ce_lock+0xf7/0x490 [ 1147.702663] ? perf_trace_lock_acquire+0x510/0x510 [ 1147.707586] ? nfnetlink_bind+0x240/0x240 [ 1147.711715] ? netlink_deliver_tap+0x90/0x7d0 [ 1147.716195] ? lock_downgrade+0x740/0x740 [ 1147.720330] netlink_unicast+0x437/0x610 [ 1147.724375] ? netlink_sendskb+0xd0/0xd0 [ 1147.728436] netlink_sendmsg+0x62e/0xb80 [ 1147.732482] ? nlmsg_notify+0x170/0x170 [ 1147.736439] ? kernel_recvmsg+0x210/0x210 [ 1147.740572] ? security_socket_sendmsg+0x83/0xb0 [ 1147.745314] ? nlmsg_notify+0x170/0x170 [ 1147.749288] sock_sendmsg+0xb5/0x100 [ 1147.752984] ___sys_sendmsg+0x6c8/0x800 [ 1147.756940] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1147.761687] ? __lock_acquire+0x5fc/0x3f20 [ 1147.765932] ? perf_trace_lock_acquire+0x510/0x510 [ 1147.770849] ? do_futex+0x12b/0x1930 [ 1147.774559] ? check_preemption_disabled+0x35/0x240 [ 1147.779571] ? __fget+0x1fe/0x360 [ 1147.783008] ? lock_acquire+0x170/0x3f0 [ 1147.786961] ? lock_downgrade+0x740/0x740 [ 1147.791093] ? __fget+0x225/0x360 [ 1147.794531] ? __fdget+0x196/0x1f0 [ 1147.798051] ? sockfd_lookup_light+0xb2/0x160 [ 1147.802524] __sys_sendmsg+0xa3/0x120 [ 1147.806305] ? SyS_shutdown+0x160/0x160 [ 1147.810269] ? SyS_clock_gettime+0xf5/0x180 [ 1147.814570] ? SyS_clock_settime+0x1a0/0x1a0 [ 1147.818961] SyS_sendmsg+0x27/0x40 [ 1147.822577] ? __sys_sendmsg+0x120/0x120 [ 1147.826624] do_syscall_64+0x1d5/0x640 [ 1147.830507] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1147.835695] RIP: 0033:0x45d249 [ 1147.838876] RSP: 002b:00007fe770c23c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1147.846929] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1147.854186] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 1147.861447] RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 [ 1147.868697] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 1147.875962] R13: 00007fffec3adf2f R14: 00007fe770c249c0 R15: 000000000118cfec [ 1147.884156] warn_alloc_show_mem: 1 callbacks suppressed [ 1147.884160] Mem-Info: [ 1147.892071] active_anon:230812 inactive_anon:6091 isolated_anon:0 [ 1147.892071] active_file:7391 inactive_file:32677 isolated_file:0 [ 1147.892071] unevictable:0 dirty:372 writeback:0 unstable:0 [ 1147.892071] slab_reclaimable:18397 slab_unreclaimable:136178 [ 1147.892071] mapped:62364 shmem:6280 pagetables:5743 bounce:0 [ 1147.892071] free:1090651 free_pcp:193 free_cma:0 [ 1147.926225] Node 0 active_anon:923248kB inactive_anon:24364kB active_file:29420kB inactive_file:130708kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249484kB dirty:1500kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 882688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1147.955119] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1147.981307] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1148.007572] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1148.012626] Node 0 DMA32 free:563556kB min:36272kB low:45340kB high:54408kB active_anon:923248kB inactive_anon:24364kB active_file:29420kB inactive_file:130708kB unevictable:0kB writepending:1504kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14112kB pagetables:22972kB bounce:0kB free_pcp:760kB local_pcp:628kB free_cma:0kB [ 1148.042825] lowmem_reserve[]: 0 0 0 0 0 [ 1148.046898] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1148.072420] lowmem_reserve[]: 0 0 0 0 0 [ 1148.076489] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1148.104200] lowmem_reserve[]: 0 0 0 0 0 [ 1148.108271] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1148.121996] Node 0 DMA32: 955*4kB (UME) 172*8kB (UME) 166*16kB (UME) 259*32kB (UME) 116*64kB (UME) 27*128kB (UME) 11*256kB (UM) 12*512kB (UME) 7*1024kB (UME) 2*2048kB (UE) 126*4096kB (M) = 563340kB [ 1148.139894] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1148.150703] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1148.167571] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1148.176485] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1148.185152] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1148.193982] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1148.202732] 25306 total pagecache pages [ 1148.206806] 0 pages in swap cache [ 1148.210249] Swap cache stats: add 0, delete 0, find 0/0 04:27:50 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x44, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}]}, 0x44}}, 0x0) 04:27:50 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x581480, 0x0) ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f0000000440)=r1) clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r4 = accept4$netrom(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @bcast}, [@bcast, @bcast, @bcast, @null, @rose, @default, @bcast, @bcast]}, &(0x7f0000000140)=0x48, 0x80000) ioctl$sock_SIOCGSKNS(r4, 0x894c, &(0x7f0000000180)=0x7fff) read(r3, &(0x7f00003fefff)=""/1, 0x1) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r7, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xfffffffffffffdf8, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="f4000000", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080007008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f0800000600000008000500000200001c0003800800010002000000060007004e220000060007004e2000003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff153f99cdc45b4b0ee3a646960e998c2a7a0d48b441e030f0de6e521ca84d93cf5d9c51b5f18db55bc5459318c50d8911d5fee1c2fde91f0f923c800adb584ae509e28fd5f2362a4ee6de183bcf8c60cdd283705a04152646995e5888835e7b7e0c78eb8db1488c61b050bf5ad2ebde0957cb272eae0790b04c5bcb3dcfee6f64cc5764ad052a0f29b700ef0e7e75cb29d7e30a8080d6b126a29e196d54d46a158129a61bf8afacd14a940721173ecc9a5b3f3604a6524be5be9967b573c8e62b9a23fe0bcebf99272d160be29f1ea35436201d3ff7b113d4b2760aee9cf53c7603437901e34e47c2707e5c60b6def353f93663fa2af5b7341dab3d0b0ddbface9fb7ab562c6df042a99c1408f2b8b55141d5c6b33ce24423e49bb58f7a2bb99413077fca4c70e66ab70557fd4859404d4487784e090d57b23ae5dcafbb", @ANYRES16, @ANYRES32=r6], 0xf4}, 0x1, 0x0, 0x0, 0x8040}, 0x2080800) ioctl$SIOCNRDECOBS(r6, 0x89e2) 04:27:50 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000300000000000900020073797a31000000000500010006000000050005000000000014000780080013400000000008000633ffffffff0d000300686173683a6d61630000000050fc6aa0da2f5d74776815172799"], 0x5c}}, 0x0) 04:27:50 executing program 3: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x38, 0x2, {{}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x8}]}]}}}]}, 0x68}}, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x38, 0x2, {{0x0, 0x0, 0x3}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x8}]}]}}}]}, 0x68}}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000005240)={0x0, @local, @empty}, &(0x7f0000005280)=0xc) r7 = socket(0x11, 0x800000003, 0x0) bind(r7, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r7, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r9 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x38, 0x2, {{}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x8}]}]}}}]}, 0x68}}, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f00000054c0)={&(0x7f0000004ac0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000005480)={&(0x7f0000000100)={0x1c0, 0x0, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x0, 0x3, 0x2}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x0, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x4}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x6a}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x1c0}, 0x1, 0x0, 0x0, 0x20000805}, 0x24000009) r10 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r10, 0x8004510b, &(0x7f00000000c0)) clock_nanosleep(0x4, 0x1, &(0x7f0000000000)={0x0, 0x3938700}, 0x0) [ 1148.215756] Free swap = 0kB [ 1148.218863] Total swap = 0kB [ 1148.221862] 1965979 pages RAM [ 1148.225046] 0 pages HighMem/MovableOnly [ 1148.229008] 339072 pages reserved [ 1148.232437] 0 pages cma reserved [ 1148.236865] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1148.267150] netem: unknown loss type 8 [ 1148.275727] netem: change failed [ 1148.287166] netem: unknown loss type 8 [ 1148.293487] netem: change failed [ 1148.304769] netem: unknown loss type 8 [ 1148.308872] netem: change failed [ 1148.313549] netem: unknown loss type 8 04:27:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0xc) setreuid(0x0, r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r4 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r4, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r4, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r5 = socket(0x11, 0x800000003, 0x0) bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="800000000000000052", @ANYRES32=r6, @ANYBLOB="00000000ffffffff000000000a0001006e6574656d000000380002000000000000000000000000000000000000000000000000001c00058018000800"/80], 0x68}}, 0x0) ioctl$sock_SIOCADDRT(r4, 0x890b, &(0x7f00000003c0)={0x0, @isdn={0x22, 0x2, 0x9, 0x0, 0x81}, @nl=@unspec, @can={0x1d, r6}, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000380)='bridge_slave_0\x00', 0x5, 0x4, 0x4}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000580)={&(0x7f00000002c0)=@ipv6_getaddr={0x50, 0x16, 0x100, 0x70bd28, 0x25dfdbfd, {0xa, 0x1f, 0x3a, 0x0, r8}, [@IFA_FLAGS={0x8, 0x8, 0x20}, @IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFA_FLAGS={0x8, 0x8, 0x228}, @IFA_LOCAL={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x40480c1}, 0x0) syz_mount_image$btrfs(&(0x7f0000000040)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x7, 0x2, &(0x7f0000000200)=[{&(0x7f0000000100)="eb82096c88b3fbd75ffc100eada172d0a925d2e42ce6560392b70f71a4c630e2204aa167bf9a91e25f1dc88140c098dc0cbae349107dde6ab002cad980d36dd46e3add456dbbc0e3d61da963748d76bb9273636784294fdef13c5de464691933fe93c89ad5c7772b6807c1e2570fee51e930aa95d220d6d7d8999b2ff2a68834f5ed8a9700add9ba5197824bf53c725ef70822c63ef05eadff3bd12767e5bbd93c0b7ece98212d0b864fcd", 0xab, 0x5}, {&(0x7f00000001c0), 0x0, 0x81e}], 0x80, &(0x7f00000005c0)=ANY=[@ANYBLOB="72657363616e5f757569645f747265652c6e6f646973636172642c737562766f6c69643d3078303030303030303030303030306362632c6e6f6461746173756d2c6e6f6461746173756d2c636f6d70726573732d666f7263653d7a7374642c666f776e65723c9c9354b2ebbd81683c4a7145cdb1e69abd26b9c3f4411811e5517b30f12113ab8e9249655b862be88db7b592050909ab69969b6fa1ea76f4e8e2d1ba91574648720e0f74772360c7785308075bf67cec59189fd02cb28ceb00922cecf6", @ANYRESDEC=r1, @ANYBLOB=',uid=', @ANYRESDEC=0xee00, @ANYBLOB=',smackfsroot=/dev/sequencer\x00,subj_user=/dev/sequencer\x00,euid>', @ANYRESDEC=r3, @ANYBLOB=',smackfshat=/dev/sequencer\x00,subj_user=/dev/sequencer\x00,\x00']) r9 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x93980, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r9, 0x8004510b, &(0x7f00000000c0)) [ 1148.319388] netem: change failed [ 1148.401537] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1148.411765] CPU: 1 PID: 5816 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1148.419612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1148.428967] Call Trace: [ 1148.431559] dump_stack+0x1b2/0x283 [ 1148.435524] warn_alloc.cold+0x96/0x1cc [ 1148.439479] ? check_preemption_disabled+0x35/0x240 [ 1148.444521] ? zone_watermark_ok_safe+0x220/0x220 [ 1148.449376] ? perf_trace_lock_acquire+0x510/0x510 [ 1148.454292] ? fs_reclaim_release+0xd0/0x110 [ 1148.458701] ? ip_set_alloc+0x47/0x60 [ 1148.462482] vzalloc+0x122/0x150 [ 1148.465844] ip_set_alloc+0x47/0x60 [ 1148.469460] hash_mac_create+0x36e/0x7c6 [ 1148.473505] ip_set_create+0x5f9/0xf30 [ 1148.477379] ? __find_set_type_get+0x360/0x360 [ 1148.481942] ? __mutex_lock+0x360/0x1310 [ 1148.485998] ? __find_set_type_get+0x360/0x360 [ 1148.490566] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1148.494807] netlink_rcv_skb+0x125/0x390 [ 1148.498848] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1148.503847] ? netlink_ack+0x9a0/0x9a0 [ 1148.507724] ? ns_capable_common+0x127/0x150 [ 1148.512114] nfnetlink_rcv+0x1ab/0x1da0 [ 1148.516087] ? __dev_queue_xmit+0xcd6/0x2480 [ 1148.520479] ? check_preemption_disabled+0x35/0x240 [ 1148.525478] ? perf_trace_lock+0xf7/0x490 [ 1148.529621] ? perf_trace_lock_acquire+0x510/0x510 [ 1148.534543] ? nfnetlink_bind+0x240/0x240 [ 1148.538694] ? netlink_deliver_tap+0x90/0x7d0 [ 1148.543183] ? lock_downgrade+0x740/0x740 [ 1148.547317] netlink_unicast+0x437/0x610 [ 1148.551386] ? netlink_sendskb+0xd0/0xd0 [ 1148.555442] netlink_sendmsg+0x62e/0xb80 [ 1148.559498] ? nlmsg_notify+0x170/0x170 [ 1148.563454] ? kernel_recvmsg+0x210/0x210 [ 1148.567602] ? security_socket_sendmsg+0x83/0xb0 [ 1148.572337] ? nlmsg_notify+0x170/0x170 [ 1148.576292] sock_sendmsg+0xb5/0x100 [ 1148.580009] ___sys_sendmsg+0x6c8/0x800 [ 1148.583988] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1148.588740] ? __lock_acquire+0x5fc/0x3f20 [ 1148.592965] ? perf_trace_lock_acquire+0x510/0x510 [ 1148.597877] ? do_futex+0x12b/0x1930 [ 1148.601577] ? check_preemption_disabled+0x35/0x240 [ 1148.606596] ? __fget+0x1fe/0x360 [ 1148.610034] ? lock_acquire+0x170/0x3f0 [ 1148.613999] ? lock_downgrade+0x740/0x740 [ 1148.618146] ? __fget+0x225/0x360 [ 1148.621595] ? __fdget+0x196/0x1f0 [ 1148.625123] ? sockfd_lookup_light+0xb2/0x160 [ 1148.629606] __sys_sendmsg+0xa3/0x120 [ 1148.633737] ? SyS_shutdown+0x160/0x160 [ 1148.637700] ? SyS_clock_gettime+0xf5/0x180 [ 1148.642001] ? SyS_clock_settime+0x1a0/0x1a0 [ 1148.646404] SyS_sendmsg+0x27/0x40 [ 1148.649924] ? __sys_sendmsg+0x120/0x120 [ 1148.653969] do_syscall_64+0x1d5/0x640 [ 1148.658552] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1148.663741] RIP: 0033:0x45d249 [ 1148.667099] RSP: 002b:00007f1c6354cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1148.674801] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1148.682062] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1148.689312] RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 04:27:51 executing program 3: timer_create(0x4, &(0x7f0000000000)={0x0, 0x21, 0x1, @thr={&(0x7f0000000100)="f6dc1b51d2dd700a2d0327930b8b4420027e276a30566320a5f32fdc4d6b32561373f026584811d87e0dd2e1253016dc536f7b655f3b6ddebcae3e4f8b5d72ece9012af30d6c8128a1d616094f754af4f5bfda21663355b2aefaee139b6d127a0c7821ccc2392be41fdae9b6254a35c291d034f43396d7d2db46a64feff6a5a2a06beb1e742ec07f6432ac6f346d62b9", &(0x7f00000001c0)="cd3aafb98ffca1df92f7ffd7ee7fddf11f5eb8e51568834c5591361c8d5d93966b5fd4e32ce6def42d4b26d6dcf4df2e1e51adff896340a2fee97b42dfec48341fedb6f641bd400c414f40854b523c176de5fd7b554d7294ac23d2c198e84dac3af90823ede366ab13cdcae36f28c1f30b8525a55278909b2145be06716e7880bd7d1ba52db1ab3acbd01b9a109c29fd5e78ceec7c66462c"}}, &(0x7f0000000040)=0x0) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f00000002c0)={{0x77359400}, {r1, r2+60000000}}, &(0x7f0000000300)) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r3, 0x8004510b, &(0x7f00000000c0)) [ 1148.696564] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 1148.703811] R13: 00007ffd3fb1901f R14: 00007f1c6354d9c0 R15: 000000000118cfec [ 1148.732966] print_req_error: I/O error, dev loop3, sector 0 04:27:51 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x9c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x48, 0x7, 0x0, 0x1, [@IPSET_ATTR_PROTO={0x5, 0x7, 0x89}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0xfffffc01}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x8}, @IPSET_ATTR_CADT_FLAGS={0x8}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x6}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x9c}}, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x204082, 0x0) ioctl$USBDEVFS_SETCONFIGURATION(r1, 0x80045505, &(0x7f0000000180)) 04:27:51 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x44, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}]}, 0x44}}, 0x0) 04:27:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) umount2(&(0x7f0000000080)='./file0\x00', 0x8) uname(&(0x7f0000000140)=""/100) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00') sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r3, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="0903000000000000000001"], 0x14}}, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x90, r4, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x2d43}, {0x6, 0x16, 0x6}, {0x5}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x7}, {0x5}}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000040}, 0x2000c014) 04:27:51 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x301642, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) 04:27:51 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001980)=ANY=[@ANYBLOB="540000000207010100000000000000000000000005000400000000000900020073797a31000000197ddfd5697460000500010006000000050005000000295a0c00f1a28f0c9f8ea6f761390d000300686173683a6d610000000000f41cb8ddb233f0e23e62f12d59786805882e38165be4c60ac1c1ea9b2c422b02160173ffb6a7ffb5bbb417375df34d17c65a37631c2545315a55d374877955a4f70f3cf232c28c484ac73f5735e43b61afa900df4b28d1207a736cf3b36b993de36b97952cf2246b6366323638f0ef8e8656e8c2c1f17c7ef09f92f9e9d2476cb0fadbb847c576345b0e95045c98feeb71a8a3dd3ce4f4638c13eda4a413bf64946b1bbb836f65c47ba1f2637fcec7a77879db43e3c8a040ab98cb3b3da5e940a01d9bf6801d74"], 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r2, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) recvmsg$kcm(r2, &(0x7f0000001700)={&(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @remote}}}}, 0x80, &(0x7f0000001600)=[{&(0x7f00000002c0)=""/245, 0xf5}, {&(0x7f00000003c0)=""/193, 0xc1}, {&(0x7f00000004c0)=""/8, 0x8}, {&(0x7f0000000500)=""/167, 0xa7}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/30, 0x1e}], 0x6, &(0x7f0000001680)=""/81, 0x51}, 0x1) setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000001740)=@bpq0='bpq0\x00', 0x10) r4 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r4, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001780)=ANY=[@ANYBLOB="480000000f14000329bd7000ffdbdf250c00450069625f73727074000800030003400100000000006160000008000300f1ffffff0c00450069625f7372707400080001000000000055b27717efefa07db8cc88283576a26d7a0585174f9f21608ce22f1e4485def1d5dca00c31f9270652f61715da5b5aac4230a3ccf1fdcc93dbf337497576fab01c33f9d0cbb5e3d216e21abc4e12bb755d83903aa09f4d199c999b3d477e6a0341bd579afad54e0244615a3657720ff0a293199af475518ccbb113864f2fa36618a94b5619d572bd1559c44bbbea4d3bcf8712eec69228e34615f3952370c17f7dfd7b9a22916a3bd72bf41c7682b4f14a4db1fc92897dc5941ea05e8bedf1f9cb081075fcca21e44727b9c0d2d2cb8667995e50bf3731d26c7b82157e970e52c6c1563818071abf02bdf9dc27f502c82fd85607d02ab5d9c3635c48a2458d15f7a1b88326ae07b7fdbb1463b4addb7946c1ddfad4890fed7653dff3e2b391e7d8d43613a1054cd29277ef99fff89cf2839f1443fc3b2101dfdf101174ba7c0faf4f2b2d8a783e9e29706f7180bca50fe0e541598fbc3bd24c8d21ca94e563a6d61b6953796e918e6b37a94b6c469de2bafded1af8a44dcb440e2200000000000000"], 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000840) 04:27:51 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x44, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}]}, 0x44}}, 0x0) 04:27:51 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PROBES={0x5}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x4440) [ 1148.918173] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1148.918209] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1148.975847] CPU: 1 PID: 5856 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1148.983671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1148.993030] Call Trace: [ 1148.995624] dump_stack+0x1b2/0x283 [ 1148.999346] warn_alloc.cold+0x96/0x1cc [ 1149.003414] ? rcu_read_unlock_special+0x8db/0xdd0 [ 1149.008351] ? zone_watermark_ok_safe+0x220/0x220 [ 1149.013219] ? perf_trace_lock_acquire+0x510/0x510 [ 1149.018253] ? fs_reclaim_release+0xd0/0x110 [ 1149.023200] ? ip_set_alloc+0x47/0x60 [ 1149.027024] vzalloc+0x122/0x150 [ 1149.030401] ip_set_alloc+0x47/0x60 [ 1149.034119] hash_mac_create+0x36e/0x7c6 [ 1149.038187] ip_set_create+0x5f9/0xf30 [ 1149.042096] ? __find_set_type_get+0x360/0x360 [ 1149.046728] ? __mutex_lock+0x360/0x1310 [ 1149.050813] ? lock_downgrade+0x740/0x740 [ 1149.054971] ? __find_set_type_get+0x360/0x360 [ 1149.059567] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1149.063830] netlink_rcv_skb+0x125/0x390 [ 1149.067903] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1149.072926] ? netlink_ack+0x9a0/0x9a0 [ 1149.076823] ? ns_capable_common+0x127/0x150 [ 1149.081241] nfnetlink_rcv+0x1ab/0x1da0 [ 1149.085222] ? __dev_queue_xmit+0xcd6/0x2480 [ 1149.089644] ? check_preemption_disabled+0x35/0x240 [ 1149.094674] ? perf_trace_lock+0xf7/0x490 [ 1149.098835] ? perf_trace_lock_acquire+0x510/0x510 [ 1149.104216] ? nfnetlink_bind+0x240/0x240 [ 1149.108380] ? netlink_deliver_tap+0x90/0x7d0 [ 1149.112894] ? lock_downgrade+0x740/0x740 [ 1149.117061] netlink_unicast+0x437/0x610 [ 1149.121246] ? netlink_sendskb+0xd0/0xd0 [ 1149.125301] netlink_sendmsg+0x62e/0xb80 [ 1149.129368] ? nlmsg_notify+0x170/0x170 [ 1149.133445] ? kernel_recvmsg+0x210/0x210 [ 1149.137588] ? security_socket_sendmsg+0x83/0xb0 [ 1149.142346] ? nlmsg_notify+0x170/0x170 [ 1149.146317] sock_sendmsg+0xb5/0x100 [ 1149.150021] ___sys_sendmsg+0x6c8/0x800 [ 1149.154589] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1149.159338] ? __lock_acquire+0x5fc/0x3f20 [ 1149.163666] ? perf_trace_lock_acquire+0x510/0x510 [ 1149.168582] ? do_futex+0x12b/0x1930 [ 1149.172377] ? check_preemption_disabled+0x35/0x240 [ 1149.177382] ? __fget+0x1fe/0x360 [ 1149.180827] ? lock_acquire+0x170/0x3f0 [ 1149.184802] ? lock_downgrade+0x740/0x740 [ 1149.188948] ? __fget+0x225/0x360 [ 1149.192385] ? __fdget+0x196/0x1f0 [ 1149.195908] ? sockfd_lookup_light+0xb2/0x160 [ 1149.200385] __sys_sendmsg+0xa3/0x120 [ 1149.204208] ? SyS_shutdown+0x160/0x160 [ 1149.208260] ? SyS_clock_gettime+0xf5/0x180 [ 1149.212565] ? SyS_clock_settime+0x1a0/0x1a0 [ 1149.216959] SyS_sendmsg+0x27/0x40 [ 1149.220577] ? __sys_sendmsg+0x120/0x120 [ 1149.224647] do_syscall_64+0x1d5/0x640 [ 1149.228553] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1149.233910] RIP: 0033:0x45d249 [ 1149.237082] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1149.244788] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1149.252327] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1149.259586] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1149.266948] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1149.274201] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1149.316842] warn_alloc_show_mem: 1 callbacks suppressed [ 1149.316846] Mem-Info: [ 1149.325545] active_anon:232424 inactive_anon:6091 isolated_anon:0 [ 1149.325545] active_file:7392 inactive_file:32694 isolated_file:0 [ 1149.325545] unevictable:0 dirty:139 writeback:0 unstable:0 [ 1149.325545] slab_reclaimable:18389 slab_unreclaimable:136899 [ 1149.325545] mapped:62381 shmem:6280 pagetables:5827 bounce:0 [ 1149.325545] free:1088022 free_pcp:324 free_cma:0 [ 1149.363198] Node 0 active_anon:929696kB inactive_anon:24364kB active_file:29424kB inactive_file:130776kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249524kB dirty:556kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 888832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1149.393627] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1149.421693] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1149.422137] IPVS: ftp: loaded support on port[0] = 21 [ 1149.448143] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1149.459994] Node 0 DMA32 free:554024kB min:36272kB low:45340kB high:54408kB active_anon:929696kB inactive_anon:24364kB active_file:29424kB inactive_file:130776kB unevictable:0kB writepending:556kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14432kB pagetables:23308kB bounce:0kB free_pcp:1288kB local_pcp:592kB free_cma:0kB [ 1149.491118] lowmem_reserve[]: 0 0 0 0 0 [ 1149.495371] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1149.522130] lowmem_reserve[]: 0 0 0 0 0 [ 1149.526372] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1149.556413] lowmem_reserve[]: 0 0 0 0 0 [ 1149.560574] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1149.575905] Node 0 DMA32: 780*4kB (UME) 155*8kB (UME) 216*16kB (UE) 175*32kB (UME) 94*64kB (UME) 28*128kB (UME) 11*256kB (UM) 12*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 553192kB [ 1149.594131] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1149.606545] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1149.625144] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1149.634391] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1149.644779] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1149.654101] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1149.664244] 25317 total pagecache pages [ 1149.668478] 0 pages in swap cache [ 1149.672187] Swap cache stats: add 0, delete 0, find 0/0 [ 1149.679797] Free swap = 0kB [ 1149.683064] Total swap = 0kB [ 1149.690087] 1965979 pages RAM [ 1149.693300] 0 pages HighMem/MovableOnly [ 1149.698721] 339072 pages reserved [ 1149.702356] 0 pages cma reserved [ 1149.706376] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1149.734569] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1149.739733] CPU: 0 PID: 5862 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1149.747531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1149.756898] Call Trace: [ 1149.759500] dump_stack+0x1b2/0x283 [ 1149.763145] warn_alloc.cold+0x96/0x1cc [ 1149.767131] ? check_preemption_disabled+0x35/0x240 [ 1149.772150] ? zone_watermark_ok_safe+0x220/0x220 [ 1149.777025] ? perf_trace_lock_acquire+0x510/0x510 [ 1149.781945] ? fs_reclaim_release+0xd0/0x110 [ 1149.787257] ? ip_set_alloc+0x47/0x60 [ 1149.791068] vzalloc+0x122/0x150 [ 1149.794426] ip_set_alloc+0x47/0x60 [ 1149.798053] hash_mac_create+0x36e/0x7c6 [ 1149.802112] ip_set_create+0x5f9/0xf30 [ 1149.805985] ? __find_set_type_get+0x360/0x360 [ 1149.810552] ? __mutex_lock+0x360/0x1310 [ 1149.814636] ? __find_set_type_get+0x360/0x360 [ 1149.819216] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1149.823476] netlink_rcv_skb+0x125/0x390 [ 1149.827548] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1149.832576] ? netlink_ack+0x9a0/0x9a0 [ 1149.836482] ? ns_capable_common+0x127/0x150 [ 1149.840893] nfnetlink_rcv+0x1ab/0x1da0 [ 1149.844859] ? __dev_queue_xmit+0xcd6/0x2480 [ 1149.849249] ? check_preemption_disabled+0x35/0x240 [ 1149.854274] ? perf_trace_lock+0xf7/0x490 [ 1149.858425] ? perf_trace_lock_acquire+0x510/0x510 [ 1149.863358] ? nfnetlink_bind+0x240/0x240 [ 1149.867496] ? netlink_deliver_tap+0x90/0x7d0 [ 1149.871978] ? lock_downgrade+0x740/0x740 [ 1149.876137] netlink_unicast+0x437/0x610 [ 1149.880201] ? netlink_sendskb+0xd0/0xd0 [ 1149.884540] netlink_sendmsg+0x62e/0xb80 [ 1149.888585] ? nlmsg_notify+0x170/0x170 [ 1149.892551] ? kernel_recvmsg+0x210/0x210 [ 1149.896686] ? security_socket_sendmsg+0x83/0xb0 [ 1149.901419] ? nlmsg_notify+0x170/0x170 [ 1149.905376] sock_sendmsg+0xb5/0x100 [ 1149.909103] ___sys_sendmsg+0x6c8/0x800 [ 1149.913059] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1149.917818] ? __lock_acquire+0x5fc/0x3f20 [ 1149.922060] ? perf_trace_lock_acquire+0x510/0x510 [ 1149.926974] ? do_futex+0x12b/0x1930 [ 1149.930676] ? check_preemption_disabled+0x35/0x240 [ 1149.936195] ? __fget+0x1fe/0x360 [ 1149.939732] ? lock_acquire+0x170/0x3f0 [ 1149.943703] ? lock_downgrade+0x740/0x740 [ 1149.947866] ? __fget+0x225/0x360 [ 1149.951578] ? __fdget+0x196/0x1f0 [ 1149.955112] ? sockfd_lookup_light+0xb2/0x160 [ 1149.959595] __sys_sendmsg+0xa3/0x120 [ 1149.963376] ? SyS_shutdown+0x160/0x160 [ 1149.967344] ? SyS_clock_gettime+0xf5/0x180 [ 1149.971648] ? SyS_clock_settime+0x1a0/0x1a0 [ 1149.976055] SyS_sendmsg+0x27/0x40 [ 1149.979576] ? __sys_sendmsg+0x120/0x120 [ 1149.983793] do_syscall_64+0x1d5/0x640 [ 1149.987678] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1149.992858] RIP: 0033:0x45d249 [ 1149.996025] RSP: 002b:00007fe770c23c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1150.003712] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1150.010963] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1150.018229] RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 [ 1150.025484] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 1150.032843] R13: 00007fffec3adf2f R14: 00007fe770c249c0 R15: 000000000118cfec 04:27:53 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:27:53 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x240242, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$INOTIFY_IOC_SETNEXTWD(r1, 0x40044900, 0x7) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r7, 