b2/0x283 [ 2362.955782] dump_header+0x178/0x7aa [ 2362.959472] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2362.964469] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2362.969547] ? ___ratelimit+0x2cd/0x522 [ 2362.973509] oom_kill_process.cold+0x10/0xc16 [ 2362.977982] ? lock_downgrade+0x6e0/0x6e0 [ 2362.982111] out_of_memory+0x2d5/0x10f0 [ 2362.986065] ? oom_killer_disable+0x1c0/0x1c0 [ 2362.990637] ? mutex_trylock+0x152/0x1a0 [ 2362.996327] __alloc_pages_nodemask+0x2556/0x2730 [ 2363.001197] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2363.006039] ? __schedule+0x8ae/0x1d70 [ 2363.009917] ? preempt_schedule_common+0x4a/0xc0 [ 2363.014667] alloc_pages_vma+0xc1/0x4b0 [ 2363.018643] wp_page_copy+0x1f5/0x1bc0 [ 2363.022523] ? add_mm_counter_fast.part.0+0x30/0x30 [ 2363.027515] ? __lock_acquire+0x655/0x42a0 [ 2363.031728] do_wp_page+0x244/0x1dc0 [ 2363.035420] ? __handle_mm_fault+0x18e8/0x3700 [ 2363.040002] ? finish_mkwrite_fault+0x5e0/0x5e0 [ 2363.044669] __handle_mm_fault+0x1ee8/0x3700 [ 2363.049188] ? vm_insert_mixed_mkwrite+0x30/0x30 [ 2363.053950] handle_mm_fault+0x306/0x794 [ 2363.058012] __do_page_fault+0x578/0xb50 [ 2363.062142] ? mm_fault_error+0x2c0/0x2c0 [ 2363.066267] ? do_page_fault+0x60/0x4f2 [ 2363.070319] ? page_fault+0x2f/0x50 [ 2363.073933] page_fault+0x45/0x50 [ 2363.077363] RIP: 43da0:0x56014322e260 [ 2363.081135] RSP: 4066db00:000056014322e270 EFLAGS: 00040028 [ 2363.231022] lowmem_reserve[]: 0 0 0 0 0 [ 2363.247341] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2363.333333] lowmem_reserve[]: 0 0 0 0 0 [ 2363.337674] Node 1 Normal free:45116kB min:53592kB low:66988kB high:80384kB active_anon:3262480kB inactive_anon:8428kB active_file:2068kB inactive_file:1264kB unevictable:6324kB writepending:128kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60224kB pagetables:139828kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2363.381009] IPVS: ftp: loaded support on port[0] = 21 [ 2363.383160] lowmem_reserve[]: 0 0 0 0 0 [ 2363.399380] Node 0 DMA: 19*4kB (UMEH) 63*8kB (MEH) 23*16kB (UMEH) 13*32kB (UME) 7*64kB (UMH) 3*128kB (UMH) 2*256kB (EH) 1*512kB (E) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10388kB [ 2363.518657] Node 0 DMA32: 761*4kB (UME) 1015*8kB (UME) 372*16kB (UME) 305*32kB (UM) 4*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27132kB [ 2363.632138] IPVS: ftp: loaded support on port[0] = 21 [ 2364.219860] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2364.454678] Node 1 Normal: 1195*4kB (UME) 500*8kB (UME) 153*16kB (UME) 894*32kB (UM) 161*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 50140kB [ 2364.622374] Mem-Info: [ 2364.624837] active_anon:1230819 inactive_anon:6139 isolated_anon:0 [ 2364.624837] active_file:57 inactive_file:28 isolated_file:0 [ 2364.624837] unevictable:1839 dirty:26 writeback:0 unstable:0 [ 2364.624837] slab_reclaimable:18069 slab_unreclaimable:178567 [ 2364.624837] mapped:54063 shmem:7616 pagetables:44549 bounce:0 [ 2364.624837] free:21890 free_pcp:2 free_cma:0 [ 2364.839692] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2364.848562] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2365.269667] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2365.278540] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2365.612421] Node 0 active_anon:1660896kB inactive_anon:16128kB active_file:32kB inactive_file:28kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209932kB dirty:32kB writeback:0kB shmem:22032kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2365.762251] 7940 total pagecache pages [ 2365.766177] 0 pages in swap cache [ 2365.923515] Swap cache stats: add 0, delete 0, find 0/0 [ 2366.062080] Free swap = 0kB [ 2366.065253] Total swap = 0kB [ 2366.068268] 1965979 pages RAM [ 2366.290907] 0 pages HighMem/MovableOnly [ 2366.294913] 338455 pages reserved [ 2366.298361] 0 pages cma reserved [ 2366.312168] Node 1 active_anon:3262376kB inactive_anon:8428kB active_file:160kB inactive_file:0kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:6260kB dirty:8kB writeback:0kB shmem:8432kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2366.615493] Could not activate 0 at net/dccp/feat.c:1544/dccp_feat_activate_values() [ 2367.046746] Node 0 DMA free:10392kB min:220kB low:272kB high:324kB active_anon:1372kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2367.669428] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2367.674502] Node 0 DMA32 free:27408kB min:36296kB