0x8004510b, &(0x7f00000000c0)) 04:27:53 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$LOOP_SET_CAPACITY(r4, 0x4c07) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r7, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r6, 0x89e2) 04:27:53 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) pwrite64(r0, &(0x7f0000000080)="bc68d1c0f1e8d9608aa1b66f56a0b14334c314857183c967e96f3160889043f53034ad3b4b817e7ca4486b1efee5afc74a1159eb1799b1fe10cb0cb019aea2c00dba0be2696565913b06f5267148c65b7308f4a92ce8657a1c", 0x59, 0x9) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000200)={&(0x7f00000001c0)=[0x8, 0x401, 0xffffffff], 0x3, 0x800, 0x0, 0xffffffffffffffff}) ioctl$KDSETLED(r3, 0x4b32, 0x100) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl\x00', 0x800, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$AUDIT_SET_FEATURE(r5, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x3fa, 0x200, 0x70bd2c, 0x25dfdbfd, {}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x810}, 0x800) 04:27:53 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, &(0x7f0000000080)) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a3100000000050001000600000005000500000000000c00078008001240479e61390d000300686173683a6d61e3000000005e4a319a9d"], 0x54}}, 0x0) 04:27:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) arch_prctl$ARCH_SET_GS(0x1001, &(0x7f0000000080)) pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x80800) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f00000002c0)={r4, &(0x7f00000001c0)=""/211}) 04:27:53 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$rose(0xffffffffffffffff, &(0x7f0000000080)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x6, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x40) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:27:53 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:27:53 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200000, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) [ 1151.321851] IPVS: ftp: loaded support on port[0] = 21 [ 1151.322269] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1151.397695] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1151.403303] CPU: 1 PID: 5913 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1151.411221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1151.420577] Call Trace: [ 1151.423272] dump_stack+0x1b2/0x283 [ 1151.426918] warn_alloc.cold+0x96/0x1cc [ 1151.430908] ? check_preemption_disabled+0x35/0x240 [ 1151.435936] ? zone_watermark_ok_safe+0x220/0x220 [ 1151.440794] ? perf_trace_lock_acquire+0x510/0x510 [ 1151.445739] ? fs_reclaim_release+0xd0/0x110 [ 1151.450159] ? ip_set_alloc+0x47/0x60 [ 1151.453970] vzalloc+0x122/0x150 [ 1151.457343] ip_set_alloc+0x47/0x60 [ 1151.460978] hash_mac_create+0x36e/0x7c6 [ 1151.465061] ip_set_create+0x5f9/0xf30 [ 1151.468965] ? __find_set_type_get+0x360/0x360 [ 1151.473550] ? __mutex_lock+0x360/0x1310 [ 1151.477638] ? lock_downgrade+0x740/0x740 [ 1151.481805] ? __find_set_type_get+0x360/0x360 [ 1151.486400] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1151.490756] netlink_rcv_skb+0x125/0x390 [ 1151.494909] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1151.499938] ? netlink_ack+0x9a0/0x9a0 [ 1151.503843] ? ns_capable_common+0x127/0x150 [ 1151.508261] nfnetlink_rcv+0x1ab/0x1da0 [ 1151.512256] ? __dev_queue_xmit+0xcd6/0x2480 [ 1151.516680] ? check_preemption_disabled+0x35/0x240 [ 1151.521706] ? perf_trace_lock+0xf7/0x490 [ 1151.525897] ? perf_trace_lock_acquire+0x510/0x510 [ 1151.530840] ? nfnetlink_bind+0x240/0x240 [ 1151.535003] ? netlink_deliver_tap+0x90/0x7d0 [ 1151.539513] ? lock_downgrade+0x740/0x740 [ 1151.543676] netlink_unicast+0x437/0x610 [ 1151.547845] ? netlink_sendskb+0xd0/0xd0 [ 1151.551918] netlink_sendmsg+0x62e/0xb80 [ 1151.556017] ? nlmsg_notify+0x170/0x170 [ 1151.559995] ? kernel_recvmsg+0x210/0x210 [ 1151.564148] ? security_socket_sendmsg+0x83/0xb0 [ 1151.568908] ? nlmsg_notify+0x170/0x170 [ 1151.572886] sock_sendmsg+0xb5/0x100 [ 1151.576665] ___sys_sendmsg+0x6c8/0x800 [ 1151.580653] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1151.585417] ? __lock_acquire+0x5fc/0x3f20 [ 1151.589661] ? perf_trace_lock_acquire+0x510/0x510 [ 1151.594621] ? do_futex+0x12b/0x1930 [ 1151.598340] ? check_preemption_disabled+0x35/0x240 [ 1151.603450] ? __fget+0x1fe/0x360 [ 1151.606925] ? lock_acquire+0x170/0x3f0 [ 1151.610908] ? lock_downgrade+0x740/0x740 [ 1151.615064] ? __fget+0x225/0x360 [ 1151.618521] ? __fdget+0x196/0x1f0 [ 1151.622069] ? sockfd_lookup_light+0xb2/0x160 [ 1151.626574] __sys_sendmsg+0xa3/0x120 [ 1151.630385] ? SyS_shutdown+0x160/0x160 [ 1151.634378] ? SyS_clock_gettime+0xf5/0x180 [ 1151.638703] ? SyS_clock_settime+0x1a0/0x1a0 [ 1151.643148] SyS_sendmsg+0x27/0x40 04:27:54 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1000000, 0x7, 0x40}, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)="cfc1ae015311f3974d2022b33acad7766d4e6048ad0831e2b56367d0cf7d7cdce2d94a469fd9a9c0651a75a95a709f1ce07c86be91d4a10bdc55342f253fe92cfd3122b658aab740a3114b9881c744ff8fc8c5283db40c06438d35d7e90d9e6ba90b683590c9d0f537dea72fa8") r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r1, 0x8004510b, &(0x7f00000000c0)) [ 1151.646701] ? __sys_sendmsg+0x120/0x120 [ 1151.650777] do_syscall_64+0x1d5/0x640 [ 1151.654665] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1151.659852] RIP: 0033:0x45d249 [ 1151.663151] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1151.671117] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1151.678371] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1151.685637] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1151.692998] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1151.700269] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1151.720973] warn_alloc_show_mem: 1 callbacks suppressed [ 1151.720978] Mem-Info: [ 1151.733753] active_anon:232423 inactive_anon:6091 isolated_anon:0 [ 1151.733753] active_file:7392 inactive_file:32706 isolated_file:0 [ 1151.733753] unevictable:0 dirty:151 writeback:0 unstable:0 [ 1151.733753] slab_reclaimable:18389 slab_unreclaimable:135512 [ 1151.733753] mapped:62399 shmem:6280 pagetables:5863 bounce:0 [ 1151.733753] free:1089472 free_pcp:215 free_cma:0 [ 1151.769439] Node 0 active_anon:929692kB inactive_anon:24364kB active_file:29424kB inactive_file:130824kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249596kB dirty:604kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 880640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1151.798378] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:27:54 executing program 3: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$SNDCTL_SEQ_NRMIDIS(r5, 0x8004510b, &(0x7f00000000c0)) [ 1151.825048] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1151.856828] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1151.862143] Node 0 DMA32 free:558320kB min:36272kB low:45340kB high:54408kB active_anon:929704kB inactive_anon:24364kB active_file:29424kB inactive_file:130824kB unevictable:0kB writepending:604kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14400kB pagetables:23304kB bounce:0kB free_pcp:848kB local_pcp:176kB free_cma:0kB 04:27:54 executing program 3: socketpair(0x2c, 0x800, 0xac, &(0x7f0000000000)) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) [ 1151.896403] lowmem_reserve[]: 0 0 0 0 0 [ 1151.900614] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1151.927224] lowmem_reserve[]: 0 0 0 0 0 [ 1151.931424] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1151.966394] lowmem_reserve[]: 0 0 0 0 0 [ 1151.970725] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 04:27:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) socket$packet(0x11, 0x2, 0x300) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IP_VS_SO_SET_ZERO(r1, 0x0, 0x48f, &(0x7f0000000040)={0x73, @dev={0xac, 0x14, 0x14, 0x12}, 0x4e23, 0x0, 'ovf\x00', 0x1, 0x0, 0x57}, 0x2c) ioctl$TCGETX(r1, 0x5432, &(0x7f0000000000)) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r2, 0x8004510b, &(0x7f00000000c0)) [ 1151.985533] Node 0 DMA32: 809*4kB (UME) 376*8kB (UME) 263*16kB (UME) 190*32kB (UME) 101*64kB (UME) 28*128kB (UME) 11*256kB (UM) 12*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 556756kB [ 1152.004205] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1152.016087] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1152.033439] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1152.046637] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1152.058248] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1152.068063] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1152.077167] 25333 total pagecache pages [ 1152.081301] 0 pages in swap cache [ 1152.085179] Swap cache stats: add 0, delete 0, find 0/0 [ 1152.090963] Free swap = 0kB [ 1152.094633] Total swap = 0kB 04:27:54 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) [ 1152.098028] 1965979 pages RAM [ 1152.101318] IPVS: set_ctl: invalid protocol: 115 172.20.20.18:20003 [ 1152.108197] 0 pages HighMem/MovableOnly [ 1152.112861] 339072 pages reserved [ 1152.119449] 0 pages cma reserved [ 1152.121895] IPVS: set_ctl: invalid protocol: 115 172.20.20.18:20003 [ 1152.130611] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1152.150959] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1152.163289] CPU: 1 PID: 5919 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1152.171126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1152.180748] Call Trace: [ 1152.183342] dump_stack+0x1b2/0x283 [ 1152.186984] warn_alloc.cold+0x96/0x1cc [ 1152.190974] ? check_preemption_disabled+0x35/0x240 [ 1152.195996] ? zone_watermark_ok_safe+0x220/0x220 [ 1152.200838] ? perf_trace_lock_acquire+0x510/0x510 [ 1152.205775] ? fs_reclaim_release+0xd0/0x110 [ 1152.210191] ? ip_set_alloc+0x47/0x60 [ 1152.213984] vzalloc+0x122/0x150 [ 1152.217347] ip_set_alloc+0x47/0x60 [ 1152.220961] hash_mac_create+0x36e/0x7c6 [ 1152.225023] ip_set_create+0x5f9/0xf30 [ 1152.228910] ? __find_set_type_get+0x360/0x360 [ 1152.233478] ? __mutex_lock+0x360/0x1310 [ 1152.237542] ? __find_set_type_get+0x360/0x360 [ 1152.242118] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1152.246346] netlink_rcv_skb+0x125/0x390 [ 1152.250402] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1152.255414] ? netlink_ack+0x9a0/0x9a0 [ 1152.259291] ? ns_capable_common+0x127/0x150 [ 1152.263679] nfnetlink_rcv+0x1ab/0x1da0 [ 1152.267648] ? __dev_queue_xmit+0xcd6/0x2480 [ 1152.272046] ? check_preemption_disabled+0x35/0x240 [ 1152.277042] ? perf_trace_lock+0xf7/0x490 [ 1152.281171] ? perf_trace_lock_acquire+0x510/0x510 [ 1152.286086] ? nfnetlink_bind+0x240/0x240 [ 1152.290246] ? netlink_deliver_tap+0x90/0x7d0 [ 1152.294726] ? lock_downgrade+0x740/0x740 [ 1152.298875] netlink_unicast+0x437/0x610 [ 1152.302921] ? netlink_sendskb+0xd0/0xd0 [ 1152.307063] netlink_sendmsg+0x62e/0xb80 [ 1152.311112] ? nlmsg_notify+0x170/0x170 [ 1152.315102] ? kernel_recvmsg+0x210/0x210 [ 1152.319230] ? security_socket_sendmsg+0x83/0xb0 [ 1152.323964] ? nlmsg_notify+0x170/0x170 [ 1152.327918] sock_sendmsg+0xb5/0x100 [ 1152.331634] ___sys_sendmsg+0x6c8/0x800 [ 1152.335590] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1152.340362] ? __lock_acquire+0x5fc/0x3f20 [ 1152.344579] ? perf_trace_lock_acquire+0x510/0x510 [ 1152.349489] ? do_futex+0x12b/0x1930 [ 1152.353220] ? check_preemption_disabled+0x35/0x240 [ 1152.358227] ? __fget+0x1fe/0x360 [ 1152.361677] ? lock_acquire+0x170/0x3f0 [ 1152.365628] ? lock_downgrade+0x740/0x740 [ 1152.369775] ? __fget+0x225/0x360 [ 1152.373214] ? __fdget+0x196/0x1f0 [ 1152.376734] ? sockfd_lookup_light+0xb2/0x160 [ 1152.381232] __sys_sendmsg+0xa3/0x120 [ 1152.385101] ? SyS_shutdown+0x160/0x160 [ 1152.389078] ? SyS_clock_gettime+0xf5/0x180 [ 1152.393391] ? SyS_clock_settime+0x1a0/0x1a0 [ 1152.397788] SyS_sendmsg+0x27/0x40 [ 1152.401375] ? __sys_sendmsg+0x120/0x120 [ 1152.405474] do_syscall_64+0x1d5/0x640 [ 1152.409349] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1152.414519] RIP: 0033:0x45d249 [ 1152.417685] RSP: 002b:00007fe770c23c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1152.425379] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1152.432642] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1152.440090] RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 [ 1152.447338] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 1152.454731] R13: 00007fffec3adf2f R14: 00007fe770c249c0 R15: 000000000118cfec 04:27:56 executing program 5: ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x8008551d, &(0x7f00000000c0)={0x4ff6, 0x1, [{0x1, 0x1}]}) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:27:56 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:27:56 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0x2}, 0x8) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) 04:27:56 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000080)={0x2, 0x1000, 0x1}) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:27:56 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000002060101000000000000000000000000050004000000000009543dd1dc50b91eb787522c02dc0002007379ff0700000000000014000700080013400000000008000640ffffffff0d000300000000000000200000000000c1309749a4b7ae3f36c6dd26a63095c93a688aac7d4972bdc5401b0dd6c37460ad8054494357da40c4537176c81b3af0af60d3107a88c6c908a53cc8e88232208b2000000089d36aeb97be246d97a311b806b93c8a3588c519c924990ba8f607aae80000b29aeda943cfb4ff91091406be9dffb880404cf17315991b0435e010482266aa0030603c4464ca2a34e062362a08da0d9b3aa42441d6b2adacae0fcc0fb0e100fd46fc3359854ec800421373f4caff89c2d67437de5e8d52c9f44db49d93b45d23b9256f771bf5877f4b190c6cba8473ddf7a357db2fd85b726ca7fd3d24c6e910fe8a07665b54def18cda733c3fd3168b4752bf44ef177970f34b29b577f5d85b76bfa9205193491885a6eab568fee3c22c608fd40de7ceb38e9d211a5c6a794e9470261d86d0ee29ebadc46e438d59bde650f8461714892c59a95636db47bac91fd72efae64e386749d695692fb3871bf24e1196618aa521b6981bfb09022c72118f02d88941ee90cbde553a78b8809110f4e348b144e98b4795c3578f348f13eb50820d6145666a4b5b5928c848"], 0x5c}}, 0x0) 04:27:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x2000000000003) ioctl$KVM_DEASSIGN_PCI_DEVICE(r2, 0x4040ae72, &(0x7f0000000080)={0xfffffffd, 0x8, 0x1, 0x2, 0x900000}) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="547d729fc13f9b7f3d00002002e3776fa22cf7f307494bfc91edea1e0601010000000000d2a100001f000000000500040000000073797a3100000000050001330674a8227048b5b4d2f3b27e4f41e70006000000050005000100000000000000001240479e61396e"], 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x0) 04:27:56 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:27:56 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_ax25_SIOCDELRT(r2, 0x890c, &(0x7f0000000000)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x0, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @default, @bcast]}) 04:27:56 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r3, r3) ioctl$sock_inet6_tcp_SIOCOUTQ(r3, 0x5411, &(0x7f00000000c0)) setsockopt$CAN_RAW_FD_FRAMES(r2, 0x65, 0x5, &(0x7f0000000080), 0x4) [ 1154.337000] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'. 04:27:56 executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TCGETA(r1, 0x5405, &(0x7f0000000080)) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x60, 0x2, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xffffffffffffffd4, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010100}}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0xfffffff8}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}}, 0x0) 04:27:56 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:27:56 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self\x00', 0xc24c2, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r1, 0xf503, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r3, 0xc0884113, &(0x7f0000000100)={0x1, 0x81, 0x3, 0x100000001, 0x1, 0x8, 0x400, 0x0, 0x800, 0x40, 0x1, 0x5}) [ 1154.427989] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1154.541622] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1154.552967] CPU: 1 PID: 6006 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1154.560801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1154.570163] Call Trace: [ 1154.572764] dump_stack+0x1b2/0x283 [ 1154.576406] warn_alloc.cold+0x96/0x1cc [ 1154.580388] ? check_preemption_disabled+0x35/0x240 [ 1154.585413] ? zone_watermark_ok_safe+0x220/0x220 [ 1154.590315] ? perf_trace_lock_acquire+0x510/0x510 [ 1154.595462] ? fs_reclaim_release+0xd0/0x110 [ 1154.599860] ? ip_set_alloc+0x47/0x60 [ 1154.603653] vzalloc+0x122/0x150 [ 1154.607005] ip_set_alloc+0x47/0x60 [ 1154.610924] hash_mac_create+0x36e/0x7c6 [ 1154.614986] ip_set_create+0x5f9/0xf30 [ 1154.618962] ? __find_set_type_get+0x360/0x360 [ 1154.623629] ? __mutex_lock+0x360/0x1310 [ 1154.627681] ? lock_downgrade+0x740/0x740 [ 1154.631821] ? __find_set_type_get+0x360/0x360 [ 1154.636391] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1154.640635] netlink_rcv_skb+0x125/0x390 [ 1154.644684] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1154.649690] ? netlink_ack+0x9a0/0x9a0 [ 1154.653564] ? ns_capable_common+0x127/0x150 [ 1154.657967] nfnetlink_rcv+0x1ab/0x1da0 [ 1154.661925] ? __dev_queue_xmit+0xcd6/0x2480 [ 1154.666323] ? check_preemption_disabled+0x35/0x240 [ 1154.671339] ? perf_trace_lock+0xf7/0x490 [ 1154.675471] ? perf_trace_lock_acquire+0x510/0x510 [ 1154.680383] ? nfnetlink_bind+0x240/0x240 [ 1154.684517] ? netlink_deliver_tap+0x90/0x7d0 [ 1154.688996] ? lock_downgrade+0x740/0x740 [ 1154.693128] netlink_unicast+0x437/0x610 [ 1154.697180] ? netlink_sendskb+0xd0/0xd0 [ 1154.701242] netlink_sendmsg+0x62e/0xb80 [ 1154.705294] ? nlmsg_notify+0x170/0x170 [ 1154.709252] ? kernel_recvmsg+0x210/0x210 [ 1154.713440] ? security_socket_sendmsg+0x83/0xb0 [ 1154.718197] ? nlmsg_notify+0x170/0x170 [ 1154.722334] sock_sendmsg+0xb5/0x100 [ 1154.726051] ___sys_sendmsg+0x6c8/0x800 [ 1154.730103] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1154.734862] ? __lock_acquire+0x5fc/0x3f20 [ 1154.739094] ? perf_trace_lock_acquire+0x510/0x510 [ 1154.744025] ? do_futex+0x12b/0x1930 [ 1154.747729] ? check_preemption_disabled+0x35/0x240 [ 1154.752730] ? __fget+0x1fe/0x360 [ 1154.756167] ? lock_acquire+0x170/0x3f0 [ 1154.760127] ? lock_downgrade+0x740/0x740 [ 1154.764259] ? __fget+0x225/0x360 [ 1154.767711] ? __fdget+0x196/0x1f0 [ 1154.771262] ? sockfd_lookup_light+0xb2/0x160 [ 1154.775740] __sys_sendmsg+0xa3/0x120 [ 1154.779521] ? SyS_shutdown+0x160/0x160 [ 1154.783484] ? SyS_clock_gettime+0xf5/0x180 [ 1154.787788] ? SyS_clock_settime+0x1a0/0x1a0 [ 1154.792175] ? fput+0xb/0x140 [ 1154.795262] SyS_sendmsg+0x27/0x40 [ 1154.798790] ? __sys_sendmsg+0x120/0x120 [ 1154.802855] do_syscall_64+0x1d5/0x640 [ 1154.806744] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1154.811920] RIP: 0033:0x45d249 [ 1154.815109] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1154.822815] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1154.830065] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1154.837320] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1154.844580] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1154.851829] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1154.869149] warn_alloc_show_mem: 1 callbacks suppressed [ 1154.869154] Mem-Info: [ 1154.877323] active_anon:231880 inactive_anon:6091 isolated_anon:0 [ 1154.877323] active_file:7392 inactive_file:32718 isolated_file:0 [ 1154.877323] unevictable:0 dirty:160 writeback:0 unstable:0 [ 1154.877323] slab_reclaimable:18389 slab_unreclaimable:135365 [ 1154.877323] mapped:62414 shmem:6280 pagetables:5793 bounce:0 [ 1154.877323] free:1090147 free_pcp:220 free_cma:0 [ 1154.912951] Node 0 active_anon:927520kB inactive_anon:24364kB active_file:29424kB inactive_file:130872kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249656kB dirty:640kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 882688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1154.948506] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1154.975250] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1155.002303] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1155.007701] Node 0 DMA32 free:561936kB min:36272kB low:45340kB high:54408kB active_anon:927540kB inactive_anon:24364kB active_file:29424kB inactive_file:130876kB unevictable:0kB writepending:712kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14336kB pagetables:23192kB bounce:0kB free_pcp:896kB local_pcp:656kB free_cma:0kB [ 1155.038140] lowmem_reserve[]: 0 0 0 0 0 [ 1155.042181] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1155.068123] lowmem_reserve[]: 0 0 0 0 0 [ 1155.072318] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1155.100162] lowmem_reserve[]: 0 0 0 0 0 [ 1155.104392] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1155.118114] Node 0 DMA32: 963*4kB (UME) 222*8kB (UME) 393*16kB (UME) 221*32kB (UME) 103*64kB (UME) 31*128kB (UME) 11*256kB (UM) 12*512kB (UME) 7*1024kB (UME) 4*2048kB (UME) 124*4096kB (M) = 561772kB [ 1155.136200] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1155.147117] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1155.164101] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1155.173035] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1155.182224] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1155.191786] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1155.200421] 25347 total pagecache pages [ 1155.205242] 0 pages in swap cache [ 1155.208862] Swap cache stats: add 0, delete 0, find 0/0 [ 1155.215020] Free swap = 0kB [ 1155.218187] Total swap = 0kB [ 1155.221904] 1965979 pages RAM [ 1155.225445] 0 pages HighMem/MovableOnly [ 1155.229647] 339072 pages reserved [ 1155.233202] 0 pages cma reserved 04:27:59 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) r6 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x40000000, 0x82) bind$ax25(r6, &(0x7f0000000100)={{0x3, @bcast, 0x4}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48) 04:27:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x105042, 0x0) writev(r1, &(0x7f0000000000)=[{0x0}, {&(0x7f00000005c0)="ee", 0x1}, {&(0x7f0000000040)="84", 0xffffff35}], 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000080)={'ip6gre0\x00', 0x0, 0x4, 0xf7, 0x80, 0x8f2, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, 0x700, 0x1, 0x15, 0xfffffffc}}) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a56f5c5163b5df933000600000005000500000000000c0008001240479e61390d00030000eaa648905c3823a97eead08105487840eac14502525b5bb6f9931b676070d114f6e09ca05051a687609944d78628a087329bfe3d838945d9d46332f817fcfbeac58930949ee5fdfbc5451fea44428496eebbbaef07d6126078edcf57520eb1a065887e7a09dc49bf41bc2a7ae01cf124d168468fcbf1b02e81989bbfaf41c94c5fd0bef8b1e7c96e44d93275b6ae5682382e5ded9d8965190eb8ed409848c2d262ccedf02700002eb448100b7ee2627b3cd4000000000000000000000000000000000045a57c3af9306cc36b9f663945bf1c75d2960a320fc7b3b343c7188c3481c66ceeec"], 0x54}}, 0x0) 04:27:59 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f0000000000)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$TIPC_CONN_TIMEOUT(r2, 0x10f, 0x82, &(0x7f0000000040)=0x10000, 0x4) 04:27:59 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$ASHMEM_GET_NAME(r1, 0x81007702, &(0x7f0000000140)=""/4096) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:27:59 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:27:59 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, 0x4, 0x1, 0x201, 0x0, 0x0, {0x5, 0x0, 0x8}, [""]}, 0x14}}, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:27:59 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000180), 0x4) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r2 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x14, &(0x7f0000000080), 0xffffffffffffff0b) setsockopt$sock_attach_bpf(r2, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r3 = socket$kcm(0xa, 0x1, 0x11) setsockopt$sock_attach_bpf(r3, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r3, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r4 = accept(r3, &(0x7f0000000100)=@caif=@util, &(0x7f0000000040)=0x80) r5 = dup2(r4, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) socket$phonet(0x23, 0x2, 0x1) ioctl$LOOP_SET_DIRECT_IO(r3, 0x4c08, 0x8001) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x701a01, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r6, 0x8004510b, &(0x7f00000000c0)) 04:27:59 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control\x00', 0x100, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f00000000c0)=0x1f, 0x4) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0xf) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r4, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r4, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r5 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r5, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r5, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r6 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r6, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r6, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYRESHEX=r6, @ANYRES64=r5], 0x54}}, 0x0) 04:27:59 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1157.403461] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1157.416690] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1157.429890] CPU: 1 PID: 6058 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1157.437832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1157.447285] Call Trace: [ 1157.449980] dump_stack+0x1b2/0x283 04:27:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1157.453757] warn_alloc.cold+0x96/0x1cc [ 1157.457768] ? check_preemption_disabled+0x35/0x240 [ 1157.462902] ? zone_watermark_ok_safe+0x220/0x220 [ 1157.467790] ? perf_trace_lock_acquire+0x510/0x510 [ 1157.472832] ? fs_reclaim_release+0xd0/0x110 [ 1157.477276] ? ip_set_alloc+0x47/0x60 [ 1157.481385] vzalloc+0x122/0x150 [ 1157.484782] ip_set_alloc+0x47/0x60 [ 1157.488432] hash_mac_create+0x36e/0x7c6 [ 1157.492736] ip_set_create+0x5f9/0xf30 [ 1157.496670] ? __find_set_type_get+0x360/0x360 [ 1157.501287] ? __mutex_lock+0x360/0x1310 [ 1157.506192] ? lock_downgrade+0x740/0x740 [ 1157.510361] ? __find_set_type_get+0x360/0x360 [ 1157.515051] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1157.519333] netlink_rcv_skb+0x125/0x390 [ 1157.523782] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1157.528926] ? netlink_ack+0x9a0/0x9a0 [ 1157.533250] ? ns_capable_common+0x127/0x150 [ 1157.537776] nfnetlink_rcv+0x1ab/0x1da0 [ 1157.541941] ? __dev_queue_xmit+0xcd6/0x2480 [ 1157.546389] ? check_preemption_disabled+0x35/0x240 [ 1157.551705] ? perf_trace_lock+0xf7/0x490 [ 1157.555874] ? perf_trace_lock_acquire+0x510/0x510 [ 1157.560825] ? nfnetlink_bind+0x240/0x240 [ 1157.565085] ? netlink_deliver_tap+0x90/0x7d0 [ 1157.569740] ? lock_downgrade+0x740/0x740 [ 1157.574003] netlink_unicast+0x437/0x610 [ 1157.578250] ? netlink_sendskb+0xd0/0xd0 [ 1157.582771] netlink_sendmsg+0x62e/0xb80 [ 1157.587280] ? nlmsg_notify+0x170/0x170 [ 1157.591299] ? kernel_recvmsg+0x210/0x210 [ 1157.595651] ? security_socket_sendmsg+0x83/0xb0 [ 1157.600433] ? nlmsg_notify+0x170/0x170 [ 1157.604730] sock_sendmsg+0xb5/0x100 [ 1157.609016] ___sys_sendmsg+0x6c8/0x800 [ 1157.613273] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1157.618296] ? __lock_acquire+0x5fc/0x3f20 [ 1157.622908] ? perf_trace_lock_acquire+0x510/0x510 [ 1157.628032] ? do_futex+0x12b/0x1930 [ 1157.632113] ? check_preemption_disabled+0x35/0x240 [ 1157.637165] ? __fget+0x1fe/0x360 [ 1157.640915] ? lock_acquire+0x170/0x3f0 [ 1157.644942] ? lock_downgrade+0x740/0x740 [ 1157.649115] ? __fget+0x225/0x360 [ 1157.652785] ? __fdget+0x196/0x1f0 [ 1157.656344] ? sockfd_lookup_light+0xb2/0x160 [ 1157.657708] IPVS: ftp: loaded support on port[0] = 21 [ 1157.660940] __sys_sendmsg+0xa3/0x120 [ 1157.670144] ? SyS_shutdown+0x160/0x160 [ 1157.674271] ? SyS_clock_gettime+0xf5/0x180 [ 1157.679210] ? SyS_clock_settime+0x1a0/0x1a0 [ 1157.683891] SyS_sendmsg+0x27/0x40 [ 1157.687448] ? __sys_sendmsg+0x120/0x120 [ 1157.691953] do_syscall_64+0x1d5/0x640 [ 1157.695873] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1157.701327] RIP: 0033:0x45d249 04:28:00 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r4, 0x1}, 0x1c}}, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c000000020601010000009b0b561ea20000000000000000000500040000000000090002e60073797a31000000000500010006000000050005000000000014000780080013400000000008000640ffffffff0d000300686173683a6d"], 0x5c}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r7, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r7, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) fchdir(r7) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = dup2(r8, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000200)) [ 1157.704703] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1157.712685] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1157.720553] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1157.727998] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1157.735720] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1157.743521] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1157.757189] Mem-Info: [ 1157.759934] active_anon:232408 inactive_anon:6091 isolated_anon:0 [ 1157.759934] active_file:7392 inactive_file:32727 isolated_file:0 [ 1157.759934] unevictable:0 dirty:184 writeback:0 unstable:0 [ 1157.759934] slab_reclaimable:18389 slab_unreclaimable:134852 [ 1157.759934] mapped:62449 shmem:6280 pagetables:5826 bounce:0 [ 1157.759934] free:1089903 free_pcp:207 free_cma:0 [ 1157.800629] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1157.808320] Node 0 active_anon:931900kB inactive_anon:24364kB active_file:29424kB inactive_file:130908kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249796kB dirty:736kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 880640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:28:00 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x420000, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) [ 1157.840503] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1157.867175] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1157.896440] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1157.915540] Node 0 DMA32 free:557216kB min:36272kB low:45340kB high:54408kB active_anon:931792kB inactive_anon:24364kB active_file:29424kB inactive_file:130908kB unevictable:0kB writepending:736kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14464kB pagetables:23304kB bounce:0kB free_pcp:1236kB local_pcp:608kB free_cma:0kB [ 1157.959394] lowmem_reserve[]: 0 0 0 0 0 [ 1157.963594] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1157.992369] lowmem_reserve[]: 0 0 0 0 0 [ 1157.997163] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1158.028076] lowmem_reserve[]: 0 0 0 0 0 [ 1158.032611] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 04:28:00 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f400fcf93865cf89bf8000000000", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c0003800800010002000000060007004e220000060007004e200000290002800800080002800000060002004e23000008000500bf12ffff0800010003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:00 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x20000, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x8080, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_MIGRATE_ID(r2, &(0x7f0000000100)={0x12, 0x10, 0xfa00, {&(0x7f00000000c0), 0xffffffffffffffff, r4}}, 0x18) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f0000000000)) [ 1158.047984] Node 0 DMA32: 753*4kB (UME) 128*8kB (UME) 222*16kB (UME) 240*32kB (UME) 115*64kB (UME) 36*128kB (UME) 11*256kB (UM) 12*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 557412kB [ 1158.069896] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1158.082959] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1158.102640] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 04:28:00 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$inet(0x2, 0x1, 0x9) ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000000)={0x101, 0x10000}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r3, 0xc02c5341, &(0x7f0000000100)) [ 1158.113035] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1158.124114] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1158.157229] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1158.171719] 25355 total pagecache pages [ 1158.190985] 0 pages in swap cache 04:28:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0xb4, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x68, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0xf6}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x2}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x5}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xeac}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x7}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x200}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x3323}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0xb4}}, 0x0) 04:28:00 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1000000, 0x7, 0x40}, 0x0) sched_setscheduler(r1, 0x6, &(0x7f0000000000)=0x1) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) [ 1158.210186] Swap cache stats: add 0, delete 0, find 0/0 [ 1158.229788] Free swap = 0kB [ 1158.233183] Total swap = 0kB [ 1158.237829] 1965979 pages RAM [ 1158.241276] 0 pages HighMem/MovableOnly [ 1158.247284] 339072 pages reserved [ 1158.252994] 0 pages cma reserved 04:28:00 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x3, 0x6, 0x40}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x3fffffffc0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r3, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r3, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r4 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r4, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r4, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r5 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r5, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r5, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r6 = dup2(r5, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sigaltstack(&(0x7f0000ffc000/0x3000)=nil, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r6, 0x8004510b, &(0x7f00000000c0)) [ 1158.258009] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1158.289212] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1158.298311] CPU: 0 PID: 6068 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1158.306154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1158.315520] Call Trace: [ 1158.318213] dump_stack+0x1b2/0x283 [ 1158.321874] warn_alloc.cold+0x96/0x1cc [ 1158.325871] ? check_preemption_disabled+0x35/0x240 [ 1158.330913] ? zone_watermark_ok_safe+0x220/0x220 [ 1158.336286] ? perf_trace_lock_acquire+0x510/0x510 [ 1158.341339] ? fs_reclaim_release+0xd0/0x110 [ 1158.345864] ? ip_set_alloc+0x47/0x60 [ 1158.349696] vzalloc+0x122/0x150 [ 1158.353095] ip_set_alloc+0x47/0x60 [ 1158.356746] hash_mac_create+0x36e/0x7c6 [ 1158.360834] ip_set_create+0x5f9/0xf30 [ 1158.364748] ? __find_set_type_get+0x360/0x360 [ 1158.369497] ? __mutex_lock+0x360/0x1310 [ 1158.373822] ? __find_set_type_get+0x360/0x360 [ 1158.373836] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1158.382695] netlink_rcv_skb+0x125/0x390 [ 1158.386828] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1158.392135] ? netlink_ack+0x9a0/0x9a0 [ 1158.396047] ? ns_capable_common+0x127/0x150 [ 1158.400483] nfnetlink_rcv+0x1ab/0x1da0 [ 1158.404471] ? __dev_queue_xmit+0xcd6/0x2480 [ 1158.409041] ? check_preemption_disabled+0x35/0x240 [ 1158.414166] ? perf_trace_lock+0xf7/0x490 [ 1158.418412] ? perf_trace_lock_acquire+0x510/0x510 [ 1158.423341] ? nfnetlink_bind+0x240/0x240 [ 1158.427490] ? netlink_deliver_tap+0x90/0x7d0 [ 1158.432088] ? lock_downgrade+0x740/0x740 [ 1158.436323] netlink_unicast+0x437/0x610 [ 1158.440387] ? netlink_sendskb+0xd0/0xd0 [ 1158.444456] netlink_sendmsg+0x62e/0xb80 [ 1158.448681] ? nlmsg_notify+0x170/0x170 [ 1158.452906] ? kernel_recvmsg+0x210/0x210 [ 1158.457282] ? security_socket_sendmsg+0x83/0xb0 [ 1158.462046] ? nlmsg_notify+0x170/0x170 [ 1158.466019] sock_sendmsg+0xb5/0x100 [ 1158.469837] ___sys_sendmsg+0x6c8/0x800 [ 1158.474257] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1158.479352] ? __lock_acquire+0x5fc/0x3f20 [ 1158.483632] ? perf_trace_lock_acquire+0x510/0x510 [ 1158.488797] ? do_futex+0x12b/0x1930 [ 1158.492519] ? check_preemption_disabled+0x35/0x240 [ 1158.497877] ? __fget+0x1fe/0x360 [ 1158.501476] ? lock_acquire+0x170/0x3f0 [ 1158.505782] ? lock_downgrade+0x740/0x740 [ 1158.509935] ? __fget+0x225/0x360 [ 1158.513405] ? __fdget+0x196/0x1f0 [ 1158.516969] ? sockfd_lookup_light+0xb2/0x160 [ 1158.523500] __sys_sendmsg+0xa3/0x120 [ 1158.527504] ? SyS_shutdown+0x160/0x160 [ 1158.531630] ? SyS_clock_gettime+0xf5/0x180 [ 1158.536378] ? SyS_clock_settime+0x1a0/0x1a0 [ 1158.541203] SyS_sendmsg+0x27/0x40 [ 1158.545148] ? __sys_sendmsg+0x120/0x120 [ 1158.549223] do_syscall_64+0x1d5/0x640 [ 1158.553317] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1158.558835] RIP: 0033:0x45d249 04:28:01 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:01 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x200000000000084) symlinkat(&(0x7f0000000080)='./file0\x00', r2, &(0x7f0000000140)='./file0\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) socket$nl_route(0x10, 0x3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$FUSE_IOCTL(r4, &(0x7f0000000180)={0x20, 0xfffffffffffffff7, 0x5, {0x3, 0x0, 0x1ff, 0x3}}, 0x20) [ 1158.562276] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1158.570538] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1158.578507] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1158.586050] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1158.594225] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1158.603215] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c 04:28:01 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r2 = fcntl$dupfd(r0, 0x406, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) mmap$usbmon(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x4000150, r4, 0x8) ioctl$SIOCX25GCAUSEDIAG(r2, 0x89e6, &(0x7f0000000240)={0x6, 0xff}) 04:28:01 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_START(r2, 0x4142, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="6000100802060101000000000005000400000700000000000000797a31000000000500010006000900000002007379836bf4250003000000000000000000000000000000000000fc00"/89], 0x60}}, 0x0) 04:28:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000000206010100000000000000002200000005000400000000000900020073797a3100000000050001000600000005000500000000000c00078008001240479e61390d000300686173683a6d616100000000"], 0x54}}, 0x20040840) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice\x00', 0x100000) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000100)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @mcast1}, r3}}, 0x30) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000080)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private0}, r3}}, 0x30) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f00000001c0)={0x15, 0x110, 0xfa00, {r3, 0xff, 0x0, 0x0, 0x0, @ib={0x1b, 0x5689, 0xf3c5, {"c235574ed6982926d7394fe78ce12833"}, 0x8, 0x400000000000000, 0x7}, @in={0x2, 0x4e22, @remote}}}, 0x118) [ 1158.658244] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.2'. 04:28:01 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1158.823504] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1158.855864] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1158.862164] CPU: 1 PID: 6174 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1158.869993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1158.879447] Call Trace: [ 1158.882248] dump_stack+0x1b2/0x283 [ 1158.886684] warn_alloc.cold+0x96/0x1cc [ 1158.890694] ? check_preemption_disabled+0x35/0x240 [ 1158.895882] ? zone_watermark_ok_safe+0x220/0x220 [ 1158.901041] ? perf_trace_lock_acquire+0x510/0x510 [ 1158.906249] ? fs_reclaim_release+0xd0/0x110 [ 1158.910819] ? ip_set_alloc+0x47/0x60 [ 1158.915465] vzalloc+0x122/0x150 [ 1158.919011] ip_set_alloc+0x47/0x60 [ 1158.923151] hash_mac_create+0x36e/0x7c6 [ 1158.927787] ip_set_create+0x5f9/0xf30 [ 1158.932596] ? __find_set_type_get+0x360/0x360 [ 1158.938883] ? __mutex_lock+0x360/0x1310 [ 1158.943364] ? lock_downgrade+0x740/0x740 [ 1158.947936] ? __find_set_type_get+0x360/0x360 [ 1158.953715] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1158.958373] netlink_rcv_skb+0x125/0x390 [ 1158.962527] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1158.967765] ? netlink_ack+0x9a0/0x9a0 [ 1158.971908] ? ns_capable_common+0x127/0x150 [ 1158.976324] nfnetlink_rcv+0x1ab/0x1da0 [ 1158.980559] ? __dev_queue_xmit+0xcd6/0x2480 [ 1158.985080] ? check_preemption_disabled+0x35/0x240 [ 1158.990384] ? perf_trace_lock+0xf7/0x490 [ 1158.994834] ? perf_trace_lock_acquire+0x510/0x510 [ 1159.000093] ? nfnetlink_bind+0x240/0x240 [ 1159.004249] ? netlink_deliver_tap+0x90/0x7d0 [ 1159.008748] ? lock_downgrade+0x740/0x740 [ 1159.012988] netlink_unicast+0x437/0x610 [ 1159.017174] ? netlink_sendskb+0xd0/0xd0 [ 1159.022103] netlink_sendmsg+0x62e/0xb80 [ 1159.026616] ? nlmsg_notify+0x170/0x170 [ 1159.031046] ? kernel_recvmsg+0x210/0x210 [ 1159.035578] ? security_socket_sendmsg+0x83/0xb0 [ 1159.040506] ? nlmsg_notify+0x170/0x170 [ 1159.044578] sock_sendmsg+0xb5/0x100 [ 1159.049165] ___sys_sendmsg+0x6c8/0x800 [ 1159.053258] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1159.058899] ? __lock_acquire+0x5fc/0x3f20 [ 1159.063310] ? perf_trace_lock_acquire+0x510/0x510 [ 1159.068498] ? do_futex+0x12b/0x1930 [ 1159.072362] ? check_preemption_disabled+0x35/0x240 [ 1159.077514] ? __fget+0x1fe/0x360 [ 1159.081049] ? lock_acquire+0x170/0x3f0 [ 1159.085017] ? lock_downgrade+0x740/0x740 [ 1159.089289] ? __fget+0x225/0x360 [ 1159.092739] ? __fdget+0x196/0x1f0 [ 1159.096277] ? sockfd_lookup_light+0xb2/0x160 [ 1159.100854] __sys_sendmsg+0xa3/0x120 [ 1159.104824] ? SyS_shutdown+0x160/0x160 [ 1159.108921] ? SyS_clock_gettime+0xf5/0x180 [ 1159.113257] ? SyS_clock_settime+0x1a0/0x1a0 [ 1159.117833] SyS_sendmsg+0x27/0x40 [ 1159.121384] ? __sys_sendmsg+0x120/0x120 [ 1159.125438] do_syscall_64+0x1d5/0x640 [ 1159.129419] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1159.134601] RIP: 0033:0x45d249 [ 1159.137870] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1159.146024] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1159.153645] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1159.160998] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1159.168753] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1159.176809] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1159.189488] warn_alloc_show_mem: 1 callbacks suppressed [ 1159.189492] Mem-Info: [ 1159.207159] active_anon:232433 inactive_anon:6091 isolated_anon:0 [ 1159.207159] active_file:7392 inactive_file:32743 isolated_file:0 [ 1159.207159] unevictable:0 dirty:186 writeback:0 unstable:0 [ 1159.207159] slab_reclaimable:18385 slab_unreclaimable:136263 [ 1159.207159] mapped:62444 shmem:6280 pagetables:5827 bounce:0 [ 1159.207159] free:1088666 free_pcp:244 free_cma:0 [ 1159.245034] Node 0 active_anon:929732kB inactive_anon:24364kB active_file:29424kB inactive_file:130972kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249788kB dirty:744kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 888832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1159.275349] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1159.302318] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1159.328920] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1159.334164] Node 0 DMA32 free:557356kB min:36272kB low:45340kB high:54408kB active_anon:929732kB inactive_anon:24364kB active_file:29424kB inactive_file:130972kB unevictable:0kB writepending:752kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14208kB pagetables:23308kB bounce:0kB free_pcp:1076kB local_pcp:684kB free_cma:0kB [ 1159.367781] lowmem_reserve[]: 0 0 0 0 0 [ 1159.371958] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1159.399846] lowmem_reserve[]: 0 0 0 0 0 [ 1159.404414] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1159.434155] lowmem_reserve[]: 0 0 0 0 0 [ 1159.438289] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1159.453158] Node 0 DMA32: 837*4kB (UME) 356*8kB (UME) 176*16kB (UE) 184*32kB (UME) 115*64kB (UME) 36*128kB (UME) 11*256kB (UM) 12*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 557044kB [ 1159.473645] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1159.488269] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1159.507546] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1159.517579] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1159.527367] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1159.536897] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1159.547431] 25367 total pagecache pages [ 1159.551764] 0 pages in swap cache [ 1159.560926] Swap cache stats: add 0, delete 0, find 0/0 [ 1159.567113] Free swap = 0kB [ 1159.570369] Total swap = 0kB [ 1159.579082] 1965979 pages RAM [ 1159.583056] 0 pages HighMem/MovableOnly [ 1159.588848] 339072 pages reserved [ 1159.592551] 0 pages cma reserved [ 1159.602887] Can't find ip_set type hash:maa 04:28:03 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4000000", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000000000400070000000c0002800800030004000000080005008700000014000380080001000300000005000800650000000800fb0005000000080004002000007d000800050000020000240003800800010002000000060007004e220000060007004e200000080001000000e3ff3b0002800800080002800017060002004e23000008000500bfff0800030003000000080005000100000005000d0001000000080004000000000008000600fbffffff00"], 0xc4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:03 executing program 3: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000040)={r1, 0x3, 0x100000001, 0x9}) getsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f00000000c0), &(0x7f0000000140)=0xc) r3 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$SNDCTL_SEQ_NRMIDIS(r5, 0x8004510b, &(0x7f0000000000)) 04:28:03 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$rose(0xffffffffffffffff, &(0x7f0000000080)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x6, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x40) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES16], 0x54}, 0x1, 0x0, 0x0, 0x44044050}, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x400000, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 04:28:03 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:03 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) mmap$usbfs(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x11, r4, 0x40) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_G_PRIORITY(r2, 0x80045643, 0x3) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x64, 0x2, 0x6, 0x101, 0x0, 0x0, {0xa}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x5}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x64}}, 0x0) 04:28:03 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:03 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$rose(0xffffffffffffffff, &(0x7f0000000080)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x6, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x40) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:03 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x60242, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) 04:28:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$kcm(0xa, 0x2, 0x11) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10) r5 = dup3(r4, r3, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x17) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x70, &(0x7f0000000080)=@sack_info={r6}, &(0x7f0000002000)=0xc) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000440)=ANY=[@ANYRES32=r6, @ANYBLOB="0400ff500ef40900050001ff07000300"], &(0x7f0000000480)=0x14) syz_genetlink_get_family_id$smc(&(0x7f00000003c0)='SMC_PNETID\x00') r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000032280)={0x14, r7, 0xc573de0d27bdfe6f, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYRESDEC, @ANYRES16=r7, @ANYBLOB="00022abd7000ffdbdf2503000000080002800400040044000980080001007900000008000200010000000800020007000000080001000600000008000100ffffff7f080002000500000008000200000100000800020001000000340003800800020006000000080001000600000008000100010000000800020001000000080002000400000008000200ff0000004400028014000380080001000000000008000100050000000800020002000000080002000900000004000400140003800800010004c400000800020001000000040004007800018038000400200001000a004e200000000100000000000000000000ffff64010100200000001400020002004e22ac1414aa0000000000000000100001006574683a6970766c616e310008000300000000800c00028008000100000000001600010069623a6272696467655f736c6176655f31000000240002801c000380080002000000e01f08000200050000000800010001010000040004007000018008000300ff030000380004001400010002004e20e00000010000000000000000200002000a0003ff00000800fc010000000000000000000000000001080000002c0004001400010002004e23ac1414bb00000000000000001400020002004e21ffffffff0000000000000000"], 0x1e4}, 0x1, 0x0, 0x0, 0x4004004}, 0x4000000) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:03 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1161.252183] IPVS: ftp: loaded support on port[0] = 21 04:28:03 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$rose(0xffffffffffffffff, &(0x7f0000000080)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x6, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x40) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) [ 1161.373074] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1161.389535] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1161.413512] CPU: 1 PID: 6222 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1161.421382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1161.431318] Call Trace: [ 1161.434010] dump_stack+0x1b2/0x283 [ 1161.437660] warn_alloc.cold+0x96/0x1cc [ 1161.441878] ? check_preemption_disabled+0x35/0x240 [ 1161.446933] ? zone_watermark_ok_safe+0x220/0x220 [ 1161.451892] ? perf_trace_lock_acquire+0x510/0x510 [ 1161.456933] ? fs_reclaim_release+0xd0/0x110 [ 1161.461726] ? ip_set_alloc+0x47/0x60 [ 1161.465907] vzalloc+0x122/0x150 [ 1161.469442] ip_set_alloc+0x47/0x60 [ 1161.473352] hash_mac_create+0x36e/0x7c6 [ 1161.477445] ip_set_create+0x5f9/0xf30 [ 1161.481805] ? __find_set_type_get+0x360/0x360 [ 1161.486408] ? __mutex_lock+0x360/0x1310 [ 1161.490512] ? lock_downgrade+0x740/0x740 [ 1161.494688] ? __find_set_type_get+0x360/0x360 [ 1161.499832] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1161.504716] netlink_rcv_skb+0x125/0x390 [ 1161.508824] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1161.514044] ? netlink_ack+0x9a0/0x9a0 [ 1161.518412] ? ns_capable_common+0x127/0x150 [ 1161.523211] nfnetlink_rcv+0x1ab/0x1da0 [ 1161.527371] ? __dev_queue_xmit+0xcd6/0x2480 [ 1161.532395] ? check_preemption_disabled+0x35/0x240 [ 1161.537525] ? perf_trace_lock+0xf7/0x490 [ 1161.541700] ? perf_trace_lock_acquire+0x510/0x510 [ 1161.546823] ? nfnetlink_bind+0x240/0x240 [ 1161.551260] ? netlink_deliver_tap+0x90/0x7d0 [ 1161.556033] ? lock_downgrade+0x740/0x740 [ 1161.560474] netlink_unicast+0x437/0x610 [ 1161.564696] ? netlink_sendskb+0xd0/0xd0 [ 1161.568784] netlink_sendmsg+0x62e/0xb80 [ 1161.573215] ? nlmsg_notify+0x170/0x170 [ 1161.577316] ? kernel_recvmsg+0x210/0x210 [ 1161.581735] ? security_socket_sendmsg+0x83/0xb0 [ 1161.586747] ? nlmsg_notify+0x170/0x170 [ 1161.590750] sock_sendmsg+0xb5/0x100 [ 1161.594762] ___sys_sendmsg+0x6c8/0x800 [ 1161.599017] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1161.603965] ? __lock_acquire+0x5fc/0x3f20 [ 1161.608435] ? perf_trace_lock_acquire+0x510/0x510 [ 1161.613559] ? do_futex+0x12b/0x1930 [ 1161.617456] ? check_preemption_disabled+0x35/0x240 [ 1161.624495] ? __fget+0x1fe/0x360 [ 1161.628377] ? lock_acquire+0x170/0x3f0 [ 1161.632547] ? lock_downgrade+0x740/0x740 [ 1161.637077] ? __fget+0x225/0x360 [ 1161.640731] ? __fdget+0x196/0x1f0 [ 1161.644378] ? sockfd_lookup_light+0xb2/0x160 [ 1161.649406] __sys_sendmsg+0xa3/0x120 [ 1161.653305] ? SyS_shutdown+0x160/0x160 [ 1161.657572] ? SyS_clock_gettime+0xf5/0x180 [ 1161.662604] ? SyS_clock_settime+0x1a0/0x1a0 [ 1161.667021] SyS_sendmsg+0x27/0x40 [ 1161.670762] ? __sys_sendmsg+0x120/0x120 [ 1161.674952] do_syscall_64+0x1d5/0x640 [ 1161.679205] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1161.684771] RIP: 0033:0x45d249 [ 1161.688323] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1161.696374] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1161.704052] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1161.711796] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1161.719074] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1161.726653] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1161.739104] Mem-Info: [ 1161.741691] active_anon:232436 inactive_anon:6091 isolated_anon:0 [ 1161.741691] active_file:7392 inactive_file:32747 isolated_file:0 [ 1161.741691] unevictable:0 dirty:190 writeback:0 unstable:0 [ 1161.741691] slab_reclaimable:18385 slab_unreclaimable:135055 [ 1161.741691] mapped:62450 shmem:6280 pagetables:5817 bounce:0 [ 1161.741691] free:1089730 free_pcp:300 free_cma:0 [ 1161.776478] Node 0 active_anon:929744kB inactive_anon:24364kB active_file:29424kB inactive_file:130988kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249800kB dirty:760kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 882688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1161.805840] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1161.832640] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1161.860132] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1161.866205] Node 0 DMA32 free:560300kB min:36272kB low:45340kB high:54408kB active_anon:929744kB inactive_anon:24364kB active_file:29424kB inactive_file:130988kB unevictable:0kB writepending:760kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14240kB pagetables:23268kB bounce:0kB free_pcp:1308kB local_pcp:572kB free_cma:0kB [ 1161.897939] lowmem_reserve[]: 0 0 0 0 0 [ 1161.902179] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1161.928402] lowmem_reserve[]: 0 0 0 0 0 [ 1161.932413] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1161.961304] lowmem_reserve[]: 0 0 0 0 0 [ 1161.965485] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1161.979740] Node 0 DMA32: 823*4kB (UME) 350*8kB (UME) 455*16kB (UE) 188*32kB (UME) 115*64kB (UME) 36*128kB (UME) 11*256kB (UM) 12*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 561532kB [ 1162.001027] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1162.012489] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1162.030989] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1162.040568] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1162.049343] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1162.058593] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1162.067402] 25375 total pagecache pages [ 1162.071556] 0 pages in swap cache [ 1162.075406] Swap cache stats: add 0, delete 0, find 0/0 [ 1162.080956] Free swap = 0kB [ 1162.084388] Total swap = 0kB [ 1162.087511] 1965979 pages RAM [ 1162.090658] 0 pages HighMem/MovableOnly [ 1162.094718] 339072 pages reserved [ 1162.098451] 0 pages cma reserved 04:28:06 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x14, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x842, 0x0) dup2(r2, r6) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:06 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:06 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_netrom_SIOCADDRT(r1, 0x890b, &(0x7f0000000240)={0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bpq0='bpq0\x00', 0x1, 'syz0\x00', @bcast, 0xfff, 0x0, [@default, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default]}) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="000100000314000126bd7000fcdbdf250900020073797a31000000000800410072786500140033007866726d3000000000000000000000000900020073797a310000000008004100736977001400330069703665727370616e300000000000000900020073797a30000000000800410073697700140033006970766c616e300000000000000000000900020073797a30000000020800410072786500140033006970766c616e3120000000524f1f329933956809007e0000000900020073797a31000000000800410072786500140033006970766c616e300000000000000000000900020073797a3000000000080041007278650014003300626f"], 0x100}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r2, 0x8004510b, &(0x7f00000000c0)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f00000002c0)={0xffffff91, 0x1, 0x4, 0x40, 0x8, {}, {0x4, 0x8, 0x0, 0x4, 0xfd, 0x20, "d4df7c75"}, 