low:45368kB high:54440kB active_anon:1659524kB inactive_anon:16128kB active_file:40kB inactive_file:20kB unevictable:1032kB writepending:32kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16448kB pagetables:38300kB bounce:0kB free_pcp:112kB local_pcp:0kB free_cma:0kB [ 2368.579364] lowmem_reserve[]: 0 0 0 0 0 [ 2368.583404] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2369.311953] lowmem_reserve[]: 0 0 0 0 0 [ 2369.315992] Node 1 Normal free:50640kB min:53592kB low:66988kB high:80384kB active_anon:3262256kB inactive_anon:8428kB active_file:56kB inactive_file:64kB unevictable:6324kB writepending:4kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60192kB pagetables:139616kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2370.163382] lowmem_reserve[]: 0 0 0 0 0 [ 2370.167429] Node 0 DMA: 19*4kB (UMEH) 64*8kB (MEH) 23*16kB (UMEH) 13*32kB (UME) 7*64kB (UMH) 3*128kB (UMH) 2*256kB (EH) 1*512kB (E) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10396kB [ 2370.709164] Node 0 DMA32: 809*4kB (UME) 1061*8kB (UME) 381*16kB (UME) 304*32kB (UM) 4*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27804kB [ 2371.018255] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2371.329126] Node 1 Normal: 1250*4kB (UME) 517*8kB (UME) 179*16kB (UME) 897*32kB (UM) 161*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 51008kB [ 2371.692263] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2371.894394] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2372.159026] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2372.167902] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2372.575039] 7930 total pagecache pages [ 2372.664515] 0 pages in swap cache [ 2372.667999] Swap cache stats: add 0, delete 0, find 0/0 [ 2372.918983] Free swap = 0kB [ 2372.922030] Total swap = 0kB [ 2372.925040] 1965979 pages RAM [ 2372.928130] 0 pages HighMem/MovableOnly [ 2373.268052] 338455 pages reserved [ 2373.337575] 0 pages cma reserved [ 2373.539115] Out of memory: Kill process 13509 (syz-executor.5) score 1007 or sacrifice child [ 2373.547790] Killed process 13509 (syz-executor.5) total-vm:75764kB, anon-rss:16604kB, file-rss:35820kB, shmem-rss:0kB [ 2374.381420] oom_reaper: reaped process 13509 (syz-executor.5), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2374.993861] kworker/u4:30 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 2375.031086] IPVS: ftp: loaded support on port[0] = 21 [ 2375.141452] kworker/u4:30 cpuset=/ mems_allowed=0-1 [ 2375.146610] CPU: 1 PID: 12158 Comm: kworker/u4:30 Not tainted 4.14.182-syzkaller #0 [ 2375.154400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2375.163765] Workqueue: events_unbound call_usermodehelper_exec_work [ 2375.170207] Call Trace: [ 2375.172803] dump_stack+0x1b2/0x283 [ 2375.176446] dump_header+0x178/0x7aa [ 2375.180851] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2375.185951] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2375.191052] ? ___ratelimit+0x2cd/0x522 [ 2375.195035] oom_kill_process.cold+0x10/0xc16 [ 2375.199541] ? lock_downgrade+0x6e0/0x6e0 [ 2375.204303] out_of_memory+0x2d5/0x10f0 [ 2375.208284] ? oom_killer_disable+0x1c0/0x1c0 [ 2375.212783] ? mutex_trylock+0x152/0x1a0 [ 2375.216856] __alloc_pages_nodemask+0x2556/0x2730 [ 2375.221727] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2375.226586] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2375.231606] ? kmem_cache_alloc_node+0x387/0x400 [ 2375.236372] copy_process.part.0+0x26a/0x6fa0 [ 2375.240875] ? __lock_acquire+0x655/0x42a0 [ 2375.245112] ? check_preemption_disabled+0x35/0x240 [ 2375.250132] ? cpuacct_charge+0x1ce/0x350 [ 2375.254285] ? static_obj+0x50/0x50 [ 2375.258012] ? lock_downgrade+0x6e0/0x6e0 [ 2375.262163] ? umh_complete+0x80/0x80 [ 2375.265963] ? __cleanup_sighand+0x40/0x40 [ 2375.270198] ? update_curr+0x28d/0x670 [ 2375.274086] ? umh_complete+0x80/0x80 [ 2375.278241] _do_fork+0x180/0xc80 [ 2375.282414] ? fork_idle+0x270/0x270 [ 2375.286142] ? lock_downgrade+0x6e0/0x6e0 [ 2375.290291] ? lock_downgrade+0x6e0/0x6e0 [ 2375.294539] ? process_one_work+0x6ec/0x14c0 [ 2375.298950] ? umh_complete+0x80/0x80 [ 2375.302748] kernel_thread+0x2f/0x40 [ 2375.306465] call_usermodehelper_exec_work+0x193/0x210 [ 2375.311839] ? call_usermodehelper_exec_async+0x4c0/0x4c0 [ 2375.317379] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2375.322833] process_one_work+0x7c0/0x14c0 [ 2375.327075] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 2375.331744] ? worker_thread+0x163/0x1080 [ 2375.335894] ? _raw_spin_unlock_irq+0x24/0x90 [ 2375.340398] worker_thread+0x5d7/0x1080 [ 2375.344404] ? process_one_work+0x14c0/0x14c0 [ 2375.348899] kthread+0x30d/0x420 [ 2375.352260] ? kthread_create_on_node+0xd0/0xd0 [ 2375.356928] ret_from_fork+0x24/0x30 [ 2375.932732] Mem-Info: [ 2375.935184] active_anon:1221251 inactive_anon:6140 isolated_anon:0 [ 2375.935184] active_file:510 inactive_file:624 isolated_file:32 [ 2375.935184] unevictable:1839 dirty:5 writeback:0 unstable:0 [ 2375.935184] slab_reclaimable:18077 slab_unreclaimable:178310 [ 2375.935184] mapped:54815 shmem:7616 pagetables:44435 bounce:0 [ 2375.935184] free:30145 free_pcp:551 free_cma:0 21:34:57 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000200)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x102, 0x8a95}, 0x0, 0xfff, 0x40, 0x5, 0x0, 0x0, 0x8cd6}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@int=0x7, 0x4) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x1f, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x7, 0xfffffff5}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2376.032584] Node 0 active_anon:1648284kB inactive_anon:16128kB active_file:28kB inactive_file:20kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209936kB dirty:4kB writeback:0kB shmem:22032kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 21:34:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2376.069698] Node 1 active_anon:3236720kB inactive_anon:8432kB active_file:4024kB inactive_file:6984kB unevictable:6324kB isolated(anon):0kB isolated(file):0kB mapped:14224kB dirty:16kB writeback:0kB shmem:8432kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2376.102612] Node 0 DMA free:10432kB min:220kB low:272kB high:324kB active_anon:1336kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 21:34:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:58 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, &(0x7f00000000c0)=""/45) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, r0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2376.137419] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2376.162933] Node 0 DMA32 free:36068kB min:36296kB low:45368kB high:54440kB active_anon:1646948kB inactive_anon:16128kB active_file:28kB inactive_file:820kB unevictable:1032kB writepending:4kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16384kB pagetables:38296kB bounce:0kB free_pcp:972kB local_pcp:772kB free_cma:0kB [ 2376.769158] IPVS: ftp: loaded support on port[0] = 21 [ 2376.821561] lowmem_reserve[]: 0 0 0 0 0 [ 2376.905568] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2377.171946] IPVS: ftp: loaded support on port[0] = 21 [ 2377.174434] lowmem_reserve[]: 0 0 0 0 0 [ 2377.204650] Node 1 Normal free:53848kB min:53592kB low:66988kB high:80384kB active_anon:3259760kB inactive_anon:8420kB active_file:656kB inactive_file:336kB unevictable:6324kB writepending:224kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60512kB pagetables:139964kB bounce:0kB free_pcp:304kB local_pcp:200kB free_cma:0kB 21:34:59 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:59 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, 0x0, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:34:59 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:34:59 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe, 0xffffffff}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x33}}}, 0x6, 0x1}, &(0x7f0000000000)=0x90) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f00000000c0)={r4, 0x18, 0x0, 0x2ead, 0x3}, &(0x7f0000000100)=0x18) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x0, 0x0, 0x7f, 0x0, 0x48, 0x14a0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000180), 0x6}, 0x0, 0x4, 0x3, 0x0, 0xb}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 21:34:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2377.676176] lowmem_reserve[]: 0 0 0 0 0 21:34:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2377.709181] Node 0 DMA: 24*4kB (UMEH) 66*8kB (MEH) 23*16kB (UMEH) 13*32kB (UME) 7*64kB (UMH) 3*128kB (UMH) 2*256kB (EH) 1*512kB (E) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10432kB [ 2377.845807] Node 0 DMA32: 2135*4kB (UME) 1280*8kB (UME) 327*16kB (UME) 277*32kB (M) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 32876kB 21:34:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2378.069155] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2378.255109] Node 