0x8, 0x3, @offset=0x1, 0x5}) 04:28:06 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r0, r0, &(0x7f0000000180)=0x1, 0xffffffff7ffffffe) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000140)='/dev/input/mice\x00', 0x460000) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5400f6ff0206010100000000000000000000000005000400000000000900020073797a31000000000600000005000100070000000c02000000000000009e61390d000300686173683a6d61630000000000000000"], 0x54}}, 0x0) 04:28:06 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:06 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:06 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) ioctl$sock_SIOCGSKNS(r1, 0x894c, &(0x7f0000000000)=0xfd38) [ 1164.239491] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1164.259292] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1164.265450] CPU: 1 PID: 6267 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1164.273258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1164.282616] Call Trace: [ 1164.285213] dump_stack+0x1b2/0x283 [ 1164.288858] warn_alloc.cold+0x96/0x1cc [ 1164.292854] ? check_preemption_disabled+0x35/0x240 [ 1164.297903] ? zone_watermark_ok_safe+0x220/0x220 [ 1164.302763] ? perf_trace_lock_acquire+0x510/0x510 [ 1164.307718] ? fs_reclaim_release+0xd0/0x110 [ 1164.312146] ? ip_set_alloc+0x47/0x60 [ 1164.315958] vzalloc+0x122/0x150 [ 1164.319344] ip_set_alloc+0x47/0x60 [ 1164.322981] hash_mac_create+0x36e/0x7c6 [ 1164.327056] ip_set_create+0x5f9/0xf30 [ 1164.330959] ? __find_set_type_get+0x360/0x360 [ 1164.335551] ? __mutex_lock+0x360/0x1310 [ 1164.339640] ? lock_downgrade+0x740/0x740 [ 1164.343803] ? __find_set_type_get+0x360/0x360 [ 1164.348395] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1164.352657] netlink_rcv_skb+0x125/0x390 [ 1164.356735] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1164.361762] ? netlink_ack+0x9a0/0x9a0 [ 1164.365674] ? ns_capable_common+0x127/0x150 [ 1164.370095] nfnetlink_rcv+0x1ab/0x1da0 [ 1164.374078] ? __dev_queue_xmit+0xcd6/0x2480 [ 1164.378552] ? check_preemption_disabled+0x35/0x240 [ 1164.383587] ? perf_trace_lock+0xf7/0x490 [ 1164.387750] ? perf_trace_lock_acquire+0x510/0x510 [ 1164.392698] ? nfnetlink_bind+0x240/0x240 [ 1164.396853] ? netlink_deliver_tap+0x90/0x7d0 [ 1164.401368] ? lock_downgrade+0x740/0x740 [ 1164.405536] netlink_unicast+0x437/0x610 [ 1164.409724] ? netlink_sendskb+0xd0/0xd0 [ 1164.413894] netlink_sendmsg+0x62e/0xb80 [ 1164.417966] ? nlmsg_notify+0x170/0x170 [ 1164.421948] ? kernel_recvmsg+0x210/0x210 [ 1164.426111] ? security_socket_sendmsg+0x83/0xb0 [ 1164.430877] ? nlmsg_notify+0x170/0x170 [ 1164.434880] sock_sendmsg+0xb5/0x100 [ 1164.438608] ___sys_sendmsg+0x6c8/0x800 [ 1164.442608] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1164.447377] ? __lock_acquire+0x5fc/0x3f20 [ 1164.451634] ? perf_trace_lock_acquire+0x510/0x510 [ 1164.456577] ? do_futex+0x12b/0x1930 [ 1164.460398] ? check_preemption_disabled+0x35/0x240 [ 1164.468044] ? __fget+0x1fe/0x360 [ 1164.471515] ? lock_acquire+0x170/0x3f0 [ 1164.475502] ? lock_downgrade+0x740/0x740 [ 1164.479701] ? __fget+0x225/0x360 [ 1164.483174] ? __fdget+0x196/0x1f0 [ 1164.486728] ? sockfd_lookup_light+0xb2/0x160 [ 1164.491232] __sys_sendmsg+0xa3/0x120 [ 1164.495221] ? SyS_shutdown+0x160/0x160 [ 1164.499214] ? SyS_clock_gettime+0xf5/0x180 [ 1164.503541] ? SyS_clock_settime+0x1a0/0x1a0 [ 1164.507958] SyS_sendmsg+0x27/0x40 [ 1164.511506] ? __sys_sendmsg+0x120/0x120 [ 1164.515579] do_syscall_64+0x1d5/0x640 [ 1164.519482] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1164.524672] RIP: 0033:0x45d249 [ 1164.527863] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1164.535585] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1164.542866] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1164.550143] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1164.557420] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1164.564697] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c 04:28:07 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$FBIOGETCMAP(r2, 0x4604, &(0x7f0000001a40)={0xfff, 0x8, &(0x7f0000001940)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000019c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001a00)=[0x0]}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$OSF_MSG_REMOVE(r2, &(0x7f0000001900)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000018c0)={&(0x7f0000000140)={0x175c, 0x1, 0x5, 0x200, 0x0, 0x0, {0x1, 0x0, 0x4}, [{{0x254, 0x1, {{0x2, 0x9}, 0x0, 0x72, 0x0, 0x8000, 0xc, 'syz0\x00', "d7797bed33e3551837dfe521b5c8e9be19a6a0c2768583bc3030665ff95b57ba", "0c4264f03c467766ff1c0407cf8dc8917376e8926e1f588394789c5595ad9cff", [{0x7, 0x5}, {0x4, 0x7, {0xdcb1f864900937c9, 0x5}}, {0x9, 0xf824, {0x2, 0x3f}}, {0x9, 0x1000, {0x1, 0x2}}, {0x3ff, 0x5, {0x0, 0xffffffff}}, {0x0, 0x2f, {0x1, 0xf2}}, {0x0, 0x0, {0x2, 0x10000}}, {0x40, 0x8, {0x1, 0xcc}}, {0x4, 0x9, {0x0, 0x8}}, {0x1, 0x8, {0x1, 0x8}}, {0x6, 0x1, {0x1, 0x54876680}}, {0xfc01, 0x1, {0x1, 0x4}}, {0x1f, 0x1, {0x3, 0x7ff}}, {0x8c5, 0xeee, {0x0, 0x3}}, {0x7fff, 0x800, {0x3, 0xf83f}}, {0x200, 0x9, {0x2, 0x1}}, {0x20, 0x1f, {0x1, 0x80000000}}, {0x40, 0xdb4, {0x1, 0x9}}, {0x5, 0x9, {0x0, 0x9}}, {0x6, 0x1f, {0x1, 0x7}}, {0xfffe, 0x2, {0x1, 0x40}}, {0x401, 0x9, {0x0, 0x6}}, {0xcd8, 0x39fd, {0x2, 0x2}}, {0x9, 0x5a, {0x1, 0x89}}, {0x3, 0x8000, {0x3, 0x200}}, {0x2f53, 0x6, {0x2, 0x1}}, {0xffff, 0x20, {0x2, 0x9}}, {0x7ff, 0x7, {0x0, 0x1ff}}, {0xb420, 0x20, {0x2, 0x1}}, {0xfeff, 0x0, {0x0, 0xd4b}}, {0x3, 0xfffa, {0x0, 0xffffff81}}, {0xb5, 0xd, {0x2, 0x200}}, {0x7fff, 0x6, {0x3, 0x56}}, {0x0, 0x9, {0x1, 0x7ff}}, {0x3b27, 0x101, {0x3, 0x1}}, {0x0, 0x2, {0x1, 0x7}}, {0x1, 0x3, {0x0, 0x8001}}, {0xff, 0x6, {0x3, 0x6}}, {0x1000, 0x1ff, {0x2, 0x6}}, {0x7575, 0xffe0, {0x1, 0x3f}}]}}}, {{0x254, 0x1, {{0x1, 0x8}, 0x4, 0x18, 0xfffb, 0x40, 0x3, 'syz1\x00', "2bd333e9feea0aabc55a30ce61495a34db2bfc9a1c8f57975b54ff2cabe766de", "c6ead9937d109c29eaacdca62d4311806967dc00da6f7f16290e321156017b2d", [{0x3, 0x1ff, {0x124fd0cf6c0b8c8, 0x185}}, {0x7, 0x9e29, {0x0, 0xa60}}, {0x1, 0x101, {0x1, 0x5}}, {0x6, 0xffff, {0x2, 0xfff}}, {0x1, 0x8, {0x1, 0x7fff}}, {0x5, 0x0, {0x1, 0x5}}, {0x5, 0x0, {0x1, 0x1}}, {0x7, 0x7fff, {0x0, 0xfffffffb}}, {0x4, 0x1, {0xeaeda4d67c434b13, 0x2}}, {0xd3, 0x600, {0x3, 0x80000001}}, {0x9, 0x3353, {0x3, 0x8a1}}, {0x7, 0x1000, {0x1, 0x6}}, {0x1, 0x0, {0x0, 0x1}}, {0x8, 0x100, {0x1, 0x7}}, {0x5, 0x7564, {0x0, 0x4a3}}, {0x1, 0x1, {0x0, 0x26}}, {0x5, 0x1, {0x0, 0x4}}, {0x3, 0x16b8, {0x3, 0x1ff}}, {0x100, 0x1, {0x1, 0x4}}, {0x2, 0xff00, {0x2, 0x435}}, {0x100, 0x200, {0x0, 0x53}}, {0x20, 0x4, {0x0, 0x1000}}, {0x9, 0x8001, {0x0, 0x81}}, {0x7, 0x1000, {0x1, 0x2}}, {0x3cf, 0x3, {0x3, 0x1}}, {0x4, 0x7, {0x3, 0x4}}, {0x1, 0x3ff, {0x3, 0xa3c}}, {0x1, 0x2000, {0x0, 0x4}}, {0x1f, 0x1f, {0x3, 0x10000}}, {0xd26a, 0x3f, {0x0, 0x9}}, {0x7, 0x1, {0x0, 0x2}}, {0x0, 0x4, {0x1, 0x4926}}, {0x2, 0x232, {0x0, 0x400}}, {0x0, 0x4, {0x0, 0x518}}, {0x3f, 0x0, {0x1, 0x10001}}, {0x3, 0x0, {0x3, 0x8}}, {0xfffd, 0x2, {0x1, 0x6}}, {0x81, 0x4, {0x2, 0x3b}}, {0x81, 0x0, {0x1, 0x1}}, {0x3, 0xffff, {0x0, 0x8be}}]}}}, {{0x254, 0x1, {{0x2, 0xfffffbff}, 0x2, 0x8, 0x6, 0x1, 0x26, 'syz0\x00', "567fbb70dd9e5b7088f37bffd7ad5a82817794693e057db9b9632eefdeb383f9", "61252c62700cf6a618a9c532a214ac3debf9198c1f799234c7cbc9f62c8b0fe4", [{0x7, 0x7, {0x1, 0x4}}, {0x0, 0x2, {0x0, 0x8}}, {0x6, 0x6, {0x1, 0x81}}, {0x9, 0xfff7, {0x2, 0xfff}}, {0xff, 0x2, {0x0, 0x3}}, {0x0, 0x31c3, {0x3, 0x3}}, {0x1, 0x3, {0x0, 0x9}}, {0x7, 0x12, {0x3, 0x6}}, {0x1a5, 0x6, {0x1, 0x20}}, {0x2000, 0x2, {0x1, 0x3}}, {0x7, 0xb8, {0x3, 0x8bd}}, {0x5, 0x1, {0x2, 0x2}}, {0x40, 0xfff, {0x0, 0x5}}, {0x3ff, 0x4, {0x3, 0x8001}}, {0x401, 0x6, {0x1}}, {0x401, 0x200, {0x1, 0x4f7}}, {0x4, 0x8, {0x0, 0x9}}, {0xe47, 0x3, {0x2}}, {0x5, 0x100, {0x0, 0xf4a7}}, {0x8, 0x101, {0x3, 0xf1}}, {0x7, 0x8, {0x1, 0x2}}, {0x9, 0x400, {0x3, 0x8}}, {0x6b, 0x1f0, {0x0, 0x5}}, {0x7, 0x3ff, {0x2, 0x10001}}, {0xb49, 0x1, {0x2, 0x10000}}, {0xde95, 0x101, {0x0, 0x5}}, {0x4, 0x5, {0x0, 0x6}}, {0x80, 0x90, {0x2, 0x7}}, {0x2, 0x1, {0x0, 0x3}}, {0x5, 0x1, {0x0, 0x40000000}}, {0x6, 0x4, {0x3, 0x1}}, {0x8000, 0x32, {0x1, 0x80000000}}, {0x8, 0x7f, {0x0, 0x2f}}, {0x80, 0x7, {0x1, 0x4}}, {0xb9, 0x2, {0x1, 0x1c8}}, {0x20, 0xd6d7, {0x2, 0x80000001}}, {0x4, 0x3f, {0x1, 0x9}}, {0x4, 0x6, {0x3, 0x81}}, {0x5, 0x2ec9, {0x3, 0x8}}, {0x4, 0x1f, {0x2, 0x1}}]}}}, {{0x254, 0x1, {{0x2, 0x1}, 0x0, 0x7f, 0x7000, 0x1f, 0x3, 'syz0\x00', "2cf21761f56fe147324f1261c7de7296422f06cf22508b618def6fc38493e306", "cc0ab6b2f481540d062ba6c8ed00686c9d20035f3c2811d2e904485cda79454a", [{0xaa3b, 0x40, {0x3, 0x401}}, {0x7, 0x6, {0x1, 0x28f}}, {0x8001, 0x6, {0x2, 0x101}}, {0x3, 0x6, {0x3, 0xfffffff7}}, {0x7ff, 0x59aa, {0x2, 0x6}}, {0x0, 0x7, {0x1, 0x7}}, {0x4, 0x6, {0x2, 0x4}}, {0x7, 0x8000, {0x2, 0x7}}, {0x9, 0x1, {0x3, 0x27de50b1}}, {0x3, 0x9, {0x1, 0x3}}, {0x3, 0x1, {0x3, 0x101}}, {0x2, 0x5dc, {0x2, 0xffffffff}}, {0x800, 0x2, {0x3, 0x6}}, {0xffc1, 0x9, {0x1, 0x1f}}, {0x7ff, 0x76, {0x2, 0x9}}, {0x2, 0x3, {0x3, 0x6}}, {0x1, 0x1ff, {0x0, 0x6}}, {0x3, 0x40, {0x3, 0x400000}}, {0xfe01, 0x0, {0x2, 0xcc1a}}, {0x3f, 0x2, {0x1, 0x4}}, {0x7f, 0x8, {0x1, 0x2}}, {0xe59, 0x1, {0x1, 0xffc00000}}, {0x1000, 0x7, {0x2, 0x8001}}, {0x8, 0x3, {0x0, 0x8}}, {0x7, 0xfffc, {0x0, 0xfc000000}}, {0x8000, 0x8, {0x3}}, {0x0, 0x871, {0x0, 0x4}}, {0x4, 0x3, {0x3, 0x10000}}, {0x2, 0x800, {0x2, 0x1}}, {0xfbff, 0x600, {0x2, 0x917}}, {0x1, 0x1f, {0x3, 0x4}}, {0xffff, 0x6, {0x3, 0xcf9}}, {0x5, 0xf275, {0x1}}, {0x2, 0x3, {0x1, 0x6}}, {0x863, 0x4, {0x1, 0x10000}}, {0xffff, 0x7fff, {0x2, 0x4a8}}, {0x9, 0x0, {0x2, 0x8c}}, {0x3, 0x3, {0x3, 0x2}}, {0xfc, 0x7f, {0x3, 0x7f}}, {0x5, 0x4, {0x1, 0x2}}]}}}, {{0x254, 0x1, {{0x2, 0x8}, 0x4a, 0x6, 0x6, 0x1000, 0xf, 'syz1\x00', "758ba7a243292c430e738329d42e32af80d72b870e26fd76db023252da5f75eb", "9207688a3e4ba41cc77c3349c9538f24e77f510a1f7940d7e8eecc672db81a47", [{0x0, 0x400, {0x0, 0xfff}}, {0x8, 0x4, {0x2, 0xfffffff7}}, {0x3f, 0x9, {0x3, 0x7ff}}, {0x2d, 0x0, {0x3, 0x8}}, {0x8, 0xffe0, {0x2, 0x4}}, {0x4, 0x8, {0x1, 0x6}}, {0x3, 0x2, {0x2, 0x3}}, {0x347b, 0x71a, {0x0, 0x6}}, {0x2, 0x1, {0x0, 0x209}}, {0x0, 0x9, {0x1, 0xfffffe01}}, {0x2, 0xfffd, {0x3, 0x7}}, {0x3ff, 0x8, {0x1, 0x3f}}, {0x9, 0x19db, {0x1, 0x287}}, {0xb7f, 0x0, {0x3, 0x10000}}, {0x4, 0x401, {0x2, 0x4}}, {0xfbff, 0x3, {0x3, 0x8}}, {0x80, 0x5, {0x3, 0x8000}}, {0xfff7, 0x9, {0x1, 0x100}}, {0x6, 0x3ff, {0x1, 0x7f}}, {0x7f, 0x3f, {0x0, 0x4}}, {0xb27, 0x6, {0x0, 0x1f}}, {0x0, 0x21, {0x3, 0x1ff}}, {0x3f, 0x8001, {0x3, 0x8}}, {0x1, 0x1ff, {0x3, 0x3}}, {0xfff, 0x148, {0x2, 0xe611}}, {0x1, 0x4be3, {0x2, 0x800}}, {0x100, 0x0, {0x2, 0x1ff}}, {0x9, 0xf5b0, {0x1, 0x1}}, {0xfff8, 0x0, {0x2, 0x6}}, {0xfff, 0x1, {0x3, 0x7}}, {0x400, 0x3f, {0x3, 0x6}}, {0xe20, 0xf34, {0x3, 0x9}}, {0xfffe, 0x3, {0x3, 0x8}}, {0x1f, 0x0, {0x3, 0x8}}, {0x5, 0x8001, {0x2, 0x400}}, {0xfff, 0x8001, {0x0, 0x9}}, {0x5, 0x32e8, {0x3, 0x1c5}}, {0x7, 0x101, {0x1}}, {0x40, 0xfd, {0x1, 0xaf8}}, {0xec6, 0x583c, {0x0, 0x6}}]}}}, {{0x254, 0x1, {{0x3}, 0x6, 0x43, 0xfffa, 0xdb, 0xc, 'syz0\x00', "2c1af1d476cc9938fb4bf4a508b6393294dd667cde91a798baaa750f7eb56c2e", "02815930b0ce4aa371ddc2302671bdfd81fc7ddc34c89d36f773b5ba581a18d9", [{0x1, 0xffff, {0x0, 0x1ff}}, {0x81, 0xff, {0x1, 0x8}}, {0x2, 0x9, {0x1}}, {0x4, 0x4, {0x3}}, {0x7, 0x8, {0x2, 0x800}}, {0x3ff, 0x814f, {0x3, 0x10000}}, {0x9, 0x80, {0x0, 0x4000000}}, {0x9, 0x6, {0x0, 0x6}}, {0x2, 0xfffa, {0x2, 0x101}}, {0xe15, 0x8, {0x2, 0x1}}, {0x8001, 0x40, {0x1, 0x2}}, {0x8, 0x1, {0x3, 0x8}}, {0xffff, 0x401, {0x2bf78c220ece6e45}}, {0x400, 0x8, {0x1, 0x2}}, {0x400, 0x6, {0x2, 0xfffffffb}}, {0x1, 0xff, {0x2, 0xdd19}}, {0x7f, 0x9c22, {0x2}}, {0x4, 0x4, {0x2}}, {0x6, 0x1000, {0x1, 0x80000001}}, {0x3, 0x8000, {0x2, 0x5}}, {0x3f, 0x5, {0x1, 0x1}}, {0x1, 0x4, {0x0, 0x1ff}}, {0x5d2, 0x1, {0x2, 0xff}}, {0x101, 0x1ef, {0x0, 0x4}}, {0xde9, 0x7, {0x0, 0x8}}, {0x4, 0x9, {0x3, 0x7}}, {0x1, 0x5, {0x2, 0xc0f4}}, {0x2, 0x6, {0x3, 0xffffffff}}, {0xf34b, 0x3, {0x1, 0x800}}, {0x2, 0x8, {0x3, 0x99d6}}, {0x6, 0x4, {0x2, 0x6}}, {0x1, 0x400, {0x3, 0xdaa}}, {0x7, 0x96, {0x2, 0x80000000}}, {0x400, 0x7, {0x1, 0x87e}}, {0x3, 0x3, {0x3, 0x80000001}}, {0x1000, 0x1ff, {0x1, 0x6}}, {0x7, 0x0, {0x3, 0x9}}, {0x20, 0xfffd, {0x0, 0x3}}, {0x1b5, 0x200, {0x2, 0x3f}}, {0x1, 0x3, {0x1, 0x2695}}]}}}, {{0x254, 0x1, {{0x0, 0x80}, 0x4, 0x2, 0x904, 0x4012, 0x17, 'syz1\x00', "65e50af994967e84817a4ede08abbfa92a19608d6f8ddf67aeb902d9967796aa", "1a67e2c03ee3e6f0ad18cbd48767cfd8b3da68c156cd39d68c489a288b621e3b", [{0x4c47, 0x1000, {0x2, 0x5}}, {0x2, 0x2, {0x3}}, {0x200, 0x3, {0x3, 0xfffffff9}}, {0x0, 0xb1, {0x3, 0x10001}}, {0x0, 0x7ff, {0x3, 0x8}}, {0x7, 0xffff, {0x1, 0xe781}}, {0x9, 0x5, {0x3, 0xd3811083}}, {0x7, 0x800, {0x2, 0x8e3}}, {0x600, 0x200, {0x2, 0x4}}, {0x1, 0x3, {0x3, 0x80000000}}, {0x8, 0x9, {0x3, 0x1}}, {0x5, 0x800, {0x0, 0x10000}}, {0x400, 0x81, {0x3, 0x5}}, {0xbf5f, 0x1, {0x611c6d8d891c27c6, 0x100}}, {0x100, 0x38fa, {0x0, 0x10000}}, {0x200, 0xfff, {0x2, 0x80000001}}, {0x8001, 0x6, {0x0, 0x5fc89ff9}}, {0xed, 0x1000, {0x3, 0x10000}}, {0xfff8, 0x8, {0x0, 0x1}}, {0x1, 0x1ff, {0x1, 0x80000001}}, {0x7, 0x9, {0x2, 0x2}}, {0x9, 0x7fff, {0x3, 0x2}}, {0x3, 0x7f, {0x0, 0x7fff}}, {0x16ff, 0x7fff, {0x2, 0x80000001}}, {0x8, 0xfff, {0x0, 0x1000}}, {0x6, 0x101, {0x2, 0x9}}, {0x3f, 0x8, {0x2, 0x6}}, {0xff, 0x2, {0x1, 0x1}}, {0x800, 0x3, {0x1, 0x4}}, {0xff, 0x8, {0x0, 0x100}}, {0x4, 0x8, {0x3, 0xad}}, {0x5, 0x40, {0x1, 0x7}}, {0x7fff, 0x2, {0x0, 0x200}}, {0x1000, 0x0, {0x2, 0xfff}}, {0x9, 0x3, {0x0, 0x20}}, {0x80, 0x40, {0x1, 0x80000001}}, {0x6, 0x81, {0x0, 0x3ff}}, {0xd7, 0x0, {0x0, 0x8503}}, {0x401, 0x1, {0x1, 0x7}}, {0x0, 0x0, {0x3, 0x7fffffff}}]}}}, {{0x254, 0x1, {{0x2, 0x5}, 0x3, 0x2, 0x4, 0x40, 0xc, 'syz1\x00', "13b7f3bc7a75ed62fd88f407a1814fc7d03c3ee4915ee581ffedc8a3c4c5de12", "2aa6a3bf64a7d261269d8c1b0367fb25c4db77da4a8db3f1bc6db33c1f2cf533", [{0x3ff, 0x3, {0x3, 0x8}}, {0x8, 0x0, {0x3, 0x6}}, {0x8000, 0x9, {0x0, 0x1f}}, {0x8, 0x80}, {0xbdc, 0x3, {0x2, 0x7}}, {0x1ff, 0x1000, {0x0, 0x5b}}, {0x3, 0x7, {0x3, 0x3}}, {0x1f, 0xff, {0x0, 0x7f}}, {0xfc00, 0x8, {0x1, 0xfffffff7}}, {0x401, 0xffff, {0x0, 0x5}}, {0x1, 0x4, {0x1, 0x800}}, {0x0, 0x2, {0x1, 0x101}}, {0x8001, 0x4, {0x0, 0xda4}}, {0x7, 0x5, {0x3, 0x1ff}}, {0x5, 0xeed, {0x3, 0x6}}, {0xd92e, 0x5cb, {0x3, 0x1}}, {0xfffb, 0x40, {0x0, 0x10001}}, {0x8fc4, 0x7c, {0x1, 0x4}}, {0x4, 0x7, {0x1, 0x8001}}, {0x1, 0x6, {0x0, 0x4}}, {0x0, 0x81, {0x1, 0x6}}, {0x2, 0x5, {0x2, 0xcd}}, {0x81, 0xffff, {0x0, 0x4}}, {0x8001, 0x20, {0x0, 0x6a}}, {0x4, 0x7fff, {0x3, 0x81}}, {0x7f, 0x5, {0x3, 0xfffffffe}}, {0x0, 0x7, {0x1, 0xfc00}}, {0x8, 0x0, {0x0, 0x9}}, {0x9, 0x3, {0x3, 0x6cc3}}, {0x346, 0x843, {0x2, 0x7}}, {0x72, 0x3, {0x3, 0x7}}, {0x3, 0xffff, {0x2, 0xffffffff}}, {0x4da0, 0x8, {0x0, 0x1}}, {0x0, 0x1, {0x3, 0xa4}}, {0x9, 0x7, {0x0, 0x3}}, {0x20, 0x5, {0x0, 0x5c}}, {0x9, 0x800, {0x3, 0x2}}, {0xffff, 0x0, {0x3, 0x6}}, {0x500, 0x3ff, {0x2}}, {0x8e09, 0x6, {0x2, 0x7}}]}}}, {{0x254, 0x1, {{0x3, 0x7fff}, 0x7f, 0xff, 0x5, 0xd94f, 0xe, 'syz1\x00', "23e7f9099d5f7702d0af302105fe723129151b54d67d63702172995b64a568fa", "744432fc755b413c11dad580a6ddf8d96872bc30b0b205cabf326779bb7dbb6c", [{0x3, 0x0, {0x2, 0x6}}, {0x4, 0x5}, {0x7, 0x1, {0x0, 0x224}}, {0x4f7, 0x3, {0x3, 0x3ff}}, {0x40, 0x706b, {0x0, 0x4}}, {0x8, 0x5, {0x2, 0x4}}, {0x8000, 0x9, {0x1, 0x5}}, {0x8001, 0x4, {0x0, 0x1}}, {0x9, 0x8, {0x0, 0x439515ce}}, {0x38b, 0x902, {0x2}}, {0x3, 0x2, {0x1, 0x7ff}}, {0x5, 0x16, {0x3, 0xffff}}, {0x2, 0x3, {0x1, 0x8001}}, {0x5, 0x3c, {0x1, 0x2}}, {0xb07a, 0x2, {0x1, 0x1}}, {0x2645, 0x7ff, {0x1, 0x1ff}}, {0x2, 0x800, {0x3, 0xb3}}, {0x4, 0xa0dc, {0x1, 0x9}}, {0x1, 0x5860, {0x3, 0x5b}}, {0x8, 0x2, {0x0, 0x7}}, {0xd676, 0xfd1, {0x1, 0x7}}, {0x5, 0x6, {0x1, 0x3ff}}, {0x0, 0x4, {0x3, 0x8}}, {0x57e, 0x2, {0x1, 0x101}}, {0x5, 0x5, {0x3, 0x7}}, {0x3, 0x3, {0x0, 0x4}}, {0x9b13, 0x800, {0x2, 0x7}}, {0x200, 0x8358, {0x1, 0x8001}}, {0x0, 0xa246, {0x1, 0x9}}, {0x7, 0x101, {0x1, 0x6}}, {0xe87, 0x1, {0x2, 0x15}}, {0x5, 0x1000, {0x2, 0x400}}, {0x8f, 0x8, {0x2, 0x8}}, {0x20, 0x0, {0x3, 0x1}}, {0xfffa, 0xa03a, {0x1, 0xaa}}, {0x2, 0xff80, {0x2, 0xfffffff9}}, {0x800, 0x1f, {0x1, 0x7}}, {0x20, 0x0, {0x3, 0xfffffffd}}, {0x5, 0x3, {0x3}}, {0x0, 0x20}]}}}, {{0x254, 0x1, {{0x0, 0x3}, 0xa3, 0xe4, 0x8, 0x2, 0x14, 'syz0\x00', "4a2cc4076c9df3ed048cb4d2014e406fd4a92b4182baf0eac3b57b1c32d77240", "640457936c92a5560dee9342a634349760121d3642be336ca9cfe8bbc7ab7bf4", [{0x1, 0x5, {0x0, 0xfffffffc}}, {0x4, 0x3f, {0x2}}, {0x0, 0x8000, {0x1, 0xc}}, {0x9, 0x3, {0x0, 0x9}}, {0x2, 0xfffe, {0x2, 0x7fffffff}}, {0x4, 0x8000, {0x0, 0xbd}}, {0x8, 0x0, {0x0, 0x200}}, {0x1f, 0x0, {0x3, 0xbe}}, {0x101, 0x2, {0x2, 0xfffffff7}}, {0xfc01, 0xfff, {0x3, 0xf4}}, {0x490, 0x1, {0x1, 0x80000000}}, {0x8001, 0x6, {0x2, 0x81}}, {0x81d, 0x800, {0x1, 0x10000}}, {0x100, 0x80, {0x2, 0x4}}, {0x7, 0x20b3, {0x2, 0x7fff}}, {0x101, 0x3, {0x0, 0x101}}, {0x9, 0x2, {0x2, 0x7}}, {0x3f, 0x6, {0x3}}, {0x0, 0x101, {0x1}}, {0xfffc, 0x6, {0x1, 0x2}}, {0x2, 0x4, {0x2, 0x4}}, {0x0, 0x6, {0x0, 0x7}}, {0x1, 0x3, {0x2}}, {0x81, 0xc06, {0x2, 0x84}}, {0x7, 0x0, {0x0, 0x80}}, {0x2000, 0x3, {0x2, 0x80}}, {0x7f, 0x4, {0x0, 0xc062}}, {0x401, 0xf3b6, {0x0, 0x3}}, {0x4, 0x0, {0x2, 0x933b}}, {0xfffe, 0x3, {0x2, 0x800}}, {0xb941, 0x5, {0x0, 0x3}}, {0x400, 0x5, {0x1}}, {0xfe, 0x100, {0x1, 0x400}}, {0x1000, 0x7, {0x0, 0xfffffff0}}, {0x9, 0x6a2, {0x1, 0x6}}, {0x7, 0x1, {0x2, 0x6000000}}, {0xffff, 0x4, {0x0, 0xfffffff9}}, {0x709, 0x7ff, {0x0, 0x1000}}, {0x2, 0x5, {0x0, 0x38b0}}, {0x5, 0xfc, {0x1, 0x3}}]}}}]}, 0x175c}, 0x1, 0x0, 0x0, 0x1}, 0x24000000) 04:28:07 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) flistxattr(r2, &(0x7f0000000000)=""/15, 0xf) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x81000) r4 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000000)={@private1={0xfc, 0x1, [], 0x1}, 0x0, 0x0, 0x2, 0x1, 0xfffb, 0x0, 0x400000000}, 0x20) r5 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') sendfile(r4, r5, &(0x7f0000000240)=0x202, 0x4000000000dc) r6 = dup2(r4, 0xffffffffffffffff) sendmsg$SMC_PNETID_FLUSH(r6, &(0x7f0000003800)={0x0, 0x0, &(0x7f00000037c0)={&(0x7f0000001440)=ANY=[@ANYBLOB="280004d5743e19a3b2808cae02000000000000003ea82f1ce8ec3d370738462ba2017968200039110be65d00ace208929737260bbd0af10d35ae4caf0892fb8614a4fa857a91470502c826a14ad6f40c957084f7ab68e0266447f67290a4eee16b03e378a07e8e7c3ec76bdb90bd0000000000000000f811abe4409070fbde6cabe374ba6b62ceeb0952b27cb0777cda76d2ffcc01107c7c3355b487e3b9ad8de1afb9f32d7fc1961fdbb596e5326c5f5c6bf915b5c09d9f43eaefd82d25b59cc2ecf259fdb1a1136cbbcf8a03ee8e8d39915b274816e394e8254c20d49755e5c058479492cd6a5242f47afe352185ace16ceca20acfca050e6869da37c64b9a55a99a9577eb00"/278, @ANYRESOCT=r3, @ANYRES64, @ANYRES16], 0x28}, 0x1, 0x0, 0x0, 0x809}, 0x4004800) r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICADD(r3, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000900)=ANY=[@ANYBLOB="64000000d78729b32708fb58ff56494c966c9511090c850c829992751bbf08af61f07f721ec72b9880c2f0f05c785eb7", @ANYRES16=r7, @ANYBLOB], 0x64}}, 0x4000000) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0x5c, r7, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ip6gretap0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:hald_dccm_exec_t:s0\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x80004) sendmsg$NLBL_UNLABEL_C_STATICLIST(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0xc8, r7, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast1}, @NLBL_UNLABEL_A_SECCTX={0x2b, 0x7, 'system_u:object_r:ssh_keygen_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @private=0xa010100}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ip_vti0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast1}]}, 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x22000000) r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r8, 0x8004510b, &(0x7f00000000c0)) [ 1164.787495] Mem-Info: [ 1164.790035] active_anon:232967 inactive_anon:6091 isolated_anon:0 [ 1164.790035] active_file:7392 inactive_file:32755 isolated_file:0 [ 1164.790035] unevictable:0 dirty:223 writeback:0 unstable:0 [ 1164.790035] slab_reclaimable:18393 slab_unreclaimable:135101 [ 1164.790035] mapped:62460 shmem:6280 pagetables:5890 bounce:0 [ 1164.790035] free:1089255 free_pcp:215 free_cma:0 [ 1164.829163] Node 0 active_anon:933968kB inactive_anon:24364kB active_file:29424kB inactive_file:131020kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249840kB dirty:892kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 882688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:28:07 executing program 3: mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='bpf\x00', 0x208000, &(0x7f0000000100)={[{@mode={'mode'}}, {@mode={'mode', 0x3d, 0x5}}, {@mode={'mode', 0x3d, 0x3}}, {@mode={'mode', 0x3d, 0x9}}], [{@obj_type={'obj_type', 0x3d, '/dev/sequencer\x00'}}, {@smackfshat={'smackfshat', 0x3d, '_'}}, {@fsname={'fsname', 0x3d, '-'}}]}) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) [ 1164.864402] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1164.909657] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1164.960471] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1164.970279] Node 0 DMA32 free:555012kB min:36272kB low:45340kB high:54408kB active_anon:933892kB inactive_anon:24364kB active_file:29424kB inactive_file:131020kB unevictable:0kB writepending:888kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14464kB pagetables:23560kB bounce:0kB free_pcp:924kB local_pcp:548kB free_cma:0kB [ 1165.014393] lowmem_reserve[]: 0 0 0 0 0 [ 1165.018680] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1165.083588] lowmem_reserve[]: 0 0 0 0 0 [ 1165.087859] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1165.117732] lowmem_reserve[]: 0 0 0 0 0 [ 1165.125275] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1165.140719] Node 0 DMA32: 754*4kB (UME) 231*8kB (UME) 284*16kB (UE) 203*32kB (UME) 122*64kB (UME) 36*128kB (UME) 11*256kB (UM) 12*512kB (UME) 7*1024kB (UME) 4*2048kB (UME) 123*4096kB (M) = 556448kB [ 1165.161177] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1165.207914] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1165.259926] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1165.288202] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1165.311838] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1165.336346] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1165.360731] 25382 total pagecache pages [ 1165.374635] 0 pages in swap cache [ 1165.381558] Swap cache stats: add 0, delete 0, find 0/0 [ 1165.398971] Free swap = 0kB [ 1165.407523] Total swap = 0kB 04:28:07 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:07 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1165.414037] 1965979 pages RAM [ 1165.420602] 0 pages HighMem/MovableOnly [ 1165.429276] 339072 pages reserved [ 1165.437262] 0 pages cma reserved [ 1165.453118] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1165.623809] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1165.664435] CPU: 1 PID: 6287 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1165.672271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1165.681636] Call Trace: [ 1165.684333] dump_stack+0x1b2/0x283 [ 1165.687983] warn_alloc.cold+0x96/0x1cc [ 1165.691968] ? check_preemption_disabled+0x35/0x240 [ 1165.697117] ? zone_watermark_ok_safe+0x220/0x220 [ 1165.701975] ? perf_trace_lock_acquire+0x510/0x510 [ 1165.706919] ? fs_reclaim_release+0xd0/0x110 [ 1165.711347] ? ip_set_alloc+0x47/0x60 [ 1165.715164] vzalloc+0x122/0x150 [ 1165.718548] ip_set_alloc+0x47/0x60 [ 1165.722191] hash_mac_create+0x36e/0x7c6 [ 1165.726269] ip_set_create+0x5f9/0xf30 [ 1165.730172] ? __find_set_type_get+0x360/0x360 [ 1165.735110] ? __mutex_lock+0x360/0x1310 [ 1165.739204] ? __find_set_type_get+0x360/0x360 [ 1165.743802] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1165.748067] netlink_rcv_skb+0x125/0x390 [ 1165.752144] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1165.757170] ? netlink_ack+0x9a0/0x9a0 [ 1165.761071] ? ns_capable_common+0x127/0x150 [ 1165.765582] nfnetlink_rcv+0x1ab/0x1da0 [ 1165.769566] ? __dev_queue_xmit+0xcd6/0x2480 [ 1165.773995] ? check_preemption_disabled+0x35/0x240 [ 1165.779021] ? perf_trace_lock+0xf7/0x490 [ 1165.783174] ? perf_trace_lock_acquire+0x510/0x510 [ 1165.788110] ? nfnetlink_bind+0x240/0x240 [ 1165.792259] ? netlink_deliver_tap+0x90/0x7d0 [ 1165.796760] ? lock_downgrade+0x740/0x740 [ 1165.800909] netlink_unicast+0x437/0x610 [ 1165.804969] ? netlink_sendskb+0xd0/0xd0 [ 1165.809036] netlink_sendmsg+0x62e/0xb80 [ 1165.813109] ? nlmsg_notify+0x170/0x170 [ 1165.817078] ? kernel_recvmsg+0x210/0x210 [ 1165.821227] ? security_socket_sendmsg+0x83/0xb0 [ 1165.825976] ? nlmsg_notify+0x170/0x170 [ 1165.829963] sock_sendmsg+0xb5/0x100 [ 1165.834207] ___sys_sendmsg+0x6c8/0x800 [ 1165.838209] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1165.843047] ? __lock_acquire+0x5fc/0x3f20 [ 1165.847277] ? perf_trace_lock_acquire+0x510/0x510 [ 1165.852204] ? do_futex+0x12b/0x1930 [ 1165.855914] ? check_preemption_disabled+0x35/0x240 [ 1165.860929] ? __fget+0x1fe/0x360 [ 1165.864382] ? lock_acquire+0x170/0x3f0 [ 1165.868351] ? lock_downgrade+0x740/0x740 [ 1165.872502] ? __fget+0x225/0x360 [ 1165.875984] ? __fdget+0x196/0x1f0 [ 1165.879520] ? sockfd_lookup_light+0xb2/0x160 [ 1165.884011] __sys_sendmsg+0xa3/0x120 [ 1165.887806] ? SyS_shutdown+0x160/0x160 [ 1165.891788] ? SyS_clock_gettime+0xf5/0x180 [ 1165.896126] ? SyS_clock_settime+0x1a0/0x1a0 [ 1165.900530] SyS_sendmsg+0x27/0x40 [ 1165.904077] ? __sys_sendmsg+0x120/0x120 [ 1165.908132] do_syscall_64+0x1d5/0x640 [ 1165.912026] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1165.917211] RIP: 0033:0x45d249 [ 1165.920397] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1165.928102] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1165.935453] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1165.942732] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1165.949994] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1165.957261] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1165.978579] Mem-Info: [ 1165.981064] active_anon:232440 inactive_anon:6091 isolated_anon:0 [ 1165.981064] active_file:7392 inactive_file:32763 isolated_file:0 [ 1165.981064] unevictable:0 dirty:252 writeback:0 unstable:0 [ 1165.981064] slab_reclaimable:18412 slab_unreclaimable:135835 [ 1165.981064] mapped:62484 shmem:6280 pagetables:5827 bounce:0 [ 1165.981064] free:1089077 free_pcp:292 free_cma:0 [ 1166.020919] Node 0 active_anon:929760kB inactive_anon:24364kB active_file:29424kB inactive_file:131052kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249936kB dirty:1008kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 888832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1166.057975] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1166.088857] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1166.122943] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1166.128024] Node 0 DMA32 free:557596kB min:36272kB low:45340kB high:54408kB active_anon:929760kB inactive_anon:24364kB active_file:29424kB inactive_file:131052kB unevictable:0kB writepending:1008kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14208kB pagetables:23308kB bounce:0kB free_pcp:1156kB local_pcp:540kB free_cma:0kB [ 1166.163956] lowmem_reserve[]: 0 0 0 0 0 [ 1166.167984] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1166.200517] lowmem_reserve[]: 0 0 0 0 0 [ 1166.204917] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1166.237944] lowmem_reserve[]: 0 0 0 0 0 [ 1166.241968] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1166.261521] Node 0 DMA32: 785*4kB (UME) 266*8kB (UME) 159*16kB (UE) 196*32kB (UME) 127*64kB (UME) 36*128kB (UME) 10*256kB (UM) 13*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 557252kB [ 1166.284835] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1166.298939] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1166.320845] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1166.330258] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1166.344232] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1166.357244] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1166.367559] 25389 total pagecache pages [ 1166.371722] 0 pages in swap cache [ 1166.380037] Swap cache stats: add 0, delete 0, find 0/0 [ 1166.388682] Free swap = 0kB [ 1166.391718] Total swap = 0kB [ 1166.399191] 1965979 pages RAM [ 1166.404910] 0 pages HighMem/MovableOnly [ 1166.409114] 339072 pages reserved [ 1166.412729] 0 pages cma reserved [ 1166.423127] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1166.435556] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1166.440711] CPU: 0 PID: 6289 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1166.449207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1166.458568] Call Trace: [ 1166.461162] dump_stack+0x1b2/0x283 [ 1166.464804] warn_alloc.cold+0x96/0x1cc [ 1166.468789] ? check_preemption_disabled+0x35/0x240 [ 1166.473910] ? zone_watermark_ok_safe+0x220/0x220 [ 1166.478850] ? perf_trace_lock_acquire+0x510/0x510 [ 1166.483790] ? fs_reclaim_release+0xd0/0x110 [ 1166.488394] ? ip_set_alloc+0x47/0x60 [ 1166.492194] vzalloc+0x122/0x150 [ 1166.495907] ip_set_alloc+0x47/0x60 [ 1166.499528] hash_mac_create+0x36e/0x7c6 [ 1166.503597] ip_set_create+0x5f9/0xf30 [ 1166.507481] ? __find_set_type_get+0x360/0x360 [ 1166.512046] ? __mutex_lock+0x360/0x1310 [ 1166.516122] ? __find_set_type_get+0x360/0x360 [ 1166.520723] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1166.524988] netlink_rcv_skb+0x125/0x390 [ 1166.529050] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1166.534064] ? netlink_ack+0x9a0/0x9a0 [ 1166.537943] ? ns_capable_common+0x127/0x150 [ 1166.542336] nfnetlink_rcv+0x1ab/0x1da0 [ 1166.546292] ? __dev_queue_xmit+0xcd6/0x2480 [ 1166.550687] ? check_preemption_disabled+0x35/0x240 [ 1166.555699] ? perf_trace_lock+0xf7/0x490 [ 1166.559860] ? perf_trace_lock_acquire+0x510/0x510 [ 1166.564800] ? nfnetlink_bind+0x240/0x240 [ 1166.568943] ? netlink_deliver_tap+0x90/0x7d0 [ 1166.573796] ? lock_downgrade+0x740/0x740 [ 1166.577941] netlink_unicast+0x437/0x610 [ 1166.582094] ? netlink_sendskb+0xd0/0xd0 [ 1166.586149] netlink_sendmsg+0x62e/0xb80 [ 1166.590283] ? nlmsg_notify+0x170/0x170 [ 1166.594246] ? kernel_recvmsg+0x210/0x210 [ 1166.598384] ? security_socket_sendmsg+0x83/0xb0 [ 1166.603158] ? nlmsg_notify+0x170/0x170 [ 1166.607141] sock_sendmsg+0xb5/0x100 [ 1166.610858] ___sys_sendmsg+0x6c8/0x800 [ 1166.614834] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1166.619586] ? __lock_acquire+0x5fc/0x3f20 [ 1166.624084] ? perf_trace_lock_acquire+0x510/0x510 [ 1166.628996] ? do_futex+0x12b/0x1930 [ 1166.632708] ? check_preemption_disabled+0x35/0x240 [ 1166.637711] ? __fget+0x1fe/0x360 [ 1166.641148] ? lock_acquire+0x170/0x3f0 [ 1166.645124] ? lock_downgrade+0x740/0x740 [ 1166.649343] ? __fget+0x225/0x360 [ 1166.652815] ? __fdget+0x196/0x1f0 [ 1166.656351] ? sockfd_lookup_light+0xb2/0x160 [ 1166.660844] __sys_sendmsg+0xa3/0x120 [ 1166.664646] ? SyS_shutdown+0x160/0x160 [ 1166.668611] ? SyS_clock_gettime+0xf5/0x180 [ 1166.672923] ? SyS_clock_settime+0x1a0/0x1a0 [ 1166.677761] SyS_sendmsg+0x27/0x40 [ 1166.681305] ? __sys_sendmsg+0x120/0x120 [ 1166.685348] do_syscall_64+0x1d5/0x640 [ 1166.689222] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1166.694410] RIP: 0033:0x45d249 [ 1166.697593] RSP: 002b:00007f1c6354cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1166.705283] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1166.712534] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1166.719897] RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 [ 1166.727156] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 1166.734525] R13: 00007ffd3fb1901f R14: 00007f1c6354d9c0 R15: 000000000118cfec 04:28:09 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() rt_sigpending(&(0x7f00000000c0), 0x8) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$AUDIT_MAKE_EQUIV(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, 0x3f7, 0x300, 0x70bd26, 0x25dfdbfd, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x44010) 04:28:09 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0106426, &(0x7f0000000200)={0x1, &(0x7f00000000c0)=[{0x0}]}) ioctl$DRM_IOCTL_UNLOCK(r3, 0x4008642b, &(0x7f0000000240)={r4, 0x4}) ioctl$DRM_IOCTL_NEW_CTX(r2, 0x40086425, &(0x7f0000000000)={r4, 0x2}) 04:28:09 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:09 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:28:09 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_TTY_GET(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f8, 0x200, 0x70bd2c, 0x25dfdbfd, "", [""]}, 0x10}}, 0x40000000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0xa01, 0x0) setsockopt$bt_BT_RCVMTU(r3, 0x112, 0xd, &(0x7f0000000140)=0x7, 0x2) [ 1167.262684] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1167.276833] IPVS: ftp: loaded support on port[0] = 21 [ 1167.280731] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1167.288362] CPU: 1 PID: 6318 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1167.296184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1167.305541] Call Trace: [ 1167.308129] dump_stack+0x1b2/0x283 [ 1167.311767] warn_alloc.cold+0x96/0x1cc [ 1167.315914] ? check_preemption_disabled+0x35/0x240 [ 1167.320913] ? zone_watermark_ok_safe+0x220/0x220 [ 1167.325737] ? perf_trace_lock_acquire+0x510/0x510 [ 1167.330649] ? fs_reclaim_release+0xd0/0x110 [ 1167.335046] ? ip_set_alloc+0x47/0x60 [ 1167.338919] vzalloc+0x122/0x150 [ 1167.342277] ip_set_alloc+0x47/0x60 [ 1167.345888] hash_mac_create+0x36e/0x7c6 [ 1167.350045] ip_set_create+0x5f9/0xf30 [ 1167.353947] ? __find_set_type_get+0x360/0x360 [ 1167.358524] ? __mutex_lock+0x360/0x1310 [ 1167.362589] ? lock_downgrade+0x740/0x740 [ 1167.366733] ? __find_set_type_get+0x360/0x360 [ 1167.371300] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1167.375530] netlink_rcv_skb+0x125/0x390 [ 1167.379582] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1167.384590] ? netlink_ack+0x9a0/0x9a0 [ 1167.388458] ? ns_capable_common+0x127/0x150 [ 1167.392849] nfnetlink_rcv+0x1ab/0x1da0 [ 1167.396830] ? __dev_queue_xmit+0xcd6/0x2480 [ 1167.401320] ? check_preemption_disabled+0x35/0x240 [ 1167.406324] ? perf_trace_lock+0xf7/0x490 [ 1167.410498] ? perf_trace_lock_acquire+0x510/0x510 [ 1167.415417] ? nfnetlink_bind+0x240/0x240 [ 1167.419546] ? netlink_deliver_tap+0x90/0x7d0 [ 1167.424028] ? lock_downgrade+0x740/0x740 [ 1167.428163] netlink_unicast+0x437/0x610 [ 1167.432205] ? netlink_sendskb+0xd0/0xd0 [ 1167.436248] netlink_sendmsg+0x62e/0xb80 [ 1167.440488] ? nlmsg_notify+0x170/0x170 [ 1167.444533] ? kernel_recvmsg+0x210/0x210 [ 1167.448665] ? security_socket_sendmsg+0x83/0xb0 [ 1167.454113] ? nlmsg_notify+0x170/0x170 [ 1167.458156] sock_sendmsg+0xb5/0x100 [ 1167.461855] ___sys_sendmsg+0x6c8/0x800 [ 1167.465813] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1167.470561] ? __lock_acquire+0x5fc/0x3f20 [ 1167.474781] ? perf_trace_lock_acquire+0x510/0x510 [ 1167.479708] ? do_futex+0x12b/0x1930 [ 1167.483428] ? check_preemption_disabled+0x35/0x240 [ 1167.488429] ? __fget+0x1fe/0x360 [ 1167.491863] ? lock_acquire+0x170/0x3f0 [ 1167.495842] ? lock_downgrade+0x740/0x740 [ 1167.499989] ? __fget+0x225/0x360 [ 1167.503427] ? __fdget+0x196/0x1f0 [ 1167.506992] ? sockfd_lookup_light+0xb2/0x160 [ 1167.511469] __sys_sendmsg+0xa3/0x120 [ 1167.515512] ? SyS_shutdown+0x160/0x160 [ 1167.519475] ? SyS_clock_gettime+0xf5/0x180 [ 1167.523778] ? SyS_clock_settime+0x1a0/0x1a0 [ 1167.528169] SyS_sendmsg+0x27/0x40 [ 1167.531690] ? __sys_sendmsg+0x120/0x120 [ 1167.535733] do_syscall_64+0x1d5/0x640 [ 1167.539607] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1167.544786] RIP: 0033:0x45d249 [ 1167.547964] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1167.555653] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 04:28:10 executing program 0: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000000)={0x1, 0x4, 0x2, "46a602391b815aa3912af0d4a22e57722a5c7b4eaf2604db8d45d636689ce3a6", 0x37303250}) [ 1167.562920] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1167.570181] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1167.577435] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1167.585850] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1167.612215] warn_alloc_show_mem: 1 callbacks suppressed [ 1167.612220] Mem-Info: [ 1167.627412] active_anon:232948 inactive_anon:6091 isolated_anon:0 [ 1167.627412] active_file:7392 inactive_file:32775 isolated_file:0 [ 1167.627412] unevictable:0 dirty:264 writeback:0 unstable:0 [ 1167.627412] slab_reclaimable:18412 slab_unreclaimable:135838 [ 1167.627412] mapped:62486 shmem:6280 pagetables:5854 bounce:0 [ 1167.627412] free:1088604 free_pcp:136 free_cma:0 04:28:10 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$nl_netfilter(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x148, 0x5, 0x6, 0x101, 0x70bd27, 0x25dfdbfc, {0xc, 0x0, 0x3}, [@generic="1a571fd88d68b8b431a611c0368fd59ba8a90c81e1220e4dc82b669ca67d9379b579889f0c66e98eb49fec374dcfbf443e7f8ea1c60af6b11f0f0f7483dadf7eea301fa7678a116d0ca7159b1b70ab351adbb5d04d48a6598593626b431865670bb985a0753b03b2773c4977cb70e8b5", @generic="71f6d030806c64442ea082f1ed805d59d582bdd99ae0a5f148be1fc549b4da9534c4ef037bf3c030501db2435d017f8273cc9d8a120fae05e633c25ec9ac18216f3d08247cd612c7acb7544becf41661343577689f2c80cf5cddc90774d77454a184b5be331a272a2c2f84d5b5e84b31483642b8ac03457f66f599120f8f8f5bcba643ef7e5d2a5cfdff0d68e762401a3ea4fc95c844bf3d6e893678c6d0a6b00f6618d5e66fa95d2c71d3851d0682b2b9ccc9103600e44afd8d4341c55af0b8931d"]}, 0x148}, 0x1, 0x0, 0x0, 0x48000}, 0x4000) [ 1167.712137] Node 0 active_anon:931892kB inactive_anon:24364kB active_file:29424kB inactive_file:131100kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:249944kB dirty:1056kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 882688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1167.751285] IPVS: ftp: loaded support on port[0] = 21 [ 1167.751832] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1167.783023] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1167.809329] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1167.814542] Node 0 DMA32 free:552852kB min:36272kB low:45340kB high:54408kB active_anon:934008kB inactive_anon:24364kB active_file:29424kB inactive_file:131100kB unevictable:0kB writepending:1056kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14464kB pagetables:23564kB bounce:0kB free_pcp:608kB local_pcp:248kB free_cma:0kB [ 1167.845200] lowmem_reserve[]: 0 0 0 0 0 [ 1167.849217] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1167.874806] lowmem_reserve[]: 0 0 0 0 0 [ 1167.878854] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1167.906691] lowmem_reserve[]: 0 0 0 0 0 [ 1167.910727] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1167.924454] Node 0 DMA32: 779*4kB (UME) 434*8kB (UME) 180*16kB (UME) 169*32kB (UME) 126*64kB (UME) 36*128kB (UME) 10*256kB (UM) 13*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 123*4096kB (M) = 553884kB [ 1167.942566] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1167.953931] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1167.970818] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1167.980010] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1167.988953] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1167.998514] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1168.007955] 25404 total pagecache pages 04:28:10 executing program 2: sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:10 executing program 3: ioctl$SNDCTL_TMR_METRONOME(0xffffffffffffffff, 0x40045407) r0 = socket$l2tp(0x2, 0x2, 0x73) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000400)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000040)={@fixed={[], 0x11}, 0x8}) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) write$P9_RUNLINKAT(r6, &(0x7f0000000140)={0x7, 0x4d, 0x1}, 0x7) write$P9_RLERROR(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="050082f2d4aac2d7669f14a63024"], 0xe) ioctl$SNDCTL_SEQ_NRMIDIS(r3, 0x8004510b, &(0x7f00000000c0)) 04:28:10 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) [ 1168.012033] 0 pages in swap cache [ 1168.016577] Swap cache stats: add 0, delete 0, find 0/0 [ 1168.021948] Free swap = 0kB [ 1168.026122] Total swap = 0kB [ 1168.029153] 1965979 pages RAM [ 1168.032252] 0 pages HighMem/MovableOnly [ 1168.038586] 339072 pages reserved [ 1168.042050] 0 pages cma reserved [ 1168.046854] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) 04:28:10 executing program 2: sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) [ 1168.231568] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1168.241751] CPU: 1 PID: 6377 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1168.249588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1168.258938] Call Trace: [ 1168.261516] dump_stack+0x1b2/0x283 [ 1168.265132] warn_alloc.cold+0x96/0x1cc [ 1168.269084] ? check_preemption_disabled+0x35/0x240 [ 1168.274095] ? zone_watermark_ok_safe+0x220/0x220 [ 1168.279100] ? perf_trace_lock_acquire+0x510/0x510 [ 1168.284008] ? fs_reclaim_release+0xd0/0x110 [ 1168.288404] ? ip_set_alloc+0x47/0x60 [ 1168.292187] vzalloc+0x122/0x150 [ 1168.295544] ip_set_alloc+0x47/0x60 [ 1168.299176] hash_mac_create+0x36e/0x7c6 [ 1168.303231] ip_set_create+0x5f9/0xf30 [ 1168.307185] ? __find_set_type_get+0x360/0x360 [ 1168.311746] ? __mutex_lock+0x360/0x1310 [ 1168.315819] ? __find_set_type_get+0x360/0x360 [ 1168.320382] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1168.324611] netlink_rcv_skb+0x125/0x390 [ 1168.328673] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1168.333683] ? netlink_ack+0x9a0/0x9a0 [ 1168.337576] ? ns_capable_common+0x127/0x150 [ 1168.341972] nfnetlink_rcv+0x1ab/0x1da0 [ 1168.345929] ? __dev_queue_xmit+0xcd6/0x2480 [ 1168.350323] ? check_preemption_disabled+0x35/0x240 [ 1168.355336] ? perf_trace_lock+0xf7/0x490 [ 1168.359467] ? perf_trace_lock_acquire+0x510/0x510 [ 1168.364376] ? nfnetlink_bind+0x240/0x240 [ 1168.368505] ? netlink_deliver_tap+0x90/0x7d0 [ 1168.372986] ? lock_downgrade+0x740/0x740 [ 1168.377120] netlink_unicast+0x437/0x610 [ 1168.381186] ? netlink_sendskb+0xd0/0xd0 [ 1168.385256] netlink_sendmsg+0x62e/0xb80 [ 1168.389315] ? nlmsg_notify+0x170/0x170 [ 1168.393271] ? kernel_recvmsg+0x210/0x210 [ 1168.397418] ? security_socket_sendmsg+0x83/0xb0 [ 1168.402159] ? nlmsg_notify+0x170/0x170 [ 1168.406125] sock_sendmsg+0xb5/0x100 [ 1168.409832] ___sys_sendmsg+0x6c8/0x800 [ 1168.413810] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1168.418555] ? __lock_acquire+0x5fc/0x3f20 [ 1168.422781] ? perf_trace_lock_acquire+0x510/0x510 [ 1168.427705] ? do_futex+0x12b/0x1930 [ 1168.431419] ? check_preemption_disabled+0x35/0x240 [ 1168.436418] ? __fget+0x1fe/0x360 [ 1168.439876] ? lock_acquire+0x170/0x3f0 [ 1168.443845] ? lock_downgrade+0x740/0x740 [ 1168.447979] ? __fget+0x225/0x360 [ 1168.451424] ? __fdget+0x196/0x1f0 [ 1168.454947] ? sockfd_lookup_light+0xb2/0x160 [ 1168.459426] __sys_sendmsg+0xa3/0x120 [ 1168.463220] ? SyS_shutdown+0x160/0x160 [ 1168.467181] ? SyS_clock_gettime+0xf5/0x180 [ 1168.471495] ? SyS_clock_settime+0x1a0/0x1a0 [ 1168.475886] SyS_sendmsg+0x27/0x40 [ 1168.479406] ? __sys_sendmsg+0x120/0x120 [ 1168.483446] do_syscall_64+0x1d5/0x640 [ 1168.487322] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1168.492493] RIP: 0033:0x45d249 [ 1168.496272] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1168.503978] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1168.511245] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1168.518587] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1168.527404] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1168.534656] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1168.561140] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1168.576376] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1168.583267] CPU: 1 PID: 6318 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1168.591138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1168.600722] Call Trace: [ 1168.603299] dump_stack+0x1b2/0x283 [ 1168.606909] warn_alloc.cold+0x96/0x1cc [ 1168.610986] ? check_preemption_disabled+0x35/0x240 [ 1168.616005] ? zone_watermark_ok_safe+0x220/0x220 [ 1168.621115] ? perf_trace_lock_acquire+0x510/0x510 [ 1168.627330] ? fs_reclaim_release+0xd0/0x110 [ 1168.631752] ? ip_set_alloc+0x47/0x60 [ 1168.635561] vzalloc+0x122/0x150 [ 1168.638909] ip_set_alloc+0x47/0x60 [ 1168.642517] hash_mac_create+0x36e/0x7c6 [ 1168.646576] ip_set_create+0x5f9/0xf30 [ 1168.650457] ? __find_set_type_get+0x360/0x360 [ 1168.655020] ? __mutex_lock+0x360/0x1310 [ 1168.659093] ? __find_set_type_get+0x360/0x360 [ 1168.663678] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1168.668103] netlink_rcv_skb+0x125/0x390 [ 1168.672170] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1168.677272] ? netlink_ack+0x9a0/0x9a0 [ 1168.681401] ? ns_capable_common+0x127/0x150 [ 1168.685790] nfnetlink_rcv+0x1ab/0x1da0 [ 1168.689742] ? __dev_queue_xmit+0xcd6/0x2480 [ 1168.694499] ? check_preemption_disabled+0x35/0x240 [ 1168.699514] ? perf_trace_lock+0xf7/0x490 [ 1168.703672] ? perf_trace_lock_acquire+0x510/0x510 [ 1168.708588] ? nfnetlink_bind+0x240/0x240 [ 1168.712722] ? netlink_deliver_tap+0x90/0x7d0 [ 1168.717221] ? lock_downgrade+0x740/0x740 [ 1168.721353] netlink_unicast+0x437/0x610 [ 1168.725415] ? netlink_sendskb+0xd0/0xd0 [ 1168.729496] netlink_sendmsg+0x62e/0xb80 [ 1168.733543] ? nlmsg_notify+0x170/0x170 [ 1168.737501] ? kernel_recvmsg+0x210/0x210 [ 1168.741631] ? security_socket_sendmsg+0x83/0xb0 [ 1168.746370] ? nlmsg_notify+0x170/0x170 [ 1168.750334] sock_sendmsg+0xb5/0x100 [ 1168.754085] ___sys_sendmsg+0x6c8/0x800 [ 1168.758041] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1168.762995] ? __lock_acquire+0x5fc/0x3f20 [ 1168.767224] ? perf_trace_lock_acquire+0x510/0x510 [ 1168.772137] ? do_futex+0x12b/0x1930 [ 1168.775872] ? check_preemption_disabled+0x35/0x240 [ 1168.780873] ? __fget+0x1fe/0x360 [ 1168.784307] ? lock_acquire+0x170/0x3f0 [ 1168.788451] ? lock_downgrade+0x740/0x740 [ 1168.792578] ? __fget+0x225/0x360 [ 1168.796035] ? __fdget+0x196/0x1f0 [ 1168.799554] ? sockfd_lookup_light+0xb2/0x160 [ 1168.804029] __sys_sendmsg+0xa3/0x120 [ 1168.807814] ? SyS_shutdown+0x160/0x160 [ 1168.811779] ? SyS_clock_gettime+0xf5/0x180 [ 1168.816078] ? SyS_clock_settime+0x1a0/0x1a0 [ 1168.820465] SyS_sendmsg+0x27/0x40 [ 1168.823981] ? __sys_sendmsg+0x120/0x120 [ 1168.828036] do_syscall_64+0x1d5/0x640 [ 1168.831923] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1168.837091] RIP: 0033:0x45d249 [ 1168.840271] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1168.847956] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1168.855204] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1168.862453] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1168.869723] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1168.876974] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1168.885383] warn_alloc_show_mem: 1 callbacks suppressed [ 1168.885387] Mem-Info: [ 1168.894376] active_anon:232442 inactive_anon:6091 isolated_anon:0 [ 1168.894376] active_file:7393 inactive_file:32786 isolated_file:0 [ 1168.894376] unevictable:0 dirty:280 writeback:0 unstable:0 [ 1168.894376] slab_reclaimable:18416 slab_unreclaimable:135196 [ 1168.894376] mapped:62502 shmem:6280 pagetables:5827 bounce:0 [ 1168.894376] free:1089674 free_pcp:254 free_cma:0 [ 1168.928964] Node 0 active_anon:929768kB inactive_anon:24364kB active_file:29428kB inactive_file:131144kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250032kB dirty:1140kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 888832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1168.957849] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1168.983878] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1169.010737] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1169.016494] Node 0 DMA32 free:558856kB min:36272kB low:45340kB high:54408kB active_anon:929768kB inactive_anon:24364kB active_file:29428kB inactive_file:131144kB unevictable:0kB writepending:1144kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14112kB pagetables:23308kB bounce:0kB free_pcp:996kB local_pcp:324kB free_cma:0kB [ 1169.047460] lowmem_reserve[]: 0 0 0 0 0 [ 1169.052101] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1169.078073] lowmem_reserve[]: 0 0 0 0 0 [ 1169.082242] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1169.110149] lowmem_reserve[]: 0 0 0 0 0 [ 1169.114414] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1169.128286] Node 0 DMA32: 760*4kB (UME) 188*8kB (UME) 301*16kB (UME) 188*32kB (UME) 126*64kB (UME) 36*128kB (UME) 10*256kB (UM) 13*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 558480kB [ 1169.146422] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1169.157356] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1169.174318] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1169.183300] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1169.191895] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1169.201227] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1169.209954] 25417 total pagecache pages [ 1169.214024] 0 pages in swap cache [ 1169.217525] Swap cache stats: add 0, delete 0, find 0/0 [ 1169.223605] Free swap = 0kB [ 1169.226624] Total swap = 0kB [ 1169.229693] 1965979 pages RAM [ 1169.232864] 0 pages HighMem/MovableOnly [ 1169.237263] 339072 pages reserved [ 1169.240697] 0 pages cma reserved [ 1169.248220] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1169.277086] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1169.282372] CPU: 1 PID: 6377 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1169.290176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1169.299534] Call Trace: [ 1169.302163] dump_stack+0x1b2/0x283 [ 1169.305804] warn_alloc.cold+0x96/0x1cc [ 1169.309790] ? check_preemption_disabled+0x35/0x240 [ 1169.314811] ? zone_watermark_ok_safe+0x220/0x220 [ 1169.319664] ? perf_trace_lock_acquire+0x510/0x510 [ 1169.324605] ? fs_reclaim_release+0xd0/0x110 [ 1169.329105] ? ip_set_alloc+0x47/0x60 [ 1169.332906] vzalloc+0x122/0x150 [ 1169.336330] ip_set_alloc+0x47/0x60 [ 1169.340041] hash_mac_create+0x36e/0x7c6 [ 1169.344096] ip_set_create+0x5f9/0xf30 [ 1169.347967] ? __find_set_type_get+0x360/0x360 [ 1169.352549] ? __mutex_lock+0x360/0x1310 [ 1169.356625] ? __find_set_type_get+0x360/0x360 [ 1169.361267] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1169.365640] netlink_rcv_skb+0x125/0x390 [ 1169.369687] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1169.374684] ? netlink_ack+0x9a0/0x9a0 [ 1169.378554] ? ns_capable_common+0x127/0x150 [ 1169.382944] nfnetlink_rcv+0x1ab/0x1da0 [ 1169.386922] ? __dev_queue_xmit+0xcd6/0x2480 [ 1169.391311] ? check_preemption_disabled+0x35/0x240 [ 1169.396322] ? perf_trace_lock+0xf7/0x490 [ 1169.400451] ? perf_trace_lock_acquire+0x510/0x510 [ 1169.405363] ? nfnetlink_bind+0x240/0x240 [ 1169.409490] ? netlink_deliver_tap+0x90/0x7d0 [ 1169.413985] ? lock_downgrade+0x740/0x740 [ 1169.418249] netlink_unicast+0x437/0x610 [ 1169.422295] ? netlink_sendskb+0xd0/0xd0 [ 1169.426344] netlink_sendmsg+0x62e/0xb80 [ 1169.430401] ? nlmsg_notify+0x170/0x170 [ 1169.434369] ? kernel_recvmsg+0x210/0x210 [ 1169.438659] ? security_socket_sendmsg+0x83/0xb0 [ 1169.443408] ? nlmsg_notify+0x170/0x170 [ 1169.447367] sock_sendmsg+0xb5/0x100 [ 1169.451198] ___sys_sendmsg+0x6c8/0x800 [ 1169.455159] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1169.459923] ? __lock_acquire+0x5fc/0x3f20 [ 1169.464155] ? perf_trace_lock_acquire+0x510/0x510 [ 1169.469165] ? do_futex+0x12b/0x1930 [ 1169.473753] ? check_preemption_disabled+0x35/0x240 [ 1169.478774] ? __fget+0x1fe/0x360 [ 1169.482207] ? lock_acquire+0x170/0x3f0 [ 1169.486165] ? lock_downgrade+0x740/0x740 [ 1169.490316] ? __fget+0x225/0x360 [ 1169.493769] ? __fdget+0x196/0x1f0 [ 1169.497394] ? sockfd_lookup_light+0xb2/0x160 [ 1169.501869] __sys_sendmsg+0xa3/0x120 [ 1169.505657] ? SyS_shutdown+0x160/0x160 [ 1169.509614] ? SyS_clock_gettime+0xf5/0x180 [ 1169.513926] ? SyS_clock_settime+0x1a0/0x1a0 [ 1169.518392] SyS_sendmsg+0x27/0x40 [ 1169.521914] ? __sys_sendmsg+0x120/0x120 [ 1169.525967] do_syscall_64+0x1d5/0x640 [ 1169.529946] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1169.535117] RIP: 0033:0x45d249 [ 1169.538302] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1169.546001] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1169.553566] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1169.560841] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1169.568120] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1169.575386] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c 04:28:12 executing program 3: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000040)=0xc) setreuid(0x0, r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) setgroups(0x1, &(0x7f0000000780)=[r3]) chown(&(0x7f0000000000)='./file0\x00', r1, r3) getrusage(0xffffffffffffffff, &(0x7f0000000340)) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BLKRRPART(r5, 0x125f, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r7, 0x6, 0x1d, &(0x7f0000000200)={0xc44, 0x9, 0x1, 0x100, 0x9}, 0x14) bpf$ITER_CREATE(0x21, &(0x7f0000000300), 0x8) ioctl$SNDCTL_SEQ_NRMIDIS(0xffffffffffffffff, 0x8004510b, &(0x7f00000000c0)) 04:28:12 executing program 2: sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:12 executing program 1: openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x800, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r2, 0xc05c5340, &(0x7f0000000240)={0x0, 0x6, 0x5, {0xeeef, 0x878}, 0x800, 0x1}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r3, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="6800000024000b0f000000000000000000800000", @ANYRES32=r4, @ANYBLOB="00000000ffffffe555b066e587980b3377410bd2cfb0ff000000000a0001006e6574652d000000380002000000000000000000000000000000000000000000000000001c000580180008000000000000"], 0x68}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000140)={'syztnl1\x00', r4, 0x7800, 0x8000, 0x2, 0x6, {{0x26, 0x4, 0x1, 0x2a, 0x98, 0x66, 0x0, 0x2, 0x29, 0x0, @broadcast, @multicast1, {[@noop, @lsrr={0x83, 0x1f, 0xaf, [@dev={0xac, 0x14, 0x14, 0x31}, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @local, @remote]}, @timestamp_prespec={0x44, 0x3c, 0x2d, 0x3, 0x9, [{@private=0xa010100, 0x10000}, {@private=0xa010102, 0x2}, {@remote, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8}, {@rand_addr=0x64010100, 0xffff}, {@multicast1, 0x10001}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xd1d}]}, @lsrr={0x83, 0x27, 0x94, [@dev={0xac, 0x14, 0x14, 0xa}, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @remote, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @rand_addr=0x64010103]}, @end]}}}}}) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x6, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:12 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:28:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x9}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:12 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1000000, 0x7, 0x40}, 0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001380)={&(0x7f0000001400)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="08e80b650028bd7000fcdbdf25310000000800db00", @ANYRES32=r0, @ANYBLOB="0c00990007000000020000000c00990003000000ffffffff0c0099008aaf0000040000000c009900f7ffffff0300000008005200", @ANYRES32=0x0, @ANYBLOB='\b\x00R\x00', @ANYRES32=r1, @ANYBLOB="0800010002000000080001000300000008005200", @ANYRES32=0x0, @ANYBLOB], 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x1) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="f4000000", @ANYRES16=0x0, @ANYBLOB="02002d000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000800000000000000000000014000100fe80000000000000000000000000002f080005000600000008000500000200001c0003800800010002000000060007004e220000060007004e2000003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) r6 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x0, 0x0) getsockopt$packet_buf(r6, 0x107, 0x16, &(0x7f0000000380)=""/4096, &(0x7f0000000100)=0x1000) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:12 executing program 2: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:12 executing program 3: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2e2000, 0x0) 04:28:12 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:12 executing program 2: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) [ 1170.339461] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.1'. 