1 Normal: 88*4kB (UME) 40*8kB (UE) 783*16kB (UME) 876*32kB (UM) 155*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 51152kB [ 2378.348362] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2378.406633] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2378.479494] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 21:35:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, 0x0, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:35:00 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:35:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2378.567475] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2378.652780] 10146 total pagecache pages [ 2378.686119] 0 pages in swap cache [ 2378.698007] Swap cache stats: add 0, delete 0, find 0/0 [ 2378.754142] Free swap = 0kB 21:35:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2378.778787] Total swap = 0kB [ 2378.810145] 1965979 pages RAM 21:35:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) [ 2378.842876] 0 pages HighMem/MovableOnly [ 2378.877994] 338455 pages reserved [ 2378.907641] 0 pages cma reserved [ 2378.933556] Out of memory: Kill process 13544 (syz-executor.5) score 1007 or sacrifice child 21:35:01 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x800) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1b, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r3) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() tkill(r4, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:35:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:35:01 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, 0x0, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:35:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:35:01 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2379.632781] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:35:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4, 0x8}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:35:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) 21:35:02 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x4, 0xffffffff) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) clone(0x200000008a105d00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) [ 2380.871564] ip6_tables: ip6tables: counters copy to user failed while replacing table 21:35:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) dup3(r0, r1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x98}, 0x16, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x404e20}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) listen(r2, 0x400000001ffffffd) r3 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000005}, 0xa}], 0x4000000000000d0, 0x0) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x4}, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000a80)=@filter={'filter\x00', 0xe, 0x4, 0x13a8, 0x0, 0x0, 0x1208, 0x108, 0x108, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x12d8, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@mcast1, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'rose0\x00', 'netdevsim0\x00'}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030, 'cgroup\x00'}, {0x0, 0x1, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1408) syz_init_net_socket$rose(0xb, 0x5, 0x0) 21:35:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fsync(r2) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) 21:35:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x1, 0x20b493e0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fsync(r1) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x69, 0x1, 0x0, 0xff, 0x0, 0x48, 0x14a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x7}, 0x0, 0x0, 0xfffffff9}, 0x0, 0xd, 0xffffffffffffffff, 0xa) tkill(0x0, 0x3c) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x69005100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f000000a000)) sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) [ 2381.886351] ip6_tables: ip6tables: counters copy to user failed while replacing table [ 2385.210497] IPVS: ftp: loaded support on port[0] = 21 [ 2385.457454] IPVS: ftp: loaded support on port[0] = 21 [ 2385.578875] kworker/u4:20 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 2385.591848] kworker/u4:20 cpuset=/ mems_allowed=0-1 [ 2385.597014] CPU: 0 PID: 7651 Comm: kworker/u4:20 Not tainted 4.14.182-syzkaller #0 [ 2385.604716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2385.614075] Workqueue: events_unbound