04:28:12 executing program 3: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x8]}, 0x8, 0x80000) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f0000000180)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_QUERYMENU(r2, 0xc02c5625, &(0x7f0000000000)={0xfffffffa, 0x8000, @name="74dfff4ae37c4fdcf4d7cd51c925f5838873206d4cef041470940008a49fb007"}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SNDCTL_SEQ_NRMIDIS(r4, 0x8004510b, &(0x7f00000000c0)) [ 1170.439755] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.1'. 04:28:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = open(&(0x7f0000000080)='./file0\x00', 0x654802, 0x6b) getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f0000000140)={'icmp6\x00'}, &(0x7f0000000180)=0x1e) r2 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x6, 0x2a100) ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000200)={0x74, 0x0, [0x1, 0xdf26, 0xff, 0x8a]}) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a3100fc266c1b5f06a8428052d7bb53bbe2785fff00050001000600c7aa051240479e61390d000300680273683a6d61630000000000000000000000000000000000d2f79c249b4fa0c6ccb2cdeb1f8ca5bf02f86511e543038c732a988a3c7221569c267619f753c59581860cbbc0f5c2454e09fedcfd90e3a5e6607fa6a9c2961f7d888bc579b3fee94105de3ccff446aed87274b2617e5fa7d807f60ee184b2b4e21f687c949ef57a4f95e4fa4d949630eba3c0a3250494a8649a3534469dc2deb084e887760c71b5a1dd6c2f128e93"], 0x54}}, 0x0) 04:28:12 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:12 executing program 2: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:12 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$cgroup_ro(r2, &(0x7f0000000000)='devices.list\x00', 0x0, 0x0) ioctl$TCGETS(r3, 0x5401, &(0x7f0000000040)) 04:28:13 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}]}, 0x58}}, 0x0) 04:28:13 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1170.618248] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1170.862129] IPVS: ftp: loaded support on port[0] = 21 04:28:15 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="f4000000", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000084005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c0003800800010002000400060007004e220000060007004e2000003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:15 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 04:28:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="f40000003f000000000000000000000000000000055fa7015000020073797a310000004c70000100064a000005000500000000000bffed8008001240479e61390d00f5030068617302006d61630000000048a6658087c1307c6a62fd5a222a203e2dac2c24b401a9f57ce016e021b629b01ca41f213f34bcb6d033468d2aac10565ef0a54a8275f6a379f524f011a6282bc8a2090f75d21178b6109868f05bb951d5074ab907af48ca66903be1b62607fac23997a253e4a4a70598859a488994d46b1b7b96e243b12447d256e7912b95b096b7b17e5a3c8e21ccf5247421adf0a486392bedcd7201ed0279e5a04a15e2b1ba1c9678eee7090ae573ef3b42544bb051e8afeeed5e84e18ffa4c93974676a1d74fb2bf5fa07070a487a21667059370e75ae3acc3df6e8b1c09001405e3938d8d6d7df10dc9fbb7e0a5fbd52d96af4378997170348ea736590eb712b1988f0ea99346b7a51e19d66655f31c45554a83388dd6cbb17a8ce7e43f2a37a0be0c346563e2771722e5d6f32db0eefaa3995acd7bfb9751afc8af76e3af8b18df053c24157e7c2fe378badc3632f449"], 0x54}}, 0x0) 04:28:15 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) getsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000000), &(0x7f0000000040)=0x4) arch_prctl$ARCH_SET_CPUID(0x1012, 0x1) 04:28:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$kcm(0xa, 0x2, 0x11) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10) r5 = dup3(r4, r3, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x17) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x70, &(0x7f0000000080)=@sack_info={r6}, &(0x7f0000002000)=0xc) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000440)=ANY=[@ANYRES32=r6, @ANYBLOB="0400ff500ef40900050001ff07000300"], &(0x7f0000000480)=0x14) syz_genetlink_get_family_id$smc(&(0x7f00000003c0)='SMC_PNETID\x00') r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000032280)={0x14, r7, 0xc573de0d27bdfe6f, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYRESDEC, @ANYRES16=r7, @ANYBLOB="00022abd7000ffdbdf2503000000080002800400040044000980080001007900000008000200010000000800020007000000080001000600000008000100ffffff7f080002000500000008000200000100000800020001000000340003800800020006000000080001000600000008000100010000000800020001000000080002000400000008000200ff0000004400028014000380080001000000000008000100050000000800020002000000080002000900000004000400140003800800010004c400000800020001000000040004007800018038000400200001000a004e200000000100000000000000000000ffff64010100200000001400020002004e22ac1414aa0000000000000000100001006574683a6970766c616e310008000300000000800c00028008000100000000001600010069623a6272696467655f736c6176655f31000000240002801c000380080002000000e01f08000200050000000800010001010000040004007000018008000300ff030000380004001400010002004e20e00000010000000000000000200002000a0003ff00000800fc010000000000000000000000000001080000002c0004001400010002004e23ac1414bb00000000000000001400020002004e21ffffffff0000000000000000"], 0x1e4}, 0x1, 0x0, 0x0, 0x4004004}, 0x4000000) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:15 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000140)={{{@in=@local, @in=@private}}, {{@in6=@remote}, 0x0, @in=@multicast2}}, &(0x7f0000000080)=0xe8) 04:28:15 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 04:28:15 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 04:28:15 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r2, 0x29, 0x37, &(0x7f0000000100)={0x4, 0x4e, [], [@generic={0x1, 0xe2, "ba876d240b1d0cee3cd19c000ead6b60fb2d8edc1b52a334781d6f6baa443c724fb07807affc1ef35147c36fbf2a1ff718b17cebe6334de84162ad1a8e05a90a2d44b172435ea350774b278e095a9aa17a518c7d593ef0fd2d147d4b1068bbd4c0b24fb454b62f3631339eecd901b10e5a9583e120870c5214d40d1dcd7eb1ec6788f5fea6491fa3f3e28b0c3da045770603f81aaeacaf7e79b8f04fcf53ab49f53be4ae5bafc9fcea339c8b0aaf98f39e1987e046a2c15aa1227014d879c3953a74c6ae12dbd92ac2040023f9f845be71f1f03a27b7e6c27322f98c3fc5f651b2d8"}, @generic={0x4, 0xbc, "f78db739f93651df26a9d516efb0773dd725aa2a21c17175b517830ba6619f4b8e58b3af168e6d91c521be716451a068f3302a48882482c99c1b562ccf068de93174f0160ecc32faff369ed60fdf3aa687518e88b3a466ef56b0fb1798c8aa893f65ecded7278921d080c2b2013eb1413692840e495fb8f005e6a4eabba7b5c98b9e0fa0206b278b33381dae8dc2a65ea018ae3f285c43107de45d7a464d2104f1110023956e26dfeed5577fa20448349c6d943e312d1f7598198cfd"}, @pad1, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x8, 0xbd, "995daed03940f29d8a98a562edb4903333bd99e375e0cec9231ec9a04828ffbacf2e4ad9d2d0aad71cd88c6061738719c060441ebe0638c4c8eb9b329f6c7add2ba98d19ce4423fabbf0edf28d78be7bb33566f7269364632b122ef28feaaf269c82fec887b01747f44f732d0784351340b9a740133b99bd5ded2c7f2daf319e49b1e7de0e6efb6396e68c6bcb3d4ca3c1a8d6a28b328a53630257cc5c5edd65aadebc8792ebe997a323e187cd0328bae1108ef48ce0bfef7b83dd36a1"}, @padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, 0x280) 04:28:15 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) [ 1173.362626] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1173.401791] syz-executor.4 cpuset=/ mems_allowed=0-1 04:28:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x80) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1000000, 0x7, 0x40}, 0x0) ptrace$getenv(0x4201, r1, 0x1, &(0x7f00000001c0)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r4, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e20}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="04002cbd7000fedbdf250100100014000700ff01000000000000000000000000000000000000aa"], 0x3c}, 0x1, 0x0, 0x0, 0x810}, 0x0) 04:28:15 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) [ 1173.430766] CPU: 0 PID: 6512 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1173.438803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1173.448164] Call Trace: [ 1173.450771] dump_stack+0x1b2/0x283 [ 1173.454415] warn_alloc.cold+0x96/0x1cc [ 1173.458402] ? check_preemption_disabled+0x35/0x240 [ 1173.463432] ? zone_watermark_ok_safe+0x220/0x220 [ 1173.468296] ? perf_trace_lock_acquire+0x510/0x510 [ 1173.473241] ? fs_reclaim_release+0xd0/0x110 [ 1173.477673] ? ip_set_alloc+0x47/0x60 [ 1173.481483] vzalloc+0x122/0x150 [ 1173.484864] ip_set_alloc+0x47/0x60 [ 1173.488508] hash_mac_create+0x36e/0x7c6 [ 1173.492591] ip_set_create+0x5f9/0xf30 [ 1173.496494] ? __find_set_type_get+0x360/0x360 [ 1173.501174] ? __mutex_lock+0x360/0x1310 [ 1173.505270] ? lock_downgrade+0x740/0x740 [ 1173.509439] ? __find_set_type_get+0x360/0x360 [ 1173.514162] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1173.518437] netlink_rcv_skb+0x125/0x390 [ 1173.522513] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1173.527710] ? netlink_ack+0x9a0/0x9a0 [ 1173.531699] ? ns_capable_common+0x127/0x150 [ 1173.536127] nfnetlink_rcv+0x1ab/0x1da0 [ 1173.540110] ? __dev_queue_xmit+0xcd6/0x2480 [ 1173.544539] ? check_preemption_disabled+0x35/0x240 [ 1173.549585] ? perf_trace_lock+0xf7/0x490 [ 1173.554451] ? perf_trace_lock_acquire+0x510/0x510 [ 1173.559399] ? nfnetlink_bind+0x240/0x240 [ 1173.564269] ? netlink_deliver_tap+0x90/0x7d0 [ 1173.568787] ? lock_downgrade+0x740/0x740 [ 1173.572958] netlink_unicast+0x437/0x610 [ 1173.577034] ? netlink_sendskb+0xd0/0xd0 [ 1173.581116] netlink_sendmsg+0x62e/0xb80 [ 1173.585229] ? nlmsg_notify+0x170/0x170 [ 1173.589213] ? kernel_recvmsg+0x210/0x210 [ 1173.593376] ? security_socket_sendmsg+0x83/0xb0 [ 1173.598148] ? nlmsg_notify+0x170/0x170 [ 1173.602134] sock_sendmsg+0xb5/0x100 [ 1173.605961] ___sys_sendmsg+0x6c8/0x800 [ 1173.610126] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1173.615088] ? __lock_acquire+0x5fc/0x3f20 [ 1173.619330] ? perf_trace_lock_acquire+0x510/0x510 [ 1173.624321] ? do_futex+0x12b/0x1930 [ 1173.628035] ? check_preemption_disabled+0x35/0x240 [ 1173.633142] ? __fget+0x1fe/0x360 [ 1173.636602] ? lock_acquire+0x170/0x3f0 [ 1173.640564] ? lock_downgrade+0x740/0x740 [ 1173.644701] ? __fget+0x225/0x360 [ 1173.648174] ? __fdget+0x196/0x1f0 [ 1173.651718] ? sockfd_lookup_light+0xb2/0x160 [ 1173.656304] __sys_sendmsg+0xa3/0x120 [ 1173.660106] ? SyS_shutdown+0x160/0x160 [ 1173.664106] ? SyS_clock_gettime+0xf5/0x180 [ 1173.668532] ? SyS_clock_settime+0x1a0/0x1a0 [ 1173.673022] SyS_sendmsg+0x27/0x40 [ 1173.676551] ? __sys_sendmsg+0x120/0x120 [ 1173.680608] do_syscall_64+0x1d5/0x640 [ 1173.684511] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1173.689699] RIP: 0033:0x45d249 [ 1173.692879] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1173.700580] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1173.707838] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1173.715110] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1173.722410] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1173.729669] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1173.737498] warn_alloc_show_mem: 1 callbacks suppressed [ 1173.737502] Mem-Info: [ 1173.745359] active_anon:233004 inactive_anon:6091 isolated_anon:0 [ 1173.745359] active_file:7393 inactive_file:32800 isolated_file:0 [ 1173.745359] unevictable:0 dirty:298 writeback:0 unstable:0 [ 1173.745359] slab_reclaimable:18436 slab_unreclaimable:134184 [ 1173.745359] mapped:62518 shmem:6280 pagetables:5862 bounce:0 [ 1173.745359] free:1089861 free_pcp:301 free_cma:0 [ 1173.780110] Node 0 active_anon:932016kB inactive_anon:24364kB active_file:29428kB inactive_file:131200kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250072kB dirty:1192kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 880640kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1173.808917] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1173.835643] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1173.880316] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1173.887913] Node 0 DMA32 free:564992kB min:36272kB low:45340kB high:54408kB active_anon:927648kB inactive_anon:24364kB active_file:29428kB inactive_file:131200kB unevictable:0kB writepending:1192kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14368kB pagetables:23300kB bounce:0kB free_pcp:1268kB local_pcp:644kB free_cma:0kB [ 1173.928011] lowmem_reserve[]: 0 0 0 0 0 [ 1173.935167] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1173.963082] lowmem_reserve[]: 0 0 0 0 0 [ 1173.967214] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1173.996896] lowmem_reserve[]: 0 0 0 0 0 [ 1174.000931] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1174.015865] Node 0 DMA32: 808*4kB (UME) 285*8kB (UME) 389*16kB (UME) 251*32kB (UME) 126*64kB (UME) 36*128kB (UME) 12*256kB (UM) 13*512kB (UME) 7*1024kB (UME) 4*2048kB (UME) 124*4096kB (M) = 565432kB [ 1174.035354] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1174.047946] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1174.065192] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1174.074509] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1174.083185] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1174.092018] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1174.100678] 25428 total pagecache pages [ 1174.104799] 0 pages in swap cache [ 1174.108295] Swap cache stats: add 0, delete 0, find 0/0 [ 1174.113734] Free swap = 0kB [ 1174.116756] Total swap = 0kB [ 1174.119776] 1965979 pages RAM [ 1174.122957] 0 pages HighMem/MovableOnly [ 1174.126923] 339072 pages reserved [ 1174.130371] 0 pages cma reserved [ 1174.134227] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1174.148012] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1174.153832] CPU: 0 PID: 6535 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1174.161645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1174.171009] Call Trace: [ 1174.173606] dump_stack+0x1b2/0x283 [ 1174.177255] warn_alloc.cold+0x96/0x1cc [ 1174.181246] ? check_preemption_disabled+0x35/0x240 [ 1174.186367] ? zone_watermark_ok_safe+0x220/0x220 [ 1174.191224] ? perf_trace_lock_acquire+0x510/0x510 [ 1174.196167] ? fs_reclaim_release+0xd0/0x110 [ 1174.200590] ? ip_set_alloc+0x47/0x60 [ 1174.204416] vzalloc+0x122/0x150 [ 1174.207794] ip_set_alloc+0x47/0x60 [ 1174.211430] hash_mac_create+0x36e/0x7c6 [ 1174.215498] ip_set_create+0x5f9/0xf30 [ 1174.219400] ? __find_set_type_get+0x360/0x360 [ 1174.223984] ? __mutex_lock+0x360/0x1310 [ 1174.228073] ? __find_set_type_get+0x360/0x360 [ 1174.232704] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1174.237034] netlink_rcv_skb+0x125/0x390 [ 1174.241106] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1174.246120] ? netlink_ack+0x9a0/0x9a0 [ 1174.250013] ? ns_capable_common+0x127/0x150 [ 1174.254425] nfnetlink_rcv+0x1ab/0x1da0 [ 1174.258413] ? __dev_queue_xmit+0xcd6/0x2480 [ 1174.262819] ? check_preemption_disabled+0x35/0x240 [ 1174.267831] ? perf_trace_lock+0xf7/0x490 [ 1174.271984] ? perf_trace_lock_acquire+0x510/0x510 [ 1174.277029] ? nfnetlink_bind+0x240/0x240 [ 1174.281159] ? netlink_deliver_tap+0x90/0x7d0 [ 1174.285651] ? lock_downgrade+0x740/0x740 [ 1174.289791] netlink_unicast+0x437/0x610 [ 1174.293836] ? netlink_sendskb+0xd0/0xd0 [ 1174.298007] netlink_sendmsg+0x62e/0xb80 [ 1174.302061] ? nlmsg_notify+0x170/0x170 [ 1174.306026] ? kernel_recvmsg+0x210/0x210 [ 1174.310162] ? security_socket_sendmsg+0x83/0xb0 [ 1174.314909] ? nlmsg_notify+0x170/0x170 [ 1174.318882] sock_sendmsg+0xb5/0x100 [ 1174.322592] ___sys_sendmsg+0x6c8/0x800 [ 1174.326572] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1174.331325] ? __lock_acquire+0x5fc/0x3f20 [ 1174.335574] ? perf_trace_lock_acquire+0x510/0x510 [ 1174.340497] ? do_futex+0x12b/0x1930 [ 1174.344202] ? check_preemption_disabled+0x35/0x240 [ 1174.349250] ? __fget+0x1fe/0x360 [ 1174.352700] ? lock_acquire+0x170/0x3f0 [ 1174.356665] ? lock_downgrade+0x740/0x740 [ 1174.360799] ? __fget+0x225/0x360 [ 1174.364254] ? __fdget+0x196/0x1f0 [ 1174.367813] ? sockfd_lookup_light+0xb2/0x160 [ 1174.372387] __sys_sendmsg+0xa3/0x120 [ 1174.376176] ? SyS_shutdown+0x160/0x160 [ 1174.380138] ? SyS_clock_gettime+0xf5/0x180 [ 1174.384453] ? SyS_clock_settime+0x1a0/0x1a0 [ 1174.388853] SyS_sendmsg+0x27/0x40 [ 1174.392391] ? __sys_sendmsg+0x120/0x120 [ 1174.396441] do_syscall_64+0x1d5/0x640 [ 1174.400318] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1174.405496] RIP: 0033:0x45d249 [ 1174.408693] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1174.416427] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1174.423692] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1174.430956] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1174.438213] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1174.445488] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1174.463414] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1174.480789] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1174.486018] CPU: 0 PID: 6540 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1174.493935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1174.503292] Call Trace: [ 1174.505882] dump_stack+0x1b2/0x283 [ 1174.509498] warn_alloc.cold+0x96/0x1cc [ 1174.513464] ? check_preemption_disabled+0x35/0x240 [ 1174.518527] ? zone_watermark_ok_safe+0x220/0x220 [ 1174.523368] ? perf_trace_lock_acquire+0x510/0x510 [ 1174.528311] ? fs_reclaim_release+0xd0/0x110 [ 1174.532720] ? ip_set_alloc+0x47/0x60 [ 1174.536521] vzalloc+0x122/0x150 [ 1174.539887] ip_set_alloc+0x47/0x60 [ 1174.543506] hash_mac_create+0x36e/0x7c6 [ 1174.547558] ip_set_create+0x5f9/0xf30 [ 1174.551431] ? __find_set_type_get+0x360/0x360 [ 1174.555994] ? __mutex_lock+0x360/0x1310 [ 1174.560118] ? __find_set_type_get+0x360/0x360 [ 1174.564752] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1174.569019] netlink_rcv_skb+0x125/0x390 [ 1174.573074] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1174.578097] ? netlink_ack+0x9a0/0x9a0 [ 1174.581993] ? ns_capable_common+0x127/0x150 [ 1174.586466] nfnetlink_rcv+0x1ab/0x1da0 [ 1174.590432] ? __dev_queue_xmit+0xcd6/0x2480 [ 1174.594842] ? check_preemption_disabled+0x35/0x240 [ 1174.599903] ? perf_trace_lock+0xf7/0x490 [ 1174.604053] ? perf_trace_lock_acquire+0x510/0x510 [ 1174.609114] ? nfnetlink_bind+0x240/0x240 [ 1174.613268] ? netlink_deliver_tap+0x90/0x7d0 [ 1174.617780] ? lock_downgrade+0x740/0x740 [ 1174.621932] netlink_unicast+0x437/0x610 [ 1174.625977] ? netlink_sendskb+0xd0/0xd0 [ 1174.630021] netlink_sendmsg+0x62e/0xb80 [ 1174.634076] ? nlmsg_notify+0x170/0x170 [ 1174.638064] ? kernel_recvmsg+0x210/0x210 [ 1174.642239] ? security_socket_sendmsg+0x83/0xb0 [ 1174.647019] ? nlmsg_notify+0x170/0x170 [ 1174.650976] sock_sendmsg+0xb5/0x100 [ 1174.654695] ___sys_sendmsg+0x6c8/0x800 [ 1174.658668] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1174.663413] ? __lock_acquire+0x5fc/0x3f20 [ 1174.667648] ? perf_trace_lock_acquire+0x510/0x510 [ 1174.672568] ? do_futex+0x12b/0x1930 [ 1174.676291] ? check_preemption_disabled+0x35/0x240 [ 1174.681292] ? __fget+0x1fe/0x360 [ 1174.684812] ? lock_acquire+0x170/0x3f0 [ 1174.688917] ? lock_downgrade+0x740/0x740 [ 1174.693079] ? __fget+0x225/0x360 [ 1174.696538] ? __fdget+0x196/0x1f0 [ 1174.700061] ? sockfd_lookup_light+0xb2/0x160 [ 1174.704539] __sys_sendmsg+0xa3/0x120 [ 1174.708853] ? SyS_shutdown+0x160/0x160 [ 1174.712846] ? SyS_clock_gettime+0xf5/0x180 [ 1174.717170] ? SyS_clock_settime+0x1a0/0x1a0 [ 1174.721581] SyS_sendmsg+0x27/0x40 [ 1174.725109] ? __sys_sendmsg+0x120/0x120 [ 1174.729171] do_syscall_64+0x1d5/0x640 [ 1174.733070] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1174.738267] RIP: 0033:0x45d249 [ 1174.741435] RSP: 002b:00007f1c6354cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1174.749141] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1174.756393] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1174.763649] RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 [ 1174.770901] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 1174.778152] R13: 00007ffd3fb1901f R14: 00007f1c6354d9c0 R15: 000000000118cfec [ 1174.793503] warn_alloc_show_mem: 1 callbacks suppressed [ 1174.793507] Mem-Info: [ 1174.805662] active_anon:231367 inactive_anon:6091 isolated_anon:0 [ 1174.805662] active_file:7393 inactive_file:32807 isolated_file:0 [ 1174.805662] unevictable:0 dirty:329 writeback:0 unstable:0 [ 1174.805662] slab_reclaimable:18457 slab_unreclaimable:134207 [ 1174.805662] mapped:62525 shmem:6280 pagetables:5771 bounce:0 [ 1174.805662] free:1091790 free_pcp:325 free_cma:0 [ 1174.840120] Node 0 active_anon:925468kB inactive_anon:24364kB active_file:29428kB inactive_file:131228kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250160kB dirty:1320kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 884736kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1174.870096] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1174.898724] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1174.925169] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1174.930219] Node 0 DMA32 free:568256kB min:36272kB low:45340kB high:54408kB active_anon:925468kB inactive_anon:24364kB active_file:29428kB inactive_file:131228kB unevictable:0kB writepending:1324kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14016kB pagetables:23084kB bounce:0kB free_pcp:1312kB local_pcp:708kB free_cma:0kB [ 1174.960615] lowmem_reserve[]: 0 0 0 0 0 [ 1174.964692] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1174.990443] lowmem_reserve[]: 0 0 0 0 0 [ 1174.994976] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1175.024226] lowmem_reserve[]: 0 0 0 0 0 [ 1175.028230] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1175.041889] Node 0 DMA32: 866*4kB (UME) 252*8kB (UME) 339*16kB (UME) 292*32kB (UME) 126*64kB (UME) 36*128kB (UME) 12*256kB (UM) 13*512kB (UME) 7*1024kB (UME) 5*2048kB (UME) 124*4096kB (M) = 567960kB [ 1175.060077] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1175.070898] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1175.087863] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1175.096820] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1175.105490] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1175.114421] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1175.123062] 25442 total pagecache pages [ 1175.127030] 0 pages in swap cache [ 1175.130460] Swap cache stats: add 0, delete 0, find 0/0 [ 1175.135889] Free swap = 0kB [ 1175.138895] Total swap = 0kB [ 1175.141892] 1965979 pages RAM [ 1175.145057] 0 pages HighMem/MovableOnly [ 1175.149022] 339072 pages reserved [ 1175.152549] 0 pages cma reserved 04:28:18 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = getpid() write$vhost_msg(0xffffffffffffffff, &(0x7f0000000380)={0x1, {&(0x7f0000000140)=""/158, 0x9e, &(0x7f0000000280)=""/202, 0x2, 0x1}}, 0x48) sched_setattr(r4, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1000000, 0x7, 0x40}, 0x0) migrate_pages(r4, 0x9, &(0x7f00000000c0)=0xe4c2, &(0x7f0000000100)=0x6f8) r5 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r6, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB="079c56d9", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c000280080005000900000008000500870000000400018008000400050000003c00028014000100ffffffff000000000000000000000000080003000200000014000100fe80000000000000000000000000002f08000500060000006c00038005000800ff00000008000100000000001400020073797a6b616c6c6572300000000000001400020076657468305f766972745f77696669001400060000000000000000000000ffffe000000114000600fc02000000000000000000000000000105000800ea000000240003800800010002000000060007004e220000060007004e200000060007004e2400003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080004007f00000005000d0001000000080009001f00000008000600fbffffff"], 0x14c}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r5, 0x89e2) 04:28:18 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 04:28:18 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$sequencer(r2, &(0x7f0000000000)=[@e={0xff, 0x0, 0x6, 0x0, @generic=0xfc, 0x6, 0x72, 0x40}, @raw={0xc, 0x2, "ecfcbfbdc9fb"}, @x={0x94, 0xd, "326631b6fa41"}, @raw={0xc, 0x6, "763d8930818d"}, @generic, @l={0x92, 0xc, 0xe0, 0xf, 0x3f, 0x20, 0x7fff}], 0x29) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) 04:28:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="54000000020601010000000000000000000000000500045077ad1f188d9acb0073797a3100000000050001000600000005000500000000000c00078008001240479e61390d000300686173683a6d616300000000d35ee5bf0edb0ad06b408b8e46900b44c671151b6107d9bb6525d61845e6ee66ca690a077524556d9b6cdd730d9decfe0ae1a55a2b92870f6baafb840acbc0c172391fb8074e47f06da56fb591319bd46e51ee0402ddad1ef3186d2760e65959346f4b7f4d90dd61b0c857252703d39df2f44db47ec92374de90fdfdd80ca6f38582530bbcbbb829d05b75af3ec7b4e6c235fe9dda"], 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') syz_mount_image$afs(&(0x7f00000002c0)='afs\x00', &(0x7f0000000300)='./file0\x00', 0x4e28, 0x9, &(0x7f0000000900)=[{&(0x7f0000000340)="207503", 0x3, 0x101}, {&(0x7f0000000380)="0640f98fe6472c7ebbf0478c7d25d4b21ec91f90e99c799d5af1901866053e01dda6127a6c556951ec9bfe234f5bdaa7bdab19b020e5fb2ab8bb7289b280e232e75bf7c21012a7a90f04fcd1a4ddcf3ac03be7b09a35eafd635179d7ddd69e577027b4a1e067f5effce422a5a5d1f0cc4b01083d3221cadf55f64b58996421b74844b9ce33b33666dd0a09cedec33ddc", 0x90, 0x5}, {&(0x7f0000000440)="e62a7ec5a994d5e77e98376ceb26a6238504635f2fcd74ac4346cf7157fb1b5877032f3b51644219271bad6f3140461ae1ad46e9fc3ff1e0133ec8cef63fad6d7c38", 0x42, 0x2}, {&(0x7f00000004c0)="431d82a6235d7dd373dfa2c4370f95c574ac4740e3b40246130867188985a423b6e30cbe8e68da192221ec34ff152a986703b24dd05b228484564d6ada6637a08327a2b3e77e4191e196e4b84956cb537dd44e6f1d419963435af0c0f83830a431951b3599f21aaa460cd71c1f4881deefc98fea967f67aa7ee17798d645a6fe15c1696fe6112ccbb02baaf9ca2179197725425b6ff0256940211aaaa92923241276cc9f53b433a2899cba239a7f3459697ecc0db3a498d642888f3f60f3a3f9fa74e4053964caf7", 0xc8, 0x6}, {&(0x7f00000005c0)="2a90b649e6996b7ea5eee12b61be170cc84e106384f0a89b2dca4659eaa4dfed902ff90beb12564d7a8981571f90d888cf45205a82271e38caca4af4d53d628015d6ee6cbe8f9be2997b3803568008a508845767aef5826f9062b75675942e1bc29ba1a8c2ad2a167999623ca22adcd0971355214d6ee920ddc4e0480b6919b8649c9b373fe6390694f01018abfcbca7c1b42bdfcb90cad0731e57a6af5330a3734c3a993baa9db7956e86", 0xab, 0x101}, {&(0x7f0000000680)="7632c2fd229bc66df4beabf8c4c83452530c5faf87bc414310ff092357c08aa0aeb0d94212043f456a0683d1e0cf2b26ed844fdeec5efc266da47cb21bb56140dd205a4ea7da3f5a341d302d6435e2257f3b23612d48b2e171", 0x59, 0x7fffffff}, {&(0x7f0000000700)="8e5a7a8a1186d132afe458ca574d95a5ba87f024159ef34fc59635d4e9c73e9f48bd2b84935036e2cdb5aedb6b38dd2d6a0462498ff488aa25e0194c43da9265b321e7fdda67d1cb2c4becd7f6", 0x4d, 0x1}, {&(0x7f0000000780)="9e08bab7ad5636700bd3e809c80bc3bf835e7b940af00e5fe14c60fbdb66583c1d70e184e1e2fc821f415b9c640c7a7493d450bb92811b6efc6cc37f9310e47c86702f35f8535a5758f928a384b6dab65abbef7ea1f4408cd13629d155478178e830485bf54b7bec6ae839d14ef1911ea0fa8d67ca5ca12b0ef9bdf04a3c866cf5ff3da236270276eb60c0df9ef925f9361845b5265ba1e5444bd65c8805cd8952d83179c32e42269e520b9168ef1258f2acac9305c7bf41949fc61a73f89a", 0xbf, 0x5a}, {&(0x7f0000000840)="f6a14ad95d118dde383873831f00b4a1f77ae3371e00b313d3b02986c7af23c0717242f7613d6cdd440379564f70cf952973fee3580fc8283b26e9d8f59afc3b7a9e0b667bc3b91989ac9aa53d862f7bf6e53f5643954517a2ee541cda362fba64747e33a530a331f2ae4305f7b8ebeeded1f77ffd87b377ea5458619a0672d5ab6145ef23739bd2fb045e50bbeffcff1ba753bafe503c", 0x97, 0x10001}], 0x2000, &(0x7f0000000a00)={[{@dyn='dyn'}], [{@defcontext={'defcontext', 0x3d, 'system_u'}}, {@appraise='appraise'}]}) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r4, 0x23f, 0x0, 0x0, {{}, {0x0, 0xb, 0xf0}, {0x3, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0xfffffff0}, 0x0) sendmsg$TIPC_CMD_GET_NODES(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x400, 0x70bd26, 0x25dfdbfd, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x80840) 04:28:18 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x58}}, 0x0) 04:28:18 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 04:28:18 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000)='mptcp_pm\x00') 04:28:18 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) [ 1176.368517] IPVS: ftp: loaded support on port[0] = 21 [ 1176.390736] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1176.435223] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1176.476877] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1176.494180] CPU: 0 PID: 6569 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1176.502022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1176.511381] Call Trace: [ 1176.513989] dump_stack+0x1b2/0x283 [ 1176.517766] warn_alloc.cold+0x96/0x1cc [ 1176.521754] ? check_preemption_disabled+0x35/0x240 [ 1176.526789] ? zone_watermark_ok_safe+0x220/0x220 [ 1176.531647] ? perf_trace_lock_acquire+0x510/0x510 [ 1176.536587] ? fs_reclaim_release+0xd0/0x110 [ 1176.541010] ? ip_set_alloc+0x47/0x60 [ 1176.544815] vzalloc+0x122/0x150 [ 1176.548195] ip_set_alloc+0x47/0x60 [ 1176.551827] hash_mac_create+0x36e/0x7c6 [ 1176.555893] ip_set_create+0x5f9/0xf30 [ 1176.559792] ? __find_set_type_get+0x360/0x360 [ 1176.564378] ? __mutex_lock+0x360/0x1310 [ 1176.568469] ? lock_downgrade+0x740/0x740 [ 1176.572620] ? __find_set_type_get+0x360/0x360 04:28:19 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000000)={0x1, 0x5e, "852ec32c9175e184876158c76120d6b98878a3521b0813bf98b5aaee43a4f379ce47485c1e5fb8ad646fe875d9bbc1d027289bfdf9c20cc8b1f50b32cfa8e8f0e23effef16998b3dcc0ddeec1b865bbe5ddad3f16aa3ba6c3155bde83652"}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket(0x840000000002, 0x3, 0xff) connect$inet(r1, &(0x7f0000593000), 0x10) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$TUNSETSTEERINGEBPF(r4, 0x800454e0, &(0x7f0000000100)=r6) sendmmsg$inet(r2, &(0x7f0000005240)=[{{0x0, 0xffffff7f, 0x0}}], 0x300, 0x401eb94) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r7, 0x8004510b, &(0x7f00000000c0)) [ 1176.577214] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1176.581478] netlink_rcv_skb+0x125/0x390 [ 1176.585542] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1176.590567] ? netlink_ack+0x9a0/0x9a0 [ 1176.594468] ? ns_capable_common+0x127/0x150 [ 1176.598879] nfnetlink_rcv+0x1ab/0x1da0 [ 1176.602854] ? __dev_queue_xmit+0xcd6/0x2480 [ 1176.607271] ? check_preemption_disabled+0x35/0x240 [ 1176.612295] ? perf_trace_lock+0xf7/0x490 [ 1176.616447] ? perf_trace_lock_acquire+0x510/0x510 [ 1176.621385] ? nfnetlink_bind+0x240/0x240 [ 1176.625546] ? netlink_deliver_tap+0x90/0x7d0 [ 1176.630081] ? lock_downgrade+0x740/0x740 [ 1176.634244] netlink_unicast+0x437/0x610 [ 1176.638316] ? netlink_sendskb+0xd0/0xd0 [ 1176.642390] netlink_sendmsg+0x62e/0xb80 [ 1176.646462] ? nlmsg_notify+0x170/0x170 [ 1176.650441] ? kernel_recvmsg+0x210/0x210 [ 1176.654603] ? security_socket_sendmsg+0x83/0xb0 [ 1176.659366] ? nlmsg_notify+0x170/0x170 [ 1176.663365] sock_sendmsg+0xb5/0x100 [ 1176.667086] ___sys_sendmsg+0x6c8/0x800 [ 1176.671069] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1176.675825] ? __lock_acquire+0x5fc/0x3f20 [ 1176.680074] ? perf_trace_lock_acquire+0x510/0x510 [ 1176.685013] ? do_futex+0x12b/0x1930 [ 1176.688735] ? check_preemption_disabled+0x35/0x240 [ 1176.693756] ? __fget+0x1fe/0x360 [ 1176.697212] ? lock_acquire+0x170/0x3f0 [ 1176.701198] ? lock_downgrade+0x740/0x740 [ 1176.705354] ? __fget+0x225/0x360 [ 1176.708812] ? __fdget+0x196/0x1f0 [ 1176.712360] ? sockfd_lookup_light+0xb2/0x160 [ 1176.716861] __sys_sendmsg+0xa3/0x120 [ 1176.720690] ? SyS_shutdown+0x160/0x160 04:28:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x80}, 0xc0) socket$bt_hidp(0x1f, 0x3, 0x6) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RAUTH(r2, &(0x7f0000000080)={0x14, 0x67, 0x1, {0x2, 0x0, 0x6}}, 0x14) [ 1176.724679] ? SyS_clock_gettime+0xf5/0x180 [ 1176.729007] ? SyS_clock_settime+0x1a0/0x1a0 [ 1176.733424] SyS_sendmsg+0x27/0x40 [ 1176.736964] ? __sys_sendmsg+0x120/0x120 [ 1176.741025] do_syscall_64+0x1d5/0x640 [ 1176.744930] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1176.750123] RIP: 0033:0x45d249 [ 1176.753311] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1176.761027] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1176.768299] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 04:28:19 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) [ 1176.775658] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1176.782934] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1176.790210] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1176.849042] Mem-Info: [ 1176.851714] active_anon:232007 inactive_anon:6091 isolated_anon:0 [ 1176.851714] active_file:7393 inactive_file:32820 isolated_file:0 [ 1176.851714] unevictable:0 dirty:334 writeback:0 unstable:0 [ 1176.851714] slab_reclaimable:18457 slab_unreclaimable:133736 [ 1176.851714] mapped:62594 shmem:6280 pagetables:5891 bounce:0 [ 1176.851714] free:1091460 free_pcp:221 free_cma:0 [ 1176.892316] Node 0 active_anon:929804kB inactive_anon:24364kB active_file:29428kB inactive_file:131280kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250276kB dirty:1336kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 882688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1176.921488] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1176.951164] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1176.977763] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1176.983090] Node 0 DMA32 free:567248kB min:36272kB low:45340kB high:54408kB active_anon:927596kB inactive_anon:24368kB active_file:29428kB inactive_file:131280kB unevictable:0kB writepending:1340kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14176kB pagetables:23296kB bounce:0kB free_pcp:1020kB local_pcp:520kB free_cma:0kB [ 1177.013869] lowmem_reserve[]: 0 0 0 0 0 [ 1177.017998] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1177.044212] lowmem_reserve[]: 0 0 0 0 0 [ 1177.048234] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1177.075943] lowmem_reserve[]: 0 0 0 0 0 [ 1177.079940] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1177.093609] Node 0 DMA32: 705*4kB (UME) 299*8kB (UME) 422*16kB (UME) 329*32kB (UME) 126*64kB (UME) 35*128kB (UME) 12*256kB (UM) 13*512kB (UME) 7*1024kB (UME) 4*2048kB (UME) 124*4096kB (M) = 568028kB [ 1177.111719] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1177.122619] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1177.139680] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1177.148924] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1177.157571] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1177.166612] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1177.175526] 25449 total pagecache pages [ 1177.179507] 0 pages in swap cache [ 1177.183114] Swap cache stats: add 0, delete 0, find 0/0 [ 1177.188482] Free swap = 0kB [ 1177.191490] Total swap = 0kB [ 1177.194586] 1965979 pages RAM [ 1177.197679] 0 pages HighMem/MovableOnly [ 1177.201639] 339072 pages reserved [ 1177.205174] 0 pages cma reserved 04:28:21 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="f4000000", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251ed913dc5a1039d7ed6d4791d61000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000500000200001c0003800800010002000000060007004e22000006000700342000003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff71a93dc877ceeed2392c2f481df053b5bfa65d9419846260800e0000000000000000000001000000743b4b9f1a705501032d62c6ad960792ec6abba57c1ddf8179bd3ef5979ac944a814ec8d68b3902f03a9ebda"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:21 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_S390_UCAS_MAP(r2, 0x4018ae50, &(0x7f0000000000)={0xfffffffffffffffe, 0xff, 0x3014}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x5, 0x101000) ioctl$VIDIOC_S_PRIORITY(r4, 0x40045644, 0x3) r5 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$AUDIT_SIGNAL_INFO(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xd1042ab2f7534ec1}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x3f2, 0x200, 0x70bd2b, 0x25dfdbfc, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4008800}, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) 04:28:21 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a310000000005000100060000000500050000006a8e22618600000c000780db28dc067cc148301ee061121da108001240479e61390d000300686173683a6d61630000000017a3d6f5d9675c7fb15260c4fe45bd398854d9c717600df9b7cda25ba5092cfcd9ce5f7b8a"], 0x54}}, 0x0) 04:28:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a31000000000500010006e2000005000500000000000c00078008001240479e61390d000300686173683a6d616300000000"], 0x54}}, 0x0) 04:28:21 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:21 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, 0x0, 0x0, r1) r2 = add_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000180)="2f2f5905eaab2ac4bc41fb8a4d610b7e71cabe7a338e830be1426a3859d722b61435913972b4a3a3882a18883ee57700d5747e993681a3dc1850ad5682c11a1b6ba1ea509267ce6c93e445ce7868ee51e0052ca88801a9a5e785c63010b3264ba7d8da88ef0d75db1e33799ec9798907c51a11fca4591d115b78c1a7ed0c46a3ee71cd5e81897aa60e333d9d1f716f78a7c7c33650ee3a3c44e00ba74a8332b6e2daf9c29a8ff954dda0bc4f5dc79c25029a78239d86a81fcd353d45199a90ac667d4253f65dc995006befb9a1fc241ba962d1c184293ddc77c3c35759d9a0ac8d88821cd03e5ac37ed7702fab5425c110eee76ee5719a906f813238e50c24882ca406f9b790e3deea537380c66f9da477374ea3c947e8b74bb9a212308acd9f57b0bc96f39257adf2648a5dc4a73ff06d23c98a4beae96e49c63be1a09ec0dd2f08437347ff1e94cea3328b17b5bfff0bf1bc1eecdd75c7ba8ba852baa5cc0d73d9b1e3e94324cff0300904d80f7ecfbe14a3e5d01c50462b8808c8fd21d3ba04be45f9c8594714a47147865ef148158b526fb5482ac8118a3a5d55a37fbeb13100a7af1572c373765b7a1355f1cd7604f9d6e317a1f7515980835fb62ded06ec302536cae155e1d0045d485d8e1ef5072581408c2427e8e99b8413432e66e1dfed81f28c8c63caaebf439f82cd2da21455a7373466a948338a567f2f55a17bf73b83e74aa2e0676eb44646e098adfdf464839e2fa8fa321b963fdf013f015fe4b3b50000df2e7464918885c8e7543b274d4cc1cfdb0096deef33b4ea4b7d23e7604f3457ca1a4253797510b79f492adf71f747511cf532e1983171b59789ef2f64f7a7c917a13109b516f5b3c5233ed73253e5716d4f05115a6962dcfac69205504d159974c0d971441047ad7522a92e83577b7b6c365f6552c8ca48790cb3b776a2021c16975cf6d009d6be91d09fb65da82fb1bf18abf83c8c8bc77b3c754ede82c6f18d7c1584d31f4dd84034b320fe2cc98fe8f3b05992ab4a55a4310c67d58302ca06ca361b2739a384b2a60da9a324d2e1c7c9a7aab9678e22b583107d0d1841c62dbb86e8efd9b347cb7aa4166f5e206ef2c1ad9dabf960e07044147b36b779fcf93efb9d0a4fe1db255aabc2b5743a293dbca63728e8e15e6993e1c3a96a1cff299e7e6d4e1ede09100c8d11cfce35a5f25a89c486b15b1ddc2775cee56aaed835fbe0855418f7e1533c01267d08c1eeb1ceeceaabc8467f81647bef94c84678c91a42699cb72e091ceb33b6ceda980083e209a0ac25b1e66d5251b172f79f7b9900040297dedf7f077817a573948fdf91de51e79e22c37b8b9e447868409273d58e08dc0241649b454afb89f1c453e241d4a89e8d9b1c6eacfb397165f8f423d7fd9821a1190a3b9dbabd5ed78acb2d93175571797ddc224363d80d50533945a43a3f0225cdbc7ff02b870954f12fe3be7e15076b4e90e035d167d43ba62902c4d492b1fbf457eefe664c39fc77449d24e12797211e930f41073a9943a801c68c086b657bc76aaf8c0ca7376ae09f83a972d108c3ce4d34aa8c04c895b718d7855ac93d0acd91f3cada1cd952849a57d3671676c5331a37e2b220b4dc7d08a11c25337e7331912dd4bc8bc83b559821785ff8319d51a27a873fd393060232621ac6368315bddd502f9832c2a9ba48bb71cbe19c3308947609f7a77b9c1a5da681c2e707fd94d5899fc97676cc4db2ffc3daa06345641e5f62d84f4bd6075ec7a31b45edaed4499190552abcc8e17360593662eaea6b61834851713301d9a6e2c5ef0e257a4f3b6df3e31a35b68004f95d50337b8eb19437bc6579668b1ae2bd60d303e826b926d014e8f26600053612f5742d245d454afc200bcd21bdff424b685bfd4fd0c5a345b64fb1debe168ac88f33b325cc09ea20329c89b54faca7cc3f305ac0e1761619af4ea27427b5250b9833f775376aae0238df555391cb819395ce0521c6a60f40918e75d52916a7455ec25d5b665590fac1b67f35335855c2c0f6cc47507c5ab3861451a2613ba724bda38abc3571dab978a567182d57927eb7515135b52be9e7b30a1d24845e090e746ead92d0441357ed1ab90a3f13c57b1905443d1b736e3a4a958f1e266f07e1a9adbbf21260bab6e4e1079db3685d0c615d39fac9c9eb68fb5ff6e5c891b938c017d7ac473ecbc70c375c827648f3d987662c36bdf34dda81b7ee6a2bdffd2491087190834227d3cc4d5a585ef5280d0f8d96cf3d6781e7b6de6aa4ab882dd563bdcc77cdace7e6a98e5c0131f85b2e03cf36d9f28888db4bbaa6dda77f8f654b5437c60f72574beb1622de1a51b7eadf2be5f2698f59ac69841852cad669a675bd65263f59b55148cc28b87e2add334ec927d823d1041c0669edea16d2dcfe3491ff8f159db0043f8bdde6597a122d7e86e1958ac665a493947fb99dc7af65e5cdc81769d063cc9ad3bffaa28cff2534a8ec21c46171e81379e3f45fd7343eda1136e18ebdedf57a1d29952058d221a7df30d1aff0b0e94f16a4b057fc23cfd842fa6d025d40f45fa2db930025373afba71ed5401dc86a9082ae28d02947b7b428c9719bdb52afb3d103c57289a6a040d6f52064ccd4b828f60a233ad15682447278803a9eebc93927126c7e526bf2c571e247c6081adacac3c3138236f1b97e364bc58a86bf4540c42132f8893cef394f3c5d7f36436b34de7c23e35063ad5f0d4f4238b38b7ab836a5d5510c21d101730d36ebe29f6ca0f9aae6cf08f26d6701eef3e20ef137b9901f3d96be9f1c2e8e52e1062cb75f53e2ff059c7f86ab6076fb19ff38c99d84e9e710851e5b4433eaee8ebd7910f55b0fa9e81149d25de792035376545b339e93af164db499f534a758865de871740acbc08bd0c87d8fc5329c654389a9288fb62ed108e97ada212a78b099ec45f3fe7dc75ff20934aca8a83aef195474b584498ced3b95a460bcf865e4e509169d4542ef2935796b504dfbc908801f83b89a2f93be8b97deb7df7d6c414a2507e629300ddafd388a2b099c1d2a8691cf271226463a5b7610781fab6d08b8d86140fd2f2f4c11f5adcef8abdfc0a0a7090fb98e36da180c5d733bf5dc8daaba9b415822db515e7ee2848fcdeadae3d3c948fafdfadcde2a37f53c9edae07c6be93df15f6dc6bc2524eb70665462535d77a27675c01a57536966d6456865a859e432219c3bb2e6eec4d10299112ee873ca58c183c82712ef7d20270f6b27257a71629c8c7dc5e929b3cd8733366e240dedb100e8b21905e3f6fb16a7c7262ca82e3dbd0e70cb99b74e60a8e941e181fcb9e0c6be786aebf12e685495cafe508b3c882f683eecc570d47f72f3daf3a2d3ff91ba6ed81082079a13307ecd78f83109d2cf3edfebbaaf67b6f9daeb6f9f8b19678904c40dff347285d228715d474efc60a9c14e1663a32dc4a1e91d08e40b87141200f5a1d6b796eda5eecc448d755f3106c4b170ac6e8ea1e5b476172c9584d5696a8e5aa4c971a7f57114b1e2fdae930cbe117c13d0e4b62c886364673bb029011391654ff9155d3aadc4d39896c9ac80f399a46abb00c8732688a11934d49c69c7728dbe08c0c5440fcffd1087df6b526c6a9730055ce42115034d3517b12af2bcc914838945e25bd9153d9adb6d4093ffee4e988c8e567112c0c65ef645b227a51ef5eaf5fc824b9778fe5b92f214ef70a689b3be4f16fb58e84053acbedb1bdf7f8ba15e650826ca7a38dc13480a5c7afaa9d8ff976045cce41002a25a9889fd0fe7d4358a88e0718b855be47e18e55164b61633e11b2e0d178ab1bc0481aa36af8aac0703e9bd06cd0212fba8cd57012a2a1a4107e4e96ef64d63112df9619a823d088a256e1f51f6c13c347cad0576448b922ef57a43129c9a43b225c1b952f86cf22349046199901c3dc87cae59315fa35bfdc80d09196e647ba1a6833ab7ceb1b1c82f3cbe50b4335bb5762cbf4519d00ca18c4f932fe9b3d0d9cfda694c4849c268fb9982fbf57fb81e54a38a60828639a774b648b03b689a127ee3b6541a46a202f2659cda7769204328674f625705e3afc6fe1c5cc5607225ebb398b898b97830de7626667f0ebbc40e5b6799a468b5542bec3c5d399f46c9c448f30f94008ccefaad070cf310b831df17a6f9c9a99f2395327121530c8215c445d65dbb50a8459c36b1f80c6716ee4433e9e82274fb808775dd97fa70d6118c633c2f11ac32b5543762b7e7ef7e6ce3fc3741853dec70411f490bc1954c569b06b2c98444c005b4c7a2b570e3e93f13ce820869", 0xbf0, r1) keyctl$set_timeout(0xf, r2, 0x0) keyctl$reject(0x13, r2, 0x4, 0x8, 0xfffffffffffffff9) [ 1179.367886] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1179.378975] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1179.396187] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1179.406101] CPU: 0 PID: 6627 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1179.414081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1179.423444] Call Trace: [ 1179.426045] dump_stack+0x1b2/0x283 [ 1179.429681] warn_alloc.cold+0x96/0x1cc [ 1179.433662] ? check_preemption_disabled+0x35/0x240 [ 1179.438687] ? zone_watermark_ok_safe+0x220/0x220 [ 1179.443535] ? perf_trace_lock_acquire+0x510/0x510 [ 1179.448471] ? fs_reclaim_release+0xd0/0x110 [ 1179.452889] ? ip_set_alloc+0x47/0x60 [ 1179.456768] vzalloc+0x122/0x150 [ 1179.460121] ip_set_alloc+0x47/0x60 [ 1179.463736] hash_mac_create+0x36e/0x7c6 [ 1179.467783] ip_set_create+0x5f9/0xf30 [ 1179.471660] ? __find_set_type_get+0x360/0x360 [ 1179.476238] ? __mutex_lock+0x360/0x1310 [ 1179.480295] ? lock_downgrade+0x740/0x740 [ 1179.484425] ? __find_set_type_get+0x360/0x360 [ 1179.489006] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1179.493259] netlink_rcv_skb+0x125/0x390 [ 1179.497325] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1179.502341] ? netlink_ack+0x9a0/0x9a0 [ 1179.506230] ? ns_capable_common+0x127/0x150 [ 1179.510638] nfnetlink_rcv+0x1ab/0x1da0 [ 1179.514592] ? __dev_queue_xmit+0xcd6/0x2480 [ 1179.518982] ? check_preemption_disabled+0x35/0x240 [ 1179.524023] ? perf_trace_lock+0xf7/0x490 [ 1179.528156] ? perf_trace_lock_acquire+0x510/0x510 [ 1179.533084] ? nfnetlink_bind+0x240/0x240 [ 1179.537235] ? netlink_deliver_tap+0x90/0x7d0 [ 1179.541729] ? lock_downgrade+0x740/0x740 [ 1179.545864] netlink_unicast+0x437/0x610 [ 1179.549932] ? netlink_sendskb+0xd0/0xd0 [ 1179.553994] netlink_sendmsg+0x62e/0xb80 [ 1179.558070] ? nlmsg_notify+0x170/0x170 [ 1179.562133] ? kernel_recvmsg+0x210/0x210 [ 1179.566286] ? security_socket_sendmsg+0x83/0xb0 [ 1179.571056] ? nlmsg_notify+0x170/0x170 [ 1179.575051] sock_sendmsg+0xb5/0x100 [ 1179.578759] ___sys_sendmsg+0x6c8/0x800 [ 1179.582728] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1179.587473] ? __lock_acquire+0x5fc/0x3f20 [ 1179.591708] ? perf_trace_lock_acquire+0x510/0x510 [ 1179.596622] ? do_futex+0x12b/0x1930 [ 1179.600509] ? check_preemption_disabled+0x35/0x240 [ 1179.605536] ? __fget+0x1fe/0x360 [ 1179.608992] ? lock_acquire+0x170/0x3f0 [ 1179.612949] ? lock_downgrade+0x740/0x740 [ 1179.617095] ? __fget+0x225/0x360 [ 1179.620548] ? __fdget+0x196/0x1f0 [ 1179.624083] ? sockfd_lookup_light+0xb2/0x160 [ 1179.628580] __sys_sendmsg+0xa3/0x120 [ 1179.632364] ? SyS_shutdown+0x160/0x160 [ 1179.636349] ? SyS_clock_gettime+0xf5/0x180 [ 1179.640652] ? SyS_clock_settime+0x1a0/0x1a0 [ 1179.645220] SyS_sendmsg+0x27/0x40 [ 1179.648740] ? __sys_sendmsg+0x120/0x120 [ 1179.652869] do_syscall_64+0x1d5/0x640 [ 1179.656744] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1179.661937] RIP: 0033:0x45d249 04:28:22 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:22 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$kcm(0xa, 0x2, 0x11) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c020a05", @ANYRES16=r5, @ANYBLOB="000425bd7000fcdbdf251100000008000600ffff000008000500e8006bb311f109c00384d12d"], 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x40041) sendmsg$IPVS_CMD_DEL_DAEMON(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0xd8, r5, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0x12}}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x74}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x33}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@remote}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@loopback}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x41}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x4}, 0x0) setsockopt$sock_attach_bpf(r2, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r2, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r6 = dup2(r2, r1) r7 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$VFIO_SET_IOMMU(r7, 0x3b66, 0x1) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) ioctl$sock_SIOCINQ(r6, 0x541b, &(0x7f00000002c0)) [ 1179.665124] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1179.672837] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1179.680104] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1179.687369] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1179.694635] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1179.701893] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c 04:28:22 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 04:28:22 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x200000400200) getsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@local, @initdev}, &(0x7f0000000080)=0x8) ioctl$SNDCTL_SEQ_NRMIDIS(0xffffffffffffffff, 0x8004510b, &(0x7f00000000c0)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_bt_cmtp_CMTPCONNADD(r3, 0x400443c8, &(0x7f0000000040)={r1, 0x8}) 04:28:22 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}]}, 0x4c}}, 0x0) [ 1179.827845] Mem-Info: [ 1179.833065] active_anon:233020 inactive_anon:6091 isolated_anon:0 [ 1179.833065] active_file:7393 inactive_file:32828 isolated_file:0 [ 1179.833065] unevictable:0 dirty:84 writeback:4 unstable:0 [ 1179.833065] slab_reclaimable:18457 slab_unreclaimable:133597 [ 1179.833065] mapped:62577 shmem:6280 pagetables:5890 bounce:0 [ 1179.833065] free:1090568 free_pcp:188 free_cma:0 [ 1179.872131] Node 0 active_anon:931868kB inactive_anon:24364kB active_file:29428kB inactive_file:131328kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250212kB dirty:424kB writeback:16kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 884736kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1179.907006] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1179.933345] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1179.960829] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1179.966344] Node 0 DMA32 free:563896kB min:36272kB low:45340kB high:54408kB active_anon:931864kB inactive_anon:24364kB active_file:29428kB inactive_file:131328kB unevictable:0kB writepending:520kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14368kB pagetables:23416kB bounce:0kB free_pcp:1280kB local_pcp:600kB free_cma:0kB [ 1179.997065] lowmem_reserve[]: 0 0 0 0 0 [ 1180.001428] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1180.027620] lowmem_reserve[]: 0 0 0 0 0 [ 1180.032636] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1180.061301] lowmem_reserve[]: 0 0 0 0 0 [ 1180.065900] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1180.080393] Node 0 DMA32: 528*4kB (UME) 293*8kB (UME) 343*16kB (UME) 359*32kB (UME) 136*64kB (UME) 35*128kB (UME) 12*256kB (UM) 13*512kB (UME) 7*1024kB (UME) 2*2048kB (UE) 124*4096kB (M) = 563512kB [ 1180.098469] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1180.110458] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1180.127941] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1180.137623] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1180.146463] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1180.156394] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1180.165696] 25455 total pagecache pages [ 1180.169703] 0 pages in swap cache 04:28:22 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x84}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:22 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$IMDELTIMER(r4, 0x80044941, &(0x7f0000000240)=0x1) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f00000001c0), &(0x7f0000000200)=0x30) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r8) mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='9p\x00', 0x818808, &(0x7f00000004c0)=ANY=[@ANYBLOB='tranq=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=user,debug=0x0000000000010001,uname=\']}:{){!/-,cachetag=/dev/sequencer\x00,uid>', @ANYRESDEC=r8, @ANYBLOB=',smackfsroot=$}(@:/\'$,,\x00']) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r9, 0x10, 0x70bd27, 0x25dfdbfe, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x800) [ 1180.174350] Swap cache stats: add 0, delete 0, find 0/0 [ 1180.180479] Free swap = 0kB [ 1180.184091] Total swap = 0kB [ 1180.188911] 1965979 pages RAM [ 1180.192370] 0 pages HighMem/MovableOnly [ 1180.196342] 339072 pages reserved [ 1180.199770] 0 pages cma reserved [ 1180.205855] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1180.217993] syz-executor.0 cpuset=/ mems_allowed=0-1 04:28:22 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockname$llc(0xffffffffffffffff, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1180.230782] CPU: 0 PID: 6633 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1180.238612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1180.247968] Call Trace: [ 1180.250566] dump_stack+0x1b2/0x283 [ 1180.254224] warn_alloc.cold+0x96/0x1cc [ 1180.258213] ? check_preemption_disabled+0x35/0x240 [ 1180.263245] ? zone_watermark_ok_safe+0x220/0x220 [ 1180.268104] ? perf_trace_lock_acquire+0x510/0x510 [ 1180.273055] ? fs_reclaim_release+0xd0/0x110 [ 1180.277467] ? ip_set_alloc+0x47/0x60 [ 1180.281254] vzalloc+0x122/0x150 [ 1180.284622] ip_set_alloc+0x47/0x60 [ 1180.288263] hash_mac_create+0x36e/0x7c6 [ 1180.292335] ip_set_create+0x5f9/0xf30 [ 1180.296236] ? __find_set_type_get+0x360/0x360 [ 1180.300831] ? __mutex_lock+0x360/0x1310 [ 1180.304929] ? __find_set_type_get+0x360/0x360 [ 1180.309518] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1180.313761] netlink_rcv_skb+0x125/0x390 [ 1180.317814] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1180.322932] ? netlink_ack+0x9a0/0x9a0 [ 1180.326806] ? ns_capable_common+0x127/0x150 [ 1180.331227] nfnetlink_rcv+0x1ab/0x1da0 [ 1180.335218] ? __dev_queue_xmit+0xcd6/0x2480 [ 1180.339623] ? check_preemption_disabled+0x35/0x240 [ 1180.344637] ? perf_trace_lock+0xf7/0x490 [ 1180.348781] ? perf_trace_lock_acquire+0x510/0x510 [ 1180.353712] ? nfnetlink_bind+0x240/0x240 [ 1180.357861] ? netlink_deliver_tap+0x90/0x7d0 [ 1180.362351] ? lock_downgrade+0x740/0x740 [ 1180.367089] netlink_unicast+0x437/0x610 [ 1180.371228] ? netlink_sendskb+0xd0/0xd0 [ 1180.375282] netlink_sendmsg+0x62e/0xb80 [ 1180.379349] ? nlmsg_notify+0x170/0x170 [ 1180.383313] ? kernel_recvmsg+0x210/0x210 [ 1180.387462] ? security_socket_sendmsg+0x83/0xb0 [ 1180.392207] ? nlmsg_notify+0x170/0x170 [ 1180.396165] sock_sendmsg+0xb5/0x100 [ 1180.399869] ___sys_sendmsg+0x6c8/0x800 [ 1180.403828] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1180.408572] ? __lock_acquire+0x5fc/0x3f20 [ 1180.412795] ? perf_trace_lock_acquire+0x510/0x510 [ 1180.417710] ? do_futex+0x12b/0x1930 [ 1180.421414] ? check_preemption_disabled+0x35/0x240 [ 1180.426418] ? __fget+0x1fe/0x360 [ 1180.429857] ? lock_acquire+0x170/0x3f0 [ 1180.433824] ? lock_downgrade+0x740/0x740 [ 1180.437959] ? __fget+0x225/0x360 [ 1180.441572] ? __fdget+0x196/0x1f0 [ 1180.445177] ? sockfd_lookup_light+0xb2/0x160 [ 1180.449696] __sys_sendmsg+0xa3/0x120 [ 1180.453492] ? SyS_shutdown+0x160/0x160 [ 1180.457467] ? SyS_clock_gettime+0xf5/0x180 [ 1180.461842] ? SyS_clock_settime+0x1a0/0x1a0 [ 1180.466691] SyS_sendmsg+0x27/0x40 [ 1180.470222] ? __sys_sendmsg+0x120/0x120 [ 1180.474283] do_syscall_64+0x1d5/0x640 [ 1180.478169] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1180.483340] RIP: 0033:0x45d249 [ 1180.486596] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1180.494287] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1180.501538] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1180.508798] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1180.516112] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1180.523490] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c 04:28:23 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0xfed2, 0x12, 0x1, 0x0, 0x479e6139}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x40}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000c004}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet6_dccp_int(r2, 0x21, 0x11, &(0x7f0000000080), &(0x7f0000000140)=0x4) 04:28:23 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_NAME(0xf, &(0x7f0000000080)='}%\x00') sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:23 executing program 3: r0 = semget$private(0x0, 0x20000000102, 0x0) socket$inet(0x2, 0x3, 0x800) semop(r0, &(0x7f00000000c0)=[{}, {0x3, 0x4}, {}], 0x3) semctl$SEM_STAT(r0, 0x0, 0x12, &(0x7f0000000100)=""/211) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$RTC_EPOCH_SET(r2, 0x4008700e, 0x4) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x200042, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r3, 0x8004510b, &(0x7f00000000c0)) 04:28:23 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}]}, 0x4c}}, 0x0) [ 1180.551762] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1180.587455] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1180.592811] CPU: 0 PID: 6666 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1180.600626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1180.610508] Call Trace: [ 1180.613102] dump_stack+0x1b2/0x283 [ 1180.616751] warn_alloc.cold+0x96/0x1cc [ 1180.620745] ? check_preemption_disabled+0x35/0x240 [ 1180.625778] ? zone_watermark_ok_safe+0x220/0x220 [ 1180.630739] ? perf_trace_lock_acquire+0x510/0x510 [ 1180.635779] ? fs_reclaim_release+0xd0/0x110 [ 1180.640218] ? ip_set_alloc+0x47/0x60 [ 1180.644029] vzalloc+0x122/0x150 [ 1180.647453] ip_set_alloc+0x47/0x60 04:28:23 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x803, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r1, 0xc1205531, &(0x7f0000000100)={0x2, 0x4, 0x401, 0x5, [], [], [], 0x407, 0x9, 0x3f800, 0x2006, "eb754b95179c800000000500"}) [ 1180.651285] hash_mac_create+0x36e/0x7c6 [ 1180.655461] ip_set_create+0x5f9/0xf30 [ 1180.659463] ? __find_set_type_get+0x360/0x360 [ 1180.665274] ? __mutex_lock+0x360/0x1310 [ 1180.669666] ? __find_set_type_get+0x360/0x360 [ 1180.674262] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1180.678525] netlink_rcv_skb+0x125/0x390 [ 1180.682594] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1180.687626] ? netlink_ack+0x9a0/0x9a0 [ 1180.691520] ? ns_capable_common+0x127/0x150 [ 1180.695937] nfnetlink_rcv+0x1ab/0x1da0 [ 1180.699918] ? __dev_queue_xmit+0xcd6/0x2480 [ 1180.704336] ? check_preemption_disabled+0x35/0x240 [ 1180.709364] ? perf_trace_lock+0xf7/0x490 [ 1180.713542] ? perf_trace_lock_acquire+0x510/0x510 [ 1180.718478] ? nfnetlink_bind+0x240/0x240 [ 1180.722637] ? netlink_deliver_tap+0x90/0x7d0 [ 1180.727147] ? lock_downgrade+0x740/0x740 [ 1180.731391] netlink_unicast+0x437/0x610 [ 1180.735465] ? netlink_sendskb+0xd0/0xd0 [ 1180.739540] netlink_sendmsg+0x62e/0xb80 [ 1180.743614] ? nlmsg_notify+0x170/0x170 [ 1180.747597] ? kernel_recvmsg+0x210/0x210 04:28:23 executing program 3: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x222000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "58f54bd6a1de53a8", "884319280e1668b940c186ce2a27d74f5e3489411f2b66d2b04bb15dca0b3eac", "50de1e9a", "6f4bb113b906e9df"}, 0x38) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$SNDCTL_SEQ_NRMIDIS(0xffffffffffffffff, 0x8004510b, &(0x7f0000000000)) [ 1180.751758] ? security_socket_sendmsg+0x83/0xb0 [ 1180.756522] ? nlmsg_notify+0x170/0x170 [ 1180.760508] sock_sendmsg+0xb5/0x100 [ 1180.764228] ___sys_sendmsg+0x6c8/0x800 [ 1180.768301] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1180.773092] ? __lock_acquire+0x5fc/0x3f20 [ 1180.777343] ? perf_trace_lock_acquire+0x510/0x510 [ 1180.782282] ? do_futex+0x12b/0x1930 [ 1180.786002] ? check_preemption_disabled+0x35/0x240 [ 1180.791026] ? __fget+0x1fe/0x360 [ 1180.794490] ? lock_acquire+0x170/0x3f0 [ 1180.798468] ? lock_downgrade+0x740/0x740 04:28:23 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x4d6c81, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) 04:28:23 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x400040, 0x0) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x40, 0x0, 0xb, 0x5, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_COMPAT_REV={0x8}, @NFTA_COMPAT_REV={0x8}, @NFTA_COMPAT_TYPE={0x8}, @NFTA_COMPAT_NAME={0xc, 0x1, ':.