call_usermodehelper_exec_work [ 2385.620480] Call Trace: [ 2385.623062] dump_stack+0x1b2/0x283 [ 2385.626688] dump_header+0x178/0x7aa [ 2385.630393] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2385.635403] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2385.640505] ? ___ratelimit+0x2cd/0x522 [ 2385.644481] oom_kill_process.cold+0x10/0xc16 [ 2385.648969] ? lock_downgrade+0x6e0/0x6e0 [ 2385.653112] out_of_memory+0x2d5/0x10f0 [ 2385.657084] ? oom_killer_disable+0x1c0/0x1c0 [ 2385.661576] ? mutex_trylock+0x152/0x1a0 [ 2385.665632] __alloc_pages_nodemask+0x2556/0x2730 [ 2385.670480] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2385.675324] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2385.680333] ? kmem_cache_alloc_node+0x387/0x400 [ 2385.685104] copy_process.part.0+0x26a/0x6fa0 [ 2385.689579] ? __lock_acquire+0x655/0x42a0 [ 2385.693830] ? static_obj+0x50/0x50 [ 2385.697432] ? trace_hardirqs_on+0x10/0x10 [ 2385.701647] ? __lock_acquire+0x655/0x42a0 [ 2385.705871] ? umh_complete+0x80/0x80 [ 2385.709660] ? __cleanup_sighand+0x40/0x40 [ 2385.713874] ? umh_complete+0x80/0x80 [ 2385.717663] _do_fork+0x180/0xc80 [ 2385.721094] ? lock_downgrade+0x6e0/0x6e0 [ 2385.725228] ? fork_idle+0x270/0x270 [ 2385.728922] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2385.734002] ? debug_object_deactivate+0x1cc/0x350 [ 2385.738907] ? process_one_work+0x6ec/0x14c0 [ 2385.743290] ? umh_complete+0x80/0x80 [ 2385.747068] kernel_thread+0x2f/0x40 [ 2385.750774] call_usermodehelper_exec_work+0x193/0x210 [ 2385.756027] ? call_usermodehelper_exec_async+0x4c0/0x4c0 [ 2385.761540] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 2385.766967] process_one_work+0x7c0/0x14c0 [ 2385.771268] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 2385.775923] ? worker_thread+0x163/0x1080 [ 2385.780050] ? _raw_spin_unlock_irq+0x24/0x90 [ 2385.784525] worker_thread+0x5d7/0x1080 [ 2385.788482] ? process_one_work+0x14c0/0x14c0 [ 2385.792954] kthread+0x30d/0x420 [ 2385.796297] ? kthread_create_on_node+0xd0/0xd0 [ 2385.800955] ret_from_fork+0x24/0x30 [ 2385.811011] IPVS: ftp: loaded support on port[0] = 21 [ 2385.952452] Mem-Info: [ 2385.968788] active_anon:1228546 inactive_anon:6139 isolated_anon:0 [ 2385.968788] active_file:81 inactive_file:101 isolated_file:32 [ 2385.968788] unevictable:1839 dirty:0 writeback:0 unstable:0 [ 2385.968788] slab_reclaimable:18248 slab_unreclaimable:179071 [ 2385.968788] mapped:54246 shmem:7616 pagetables:44670 bounce:0 [ 2385.968788] free:22689 free_pcp:264 free_cma:0 [ 2386.071873] IPVS: ftp: loaded support on port[0] = 21 [ 2386.079652] Node 0 active_anon:1661540kB inactive_anon:16128kB active_file:16kB inactive_file:20kB unevictable:1032kB isolated(anon):0kB isolated(file):0kB mapped:209944kB dirty:0kB writeback:0kB shmem:22032kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 686080kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 2386.351362] IPVS: ftp: loaded support on port[0] = 21 [ 2386.351410] Node 1 active_anon:3252644kB inactive_anon:8428kB active_file:112kB inactive_file:56kB unevictable:6324kB isolated(anon):0kB isolated(file):36kB mapped:6448kB dirty:0kB writeback:0kB shmem:8432kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 2386.386079] Node 0 DMA free:10384kB min:220kB low:272kB high:324kB active_anon:1336kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:96kB pagetables:72kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2386.412810] lowmem_reserve[]: 0 2559 2559 2559 2559 [ 2386.417902] Node 0 DMA32 free:27288kB min:36296kB low:45368kB high:54440kB active_anon:1660204kB inactive_anon:16128kB active_file:16kB inactive_file:16kB unevictable:1032kB writepending:0kB present:3129332kB managed:2623996kB mlocked:1032kB kernel_stack:16832kB pagetables:38300kB bounce:0kB free_pcp:164kB local_pcp:124kB free_cma:0kB [ 2386.447781] lowmem_reserve[]: 0 0 0 0 0 [ 2386.451778] Node 0 Normal free:0kB min:0kB low:0kB high:0kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:0kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2386.715962] lowmem_reserve[]: 0 0 0 0 0 [ 2386.716958] IPVS: ftp: loaded support on port[0] = 21 [ 2386.720059] Node 1 Normal free:52840kB min:53592kB low:66988kB high:80384kB active_anon:3252552kB inactive_anon:8428kB active_file:172kB inactive_file:464kB unevictable:6324kB writepending:0kB present:3932160kB managed:3870192kB mlocked:6324kB kernel_stack:60352kB pagetables:140308kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2386.756006] lowmem_reserve[]: 0 0 0 0 0 [ 2386.760046] Node 0 DMA: 24*4kB (UMEH) 68*8kB (UMEH) 23*16kB (UMEH) 13*32kB (UME) 6*64kB (UM) 3*128kB (UMH) 2*256kB (EH) 1*512kB (E) 1*1024kB (E) 1*2048kB (E) 1*4096kB (M) = 10384kB [ 2386.776405] Node 0 DMA32: 1586*4kB (UMEH) 921*8kB (UME) 318*16kB (UME) 267*32kB (M) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27344kB [ 2386.793252] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 2386.811166] Node 1 Normal: 183*4kB (UM) 300*8kB (UME) 1094*16kB (UME) 880*32kB (UM) 60*64kB (UM) 2*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 52892kB [ 2386.825933] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2387.094806] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2387.108721] IPVS: ftp: loaded support on port[0] = 21 [ 2387.797761] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2387.806794] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2388.596067] 7927 total pagecache pages [ 2388.697626] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 2388.697628] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 2388.697703] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 2388.704726] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 2388.710969] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 2388.717685] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 2388.723934] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 2388.730420] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 2388.736891] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 2388.743390] ICMPv6: ndisc: ndisc_alloc_skb failed to allocate an skb [ 2388.987591] 0 pages in swap cache [ 2388.991074] Swap cache stats: add 0, delete 0, find 0/0 [ 2388.997049] Free swap = 0kB [ 2389.590094] Total swap = 0kB [ 2389.593139] 1965979 pages RAM [ 2389.596229] 0 pages HighMem/MovableOnly [ 2390.057817] 338455 pages reserved [ 2390.061324] 0 pages cma reserved [ 2390.064700] Out of memory: Kill process 6025 (syz-executor.0) score 1007 or sacrifice child [ 2390.699542] Killed process 6025 (syz-executor.0) total-vm:75236kB, anon-rss:16572kB, file-rss:35756kB, shmem-rss:0kB [ 2391.845436] syz-executor.0 invoked oom-killer: gfp_mask=0x15080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2392.471123] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 2392.542202] CPU: 1 PID: 13854 Comm: syz-executor.0 Not tainted 4.14.182-syzkaller #0 [ 2392.550123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2392.559481] Call Trace: [ 2392.562091] dump_stack+0x1b2/0x283 [ 2392.565763] dump_header+0x178/0x7aa [ 2392.569489] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 2392.575040] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 2392.580154] ? ___ratelimit+0x2cd/0x522 [ 2392.584230] oom_kill_process.cold+0x10/0xc16 [ 2392.588740] ? lock_downgrade+0x6e0/0x6e0 [ 2392.592908] out_of_memory+0x2d5/0x10f0 [ 2392.596906] ? oom_killer_disable+0x1c0/0x1c0 [ 2392.601409] ? mutex_trylock+0x152/0x1a0 [ 2392.605479] __alloc_pages_nodemask+0x2556/0x2730 [ 2392.610341] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 2392.615291] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2392.620322] ? kmem_cache_alloc_node+0x387/0x400 [ 2392.625094] copy_process.part.0+0x26a/0x6fa0 [ 2392.629599] ? trace_hardirqs_on+0x10/0x10 [ 2392.633853] ? trace_hardirqs_on+0x10/0x10 [ 2392.638104] ? cap_capable+0x1c4/0x230 [ 2392.642004] ? futex_exit_release+0x60/0x60 [ 2392.646325] ? security_capable+0x88/0xb0 [ 2392.650486] ? __cleanup_sighand+0x40/0x40 [ 2392.654723] ? lock_downgrade+0x6e0/0x6e0 [ 2392.658892] _do_fork+0x180/0xc80 [ 2392.662355] ? put_timespec64+0xaa/0xf0 [ 2392.666333] ? fork_idle+0x270/0x270 [ 2392.670058] ? SyS_clock_gettime+0xf5/0x180 [ 2392.674386] ? SyS_clock_settime+0x1a0/0x1a0 [ 2392.678813] ? do_syscall_64+0x4c/0x640 [ 2392.682793] ? sys_vfork+0x20/0x20 [ 2392.686354] do_syscall_64+0x1d5/0x640 [ 2392.690263] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 2392.695576] RIP: 0033:0x45ca69 [ 2392.698857] RSP: 002b:00007f5bae0a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2392.706574] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 2392.713849] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000069005100 [ 2392.721122] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 2392.728396] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2392.735670] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f5bae0a36d4