+$,%*\x00'}, @NFTA_COMPAT_TYPE={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x4000056) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) [ 1180.802637] ? __fget+0x225/0x360 [ 1180.806100] ? __fdget+0x196/0x1f0 [ 1180.809648] ? sockfd_lookup_light+0xb2/0x160 [ 1180.814150] __sys_sendmsg+0xa3/0x120 [ 1180.817962] ? SyS_shutdown+0x160/0x160 [ 1180.821955] ? SyS_clock_gettime+0xf5/0x180 [ 1180.826284] ? SyS_clock_settime+0x1a0/0x1a0 [ 1180.830699] SyS_sendmsg+0x27/0x40 [ 1180.834246] ? __sys_sendmsg+0x120/0x120 [ 1180.838314] do_syscall_64+0x1d5/0x640 [ 1180.842217] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1180.847414] RIP: 0033:0x45d249 04:28:23 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r2 = socket(0x11, 0x800000003, 0x0) bind(r2, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r2, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x38, 0x2, {{}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x8}]}]}}}]}, 0x68}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', r3}) [ 1180.850780] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1180.858492] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1180.865769] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1180.873044] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1180.880316] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1180.887590] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1180.931152] warn_alloc_show_mem: 1 callbacks suppressed [ 1180.931157] Mem-Info: [ 1180.948846] active_anon:233028 inactive_anon:6091 isolated_anon:0 [ 1180.948846] active_file:7393 inactive_file:32833 isolated_file:0 [ 1180.948846] unevictable:0 dirty:140 writeback:0 unstable:0 [ 1180.948846] slab_reclaimable:18464 slab_unreclaimable:133438 [ 1180.948846] mapped:62585 shmem:6280 pagetables:5874 bounce:0 [ 1180.948846] free:1090512 free_pcp:378 free_cma:0 [ 1180.984577] Node 0 active_anon:936172kB inactive_anon:24364kB active_file:29428kB inactive_file:131376kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250292kB dirty:592kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 892928kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1180.984755] netem: unknown loss type 8 [ 1181.017828] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1181.023327] netem: change failed [ 1181.054126] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1181.081932] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1181.087005] Node 0 DMA32 free:559320kB min:36272kB low:45340kB high:54408kB active_anon:936228kB inactive_anon:24364kB active_file:29428kB inactive_file:131376kB unevictable:0kB writepending:604kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14528kB pagetables:23644kB bounce:0kB free_pcp:1292kB local_pcp:684kB free_cma:0kB [ 1181.117575] lowmem_reserve[]: 0 0 0 0 0 [ 1181.121724] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1181.147340] lowmem_reserve[]: 0 0 0 0 0 [ 1181.151385] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1181.179505] netem: unknown loss type 8 [ 1181.183484] netem: change failed [ 1181.187661] lowmem_reserve[]: 0 0 0 0 0 [ 1181.207917] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1181.237285] Node 0 DMA32: 534*4kB (UME) 166*8kB (UME) 247*16kB (UE) 416*32kB (UME) 149*64kB (UME) 38*128kB (UME) 14*256kB (UM) 13*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 123*4096kB (M) = 562488kB [ 1181.255372] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1181.267147] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1181.284787] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1181.294208] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1181.303350] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1181.313536] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1181.322762] 25469 total pagecache pages [ 1181.326746] 0 pages in swap cache [ 1181.330194] Swap cache stats: add 0, delete 0, find 0/0 [ 1181.336851] Free swap = 0kB [ 1181.339877] Total swap = 0kB [ 1181.343795] 1965979 pages RAM [ 1181.346903] 0 pages HighMem/MovableOnly [ 1181.350865] 339072 pages reserved [ 1181.355645] 0 pages cma reserved [ 1181.359240] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1181.372018] }%: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1181.399915] }% cpuset=/ mems_allowed=0-1 [ 1181.404741] CPU: 1 PID: 6704 Comm: }% Not tainted 4.14.193-syzkaller #0 [ 1181.411519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1181.420963] Call Trace: [ 1181.423561] dump_stack+0x1b2/0x283 [ 1181.427208] warn_alloc.cold+0x96/0x1cc [ 1181.431812] ? check_preemption_disabled+0x35/0x240 [ 1181.436827] ? zone_watermark_ok_safe+0x220/0x220 [ 1181.441681] ? perf_trace_lock_acquire+0x510/0x510 [ 1181.446616] ? fs_reclaim_release+0xd0/0x110 [ 1181.451040] ? ip_set_alloc+0x47/0x60 [ 1181.454844] vzalloc+0x122/0x150 [ 1181.458217] ip_set_alloc+0x47/0x60 [ 1181.461849] hash_mac_create+0x36e/0x7c6 [ 1181.465919] ip_set_create+0x5f9/0xf30 [ 1181.469828] ? __find_set_type_get+0x360/0x360 [ 1181.474414] ? __mutex_lock+0x360/0x1310 [ 1181.478503] ? __find_set_type_get+0x360/0x360 [ 1181.483091] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1181.487358] netlink_rcv_skb+0x125/0x390 [ 1181.491427] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1181.496442] ? netlink_ack+0x9a0/0x9a0 [ 1181.500338] ? ns_capable_common+0x127/0x150 [ 1181.504756] nfnetlink_rcv+0x1ab/0x1da0 [ 1181.508729] ? __dev_queue_xmit+0xcd6/0x2480 [ 1181.513149] ? check_preemption_disabled+0x35/0x240 [ 1181.518173] ? perf_trace_lock+0xf7/0x490 [ 1181.522338] ? perf_trace_lock_acquire+0x510/0x510 [ 1181.527276] ? nfnetlink_bind+0x240/0x240 [ 1181.531433] ? netlink_deliver_tap+0x90/0x7d0 [ 1181.535932] ? lock_downgrade+0x740/0x740 [ 1181.540086] netlink_unicast+0x437/0x610 [ 1181.544159] ? netlink_sendskb+0xd0/0xd0 [ 1181.548237] netlink_sendmsg+0x62e/0xb80 [ 1181.552306] ? nlmsg_notify+0x170/0x170 [ 1181.556288] ? kernel_recvmsg+0x210/0x210 [ 1181.560438] ? security_socket_sendmsg+0x83/0xb0 [ 1181.565189] ? nlmsg_notify+0x170/0x170 [ 1181.569158] sock_sendmsg+0xb5/0x100 [ 1181.572873] ___sys_sendmsg+0x6c8/0x800 [ 1181.576850] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1181.581686] ? __lock_acquire+0x5fc/0x3f20 [ 1181.585919] ? perf_trace_lock_acquire+0x510/0x510 [ 1181.590842] ? do_futex+0x12b/0x1930 [ 1181.594589] ? check_preemption_disabled+0x35/0x240 [ 1181.599606] ? __fget+0x1fe/0x360 [ 1181.603062] ? lock_acquire+0x170/0x3f0 [ 1181.607032] ? lock_downgrade+0x740/0x740 [ 1181.611179] ? __fget+0x225/0x360 [ 1181.614635] ? __fdget+0x196/0x1f0 [ 1181.618183] ? sockfd_lookup_light+0xb2/0x160 [ 1181.622678] __sys_sendmsg+0xa3/0x120 [ 1181.626474] ? SyS_shutdown+0x160/0x160 [ 1181.630456] ? SyS_clock_gettime+0xf5/0x180 [ 1181.634781] ? SyS_clock_settime+0x1a0/0x1a0 [ 1181.639185] SyS_sendmsg+0x27/0x40 [ 1181.642718] ? __sys_sendmsg+0x120/0x120 [ 1181.646780] do_syscall_64+0x1d5/0x640 [ 1181.650672] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1181.655857] RIP: 0033:0x45d249 [ 1181.659037] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1181.666741] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1181.674006] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1181.681270] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1181.688531] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1181.695794] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1181.749221] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1181.762335] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1181.767588] CPU: 1 PID: 6718 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1181.775384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1181.784744] Call Trace: [ 1181.787335] dump_stack+0x1b2/0x283 [ 1181.790960] warn_alloc.cold+0x96/0x1cc [ 1181.794934] ? check_preemption_disabled+0x35/0x240 [ 1181.799943] ? zone_watermark_ok_safe+0x220/0x220 [ 1181.804789] ? perf_trace_lock_acquire+0x510/0x510 [ 1181.809708] ? fs_reclaim_release+0xd0/0x110 [ 1181.814126] ? ip_set_alloc+0x47/0x60 [ 1181.817922] vzalloc+0x122/0x150 [ 1181.821355] ip_set_alloc+0x47/0x60 [ 1181.824977] hash_mac_create+0x36e/0x7c6 [ 1181.829059] ip_set_create+0x5f9/0xf30 [ 1181.832963] ? __find_set_type_get+0x360/0x360 [ 1181.837550] ? __mutex_lock+0x360/0x1310 [ 1181.841640] ? lock_downgrade+0x740/0x740 [ 1181.845785] ? __find_set_type_get+0x360/0x360 [ 1181.850365] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1181.854621] netlink_rcv_skb+0x125/0x390 [ 1181.858675] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1181.864305] ? netlink_ack+0x9a0/0x9a0 [ 1181.868196] ? ns_capable_common+0x127/0x150 [ 1181.872600] nfnetlink_rcv+0x1ab/0x1da0 [ 1181.876574] ? __dev_queue_xmit+0xcd6/0x2480 [ 1181.881066] ? check_preemption_disabled+0x35/0x240 [ 1181.886080] ? perf_trace_lock+0xf7/0x490 [ 1181.890313] ? perf_trace_lock_acquire+0x510/0x510 [ 1181.895309] ? nfnetlink_bind+0x240/0x240 [ 1181.899453] ? netlink_deliver_tap+0x90/0x7d0 [ 1181.903950] ? lock_downgrade+0x740/0x740 [ 1181.908098] netlink_unicast+0x437/0x610 [ 1181.912160] ? netlink_sendskb+0xd0/0xd0 [ 1181.916220] netlink_sendmsg+0x62e/0xb80 [ 1181.920287] ? nlmsg_notify+0x170/0x170 [ 1181.924257] ? kernel_recvmsg+0x210/0x210 [ 1181.928401] ? security_socket_sendmsg+0x83/0xb0 [ 1181.933150] ? nlmsg_notify+0x170/0x170 [ 1181.937120] sock_sendmsg+0xb5/0x100 [ 1181.940834] ___sys_sendmsg+0x6c8/0x800 [ 1181.944810] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1181.949564] ? __lock_acquire+0x5fc/0x3f20 [ 1181.953804] ? perf_trace_lock_acquire+0x510/0x510 [ 1181.958728] ? check_preemption_disabled+0x35/0x240 [ 1181.964360] ? __fget+0x1fe/0x360 [ 1181.967816] ? lock_acquire+0x170/0x3f0 [ 1181.971786] ? lock_downgrade+0x740/0x740 [ 1181.975936] ? __fget+0x225/0x360 [ 1181.979386] ? __fdget+0x196/0x1f0 [ 1181.982924] ? sockfd_lookup_light+0xb2/0x160 [ 1181.987415] __sys_sendmsg+0xa3/0x120 [ 1181.991210] ? SyS_shutdown+0x160/0x160 [ 1181.995275] ? SyS_clock_gettime+0xf5/0x180 [ 1182.000197] ? SyS_clock_settime+0x1a0/0x1a0 [ 1182.004597] ? fput+0xb/0x140 [ 1182.007696] SyS_sendmsg+0x27/0x40 [ 1182.011257] ? __sys_sendmsg+0x120/0x120 [ 1182.015319] do_syscall_64+0x1d5/0x640 [ 1182.019210] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1182.024392] RIP: 0033:0x45d249 [ 1182.027583] RSP: 002b:00007f1c6354cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1182.035298] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1182.042584] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1182.049847] RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 [ 1182.057109] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 1182.064874] R13: 00007ffd3fb1901f R14: 00007f1c6354d9c0 R15: 000000000118cfec [ 1182.085897] warn_alloc_show_mem: 1 callbacks suppressed [ 1182.085902] Mem-Info: [ 1182.115837] active_anon:231906 inactive_anon:6091 isolated_anon:0 [ 1182.115837] active_file:7393 inactive_file:32853 isolated_file:0 [ 1182.115837] unevictable:0 dirty:158 writeback:0 unstable:0 [ 1182.115837] slab_reclaimable:18464 slab_unreclaimable:134188 [ 1182.115837] mapped:62587 shmem:6280 pagetables:5800 bounce:0 [ 1182.115837] free:1091160 free_pcp:310 free_cma:0 [ 1182.151063] Node 0 active_anon:927624kB inactive_anon:24364kB active_file:29428kB inactive_file:131412kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250348kB dirty:632kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 886784kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1182.182137] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1182.208155] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1182.236613] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1182.241892] Node 0 DMA32 free:565024kB min:36272kB low:45340kB high:54408kB active_anon:927624kB inactive_anon:24364kB active_file:29428kB inactive_file:131412kB unevictable:0kB writepending:632kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14112kB pagetables:23200kB bounce:0kB free_pcp:1260kB local_pcp:612kB free_cma:0kB [ 1182.273126] lowmem_reserve[]: 0 0 0 0 0 [ 1182.277284] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1182.304026] lowmem_reserve[]: 0 0 0 0 0 [ 1182.308116] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1182.336611] lowmem_reserve[]: 0 0 0 0 0 [ 1182.340654] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1182.354761] Node 0 DMA32: 708*4kB (UME) 99*8kB (UME) 160*16kB (UME) 323*32kB (UME) 151*64kB (UME) 38*128kB (UME) 14*256kB (UM) 13*512kB (UME) 7*1024kB (UME) 6*2048kB (UME) 123*4096kB (M) = 564552kB [ 1182.372969] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1182.383803] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1182.400755] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1182.409687] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1182.418549] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1182.427483] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1182.436136] 25482 total pagecache pages [ 1182.440128] 0 pages in swap cache [ 1182.443744] Swap cache stats: add 0, delete 0, find 0/0 [ 1182.449097] Free swap = 0kB [ 1182.452286] Total swap = 0kB [ 1182.455301] 1965979 pages RAM [ 1182.458412] 0 pages HighMem/MovableOnly [ 1182.462447] 339072 pages reserved [ 1182.465888] 0 pages cma reserved 04:28:25 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1000000, 0x7, 0x40}, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f0000000380)={{0x5, 0x3, 0x6, 0x4, 'syz1\x00', 0x3}, 0x0, 0x4, 0xffff, r2, 0x4, 0xffff, 'syz1\x00', &(0x7f00000000c0)=[',).E[\xb4,!]\x00', '\'\x00', '%\'\x00', '/dev/autofs\x00'], 0x1b, [], [0x3f, 0x1, 0x40, 0xf7]}) gettid() r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x14c01, 0x0) read(r3, &(0x7f00003fefff)=""/1, 0x1) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r6, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYRES64, @ANYRES16=0x0, @ANYBLOB="02002dc03600ffdbdf251000000008000400070000000c000280eeff040009000daab085edee16cdf34843690000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe800000002f080005000600000008000500000200001c3003800800010002000000060007004e22000006000700052000003c0002800800080002800000060022004e23000008000500bf12ffff0800030003000100270005000100000005000d00010000000600eeff4e21000008000600fbffffff000000000000000000009d6ef5c532d49f4b6a8d909fbc6fe1b0cd01bc4de2618272d013ff17abdfa95dd8976e8fd303c78063200c61451f1c41242fcbaa90233449ed46e735d8ea00ef030376bde46144b8095b9c83e11727d874b8aab80af096f5563a19f61bd5960879ff2ff87b71d5ccce852cf80753422dd43f83dfd9f77a"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r5, 0x89e2) 04:28:25 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000000), &(0x7f0000000040)=0xc) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r1, 0x8004510b, &(0x7f00000000c0)) getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x38, 0x2, {{}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x8}]}]}}}]}, 0x68}}, 0x0) r4 = socket(0x11, 0x800000003, 0x0) bind(r4, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r4, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x38, 0x2, {{}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x8}]}]}}}]}, 0x68}}, 0x0) r7 = socket(0x11, 0x800000003, 0x0) bind(r7, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r7, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r9 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x38, 0x2, {{}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x8}]}]}}}]}, 0x68}}, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0xa8, 0x0, 0x100, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x8000}, 0x20) 04:28:25 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockname$llc(r1, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:25 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xffffffff}]}]}, 0x4c}}, 0x0) 04:28:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="01010000000100000000050400000000000900020073797a3100000000050001000600000005000500000000000c10090008001240479e61390d000300686173683a6d6163000071360000000000"], 0x54}}, 0x0) 04:28:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x200000, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x15, 0xa, 0xb05, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180)='nl80211\x00') sendmsg$NL80211_CMD_GET_STATION(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x100, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x2004c8d4) 04:28:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x72a9, 0x3718c2) read$snapshot(r1, &(0x7f0000000140)=""/201, 0xc9) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1183.255817] netem: unknown loss type 8 [ 1183.266408] netem: change failed [ 1183.273554] netem: unknown loss type 8 [ 1183.281110] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1183.294672] netem: change failed [ 1183.301480] IPVS: ftp: loaded support on port[0] = 21 [ 1183.303729] netem: unknown loss type 8 [ 1183.311779] netem: change failed [ 1183.315222] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1183.321774] netem: unknown loss type 8 [ 1183.325867] CPU: 1 PID: 6727 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1183.333677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1183.343033] Call Trace: [ 1183.345631] dump_stack+0x1b2/0x283 [ 1183.349278] warn_alloc.cold+0x96/0x1cc [ 1183.353264] ? check_preemption_disabled+0x35/0x240 [ 1183.358292] ? zone_watermark_ok_safe+0x220/0x220 [ 1183.363167] ? perf_trace_lock_acquire+0x510/0x510 [ 1183.368194] ? fs_reclaim_release+0xd0/0x110 [ 1183.372626] ? ip_set_alloc+0x47/0x60 [ 1183.376435] vzalloc+0x122/0x150 [ 1183.379815] ip_set_alloc+0x47/0x60 [ 1183.383462] hash_mac_create+0x36e/0x7c6 [ 1183.387665] ip_set_create+0x5f9/0xf30 [ 1183.391574] ? __find_set_type_get+0x360/0x360 [ 1183.396184] ? __mutex_lock+0x360/0x1310 [ 1183.397885] netem: change failed 04:28:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) sendto$phonet(0xffffffffffffffff, &(0x7f0000000380)="6ba26cb955041d444c134fdc3cbf06452ae37b0d9822703fbeadd722efa0c61c59b271c9a7abb667acc1f65915ab7a", 0x2f, 0x80, &(0x7f00000003c0)={0x23, 0xc1, 0x43, 0x69}, 0x10) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x16c, 0x2, 0x1, 0x101, 0x0, 0x0, {0xc, 0x0, 0x1}, [@CTA_TUPLE_ORIG={0x84, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @local}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x10000}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}, @CTA_LABELS={0xc, 0x16, 0x1, 0x0, [0x400, 0x5]}, @CTA_TUPLE_REPLY={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_ID={0x8}, @CTA_SEQ_ADJ_REPLY={0x4c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xc103}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x3}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x401}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x3}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x1}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xb, 0x1, 'amanda\x00'}}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) [ 1183.400280] ? lock_downgrade+0x740/0x740 [ 1183.400296] ? __find_set_type_get+0x360/0x360 [ 1183.400309] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1183.400336] netlink_rcv_skb+0x125/0x390 [ 1183.420708] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1183.425741] ? netlink_ack+0x9a0/0x9a0 [ 1183.429645] ? ns_capable_common+0x127/0x150 [ 1183.434239] nfnetlink_rcv+0x1ab/0x1da0 [ 1183.438229] ? __dev_queue_xmit+0xcd6/0x2480 [ 1183.442661] ? check_preemption_disabled+0x35/0x240 [ 1183.447692] ? perf_trace_lock+0xf7/0x490 [ 1183.451853] ? perf_trace_lock_acquire+0x510/0x510 [ 1183.456810] ? nfnetlink_bind+0x240/0x240 [ 1183.461065] ? netlink_deliver_tap+0x90/0x7d0 [ 1183.465557] ? lock_downgrade+0x740/0x740 [ 1183.469867] netlink_unicast+0x437/0x610 [ 1183.473933] ? netlink_sendskb+0xd0/0xd0 [ 1183.478116] netlink_sendmsg+0x62e/0xb80 [ 1183.482185] ? nlmsg_notify+0x170/0x170 [ 1183.486170] ? kernel_recvmsg+0x210/0x210 [ 1183.490452] ? security_socket_sendmsg+0x83/0xb0 [ 1183.495195] ? nlmsg_notify+0x170/0x170 [ 1183.499181] sock_sendmsg+0xb5/0x100 [ 1183.502925] ___sys_sendmsg+0x6c8/0x800 [ 1183.506919] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1183.511701] ? __lock_acquire+0x5fc/0x3f20 [ 1183.516199] ? perf_trace_lock_acquire+0x510/0x510 [ 1183.521143] ? do_futex+0x12b/0x1930 [ 1183.524861] ? check_preemption_disabled+0x35/0x240 [ 1183.529881] ? __fget+0x1fe/0x360 [ 1183.533342] ? lock_acquire+0x170/0x3f0 [ 1183.537332] ? lock_downgrade+0x740/0x740 [ 1183.541482] ? __fget+0x225/0x360 [ 1183.544964] ? __fdget+0x196/0x1f0 [ 1183.548497] ? sockfd_lookup_light+0xb2/0x160 [ 1183.552987] __sys_sendmsg+0xa3/0x120 [ 1183.556863] ? SyS_shutdown+0x160/0x160 [ 1183.560841] ? SyS_clock_gettime+0xf5/0x180 [ 1183.565173] ? SyS_clock_settime+0x1a0/0x1a0 [ 1183.569584] SyS_sendmsg+0x27/0x40 [ 1183.573123] ? __sys_sendmsg+0x120/0x120 [ 1183.577429] do_syscall_64+0x1d5/0x640 [ 1183.581330] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1183.586525] RIP: 0033:0x45d249 [ 1183.589826] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1183.597567] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1183.604838] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1183.612108] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1183.619391] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1183.626662] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1183.635728] Mem-Info: [ 1183.638253] active_anon:234054 inactive_anon:6091 isolated_anon:0 [ 1183.638253] active_file:7393 inactive_file:32854 isolated_file:0 [ 1183.638253] unevictable:0 dirty:166 writeback:0 unstable:0 [ 1183.638253] slab_reclaimable:18464 slab_unreclaimable:133930 [ 1183.638253] mapped:62620 shmem:6280 pagetables:5883 bounce:0 [ 1183.638253] free:1089072 free_pcp:150 free_cma:0 [ 1183.673232] Node 0 active_anon:936216kB inactive_anon:24364kB active_file:29428kB inactive_file:131416kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250480kB dirty:664kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 884736kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:28:26 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f00000000c0)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCL_SETVESABLANK(r2, 0x541c, &(0x7f0000000140)) sendmsg$nl_crypto(r2, &(0x7f0000000f00)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000dc0)=@del={0xf8, 0x11, 0x0, 0x70bd26, 0x25dfdbff, {{'xxhash64-generic\x00'}, [], [], 0x400, 0x2000}, [{0x8, 0x1, 0x5}, {0x8, 0x1, 0x4}, {0x8, 0x1, 0x4}]}, 0xf8}, 0x1, 0x0, 0x0, 0xc5}, 0x8000020) r3 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, 0x0, 0x0, r3) r4 = add_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000180)="2f2f5905eaab2ac4bc41fb8a4d610b7e71cabe7a338e830be1426a3859d722b61435913972b4a3a3882a18883ee57700d5747e993681a3dc1850ad5682c11a1b6ba1ea509267ce6c93e445ce7868ee51e0052ca88801a9a5e785c63010b3264ba7d8da88ef0d75db1e33799ec9798907c51a11fca4591d115b78c1a7ed0c46a3ee71cd5e81897aa60e333d9d1f716f78a7c7c33650ee3a3c44e00ba74a8332b6e2daf9c29a8ff954dda0bc4f5dc79c25029a78239d86a81fcd353d45199a90ac667d4253f65dc995006befb9a1fc241ba962d1c184293ddc77c3c35759d9a0ac8d88821cd03e5ac37ed7702fab5425c110eee76ee5719a906f813238e50c24882ca406f9b790e3deea537380c66f9da477374ea3c947e8b74bb9a212308acd9f57b0bc96f39257adf2648a5dc4a73ff06d23c98a4beae96e49c63be1a09ec0dd2f08437347ff1e94cea3328b17b5bfff0bf1bc1eecdd75c7ba8ba852baa5cc0d73d9b1e3e94324cff0300904d80f7ecfbe14a3e5d01c50462b8808c8fd21d3ba04be45f9c8594714a47147865ef148158b526fb5482ac8118a3a5d55a37fbeb13100a7af1572c373765b7a1355f1cd7604f9d6e317a1f7515980835fb62ded06ec302536cae155e1d0045d485d8e1ef5072581408c2427e8e99b8413432e66e1dfed81f28c8c63caaebf439f82cd2da21455a7373466a948338a567f2f55a17bf73b83e74aa2e0676eb44646e098adfdf464839e2fa8fa321b963fdf013f015fe4b3b50000df2e7464918885c8e7543b274d4cc1cfdb0096deef33b4ea4b7d23e7604f3457ca1a4253797510b79f492adf71f747511cf532e1983171b59789ef2f64f7a7c917a13109b516f5b3c5233ed73253e5716d4f05115a6962dcfac69205504d159974c0d971441047ad7522a92e83577b7b6c365f6552c8ca48790cb3b776a2021c16975cf6d009d6be91d09fb65da82fb1bf18abf83c8c8bc77b3c754ede82c6f18d7c1584d31f4dd84034b320fe2cc98fe8f3b05992ab4a55a4310c67d58302ca06ca361b2739a384b2a60da9a324d2e1c7c9a7aab9678e22b583107d0d1841c62dbb86e8efd9b347cb7aa4166f5e206ef2c1ad9dabf960e07044147b36b779fcf93efb9d0a4fe1db255aabc2b5743a293dbca63728e8e15e6993e1c3a96a1cff299e7e6d4e1ede09100c8d11cfce35a5f25a89c486b15b1ddc2775cee56aaed835fbe0855418f7e1533c01267d08c1eeb1ceeceaabc8467f81647bef94c84678c91a42699cb72e091ceb33b6ceda980083e209a0ac25b1e66d5251b172f79f7b9900040297dedf7f077817a573948fdf91de51e79e22c37b8b9e447868409273d58e08dc0241649b454afb89f1c453e241d4a89e8d9b1c6eacfb397165f8f423d7fd9821a1190a3b9dbabd5ed78acb2d93175571797ddc224363d80d50533945a43a3f0225cdbc7ff02b870954f12fe3be7e15076b4e90e035d167d43ba62902c4d492b1fbf457eefe664c39fc77449d24e12797211e930f41073a9943a801c68c086b657bc76aaf8c0ca7376ae09f83a972d108c3ce4d34aa8c04c895b718d7855ac93d0acd91f3cada1cd952849a57d3671676c5331a37e2b220b4dc7d08a11c25337e7331912dd4bc8bc83b559821785ff8319d51a27a873fd393060232621ac6368315bddd502f9832c2a9ba48bb71cbe19c3308947609f7a77b9c1a5da681c2e707fd94d5899fc97676cc4db2ffc3daa06345641e5f62d84f4bd6075ec7a31b45edaed4499190552abcc8e17360593662eaea6b61834851713301d9a6e2c5ef0e257a4f3b6df3e31a35b68004f95d50337b8eb19437bc6579668b1ae2bd60d303e826b926d014e8f26600053612f5742d245d454afc200bcd21bdff424b685bfd4fd0c5a345b64fb1debe168ac88f33b325cc09ea20329c89b54faca7cc3f305ac0e1761619af4ea27427b5250b9833f775376aae0238df555391cb819395ce0521c6a60f40918e75d52916a7455ec25d5b665590fac1b67f35335855c2c0f6cc47507c5ab3861451a2613ba724bda38abc3571dab978a567182d57927eb7515135b52be9e7b30a1d24845e090e746ead92d0441357ed1ab90a3f13c57b1905443d1b736e3a4a958f1e266f07e1a9adbbf21260bab6e4e1079db3685d0c615d39fac9c9eb68fb5ff6e5c891b938c017d7ac473ecbc70c375c827648f3d987662c36bdf34dda81b7ee6a2bdffd2491087190834227d3cc4d5a585ef5280d0f8d96cf3d6781e7b6de6aa4ab882dd563bdcc77cdace7e6a98e5c0131f85b2e03cf36d9f28888db4bbaa6dda77f8f654b5437c60f72574beb1622de1a51b7eadf2be5f2698f59ac69841852cad669a675bd65263f59b55148cc28b87e2add334ec927d823d1041c0669edea16d2dcfe3491ff8f159db0043f8bdde6597a122d7e86e1958ac665a493947fb99dc7af65e5cdc81769d063cc9ad3bffaa28cff2534a8ec21c46171e81379e3f45fd7343eda1136e18ebdedf57a1d29952058d221a7df30d1aff0b0e94f16a4b057fc23cfd842fa6d025d40f45fa2db930025373afba71ed5401dc86a9082ae28d02947b7b428c9719bdb52afb3d103c57289a6a040d6f52064ccd4b828f60a233ad15682447278803a9eebc93927126c7e526bf2c571e247c6081adacac3c3138236f1b97e364bc58a86bf4540c42132f8893cef394f3c5d7f36436b34de7c23e35063ad5f0d4f4238b38b7ab836a5d5510c21d101730d36ebe29f6ca0f9aae6cf08f26d6701eef3e20ef137b9901f3d96be9f1c2e8e52e1062cb75f53e2ff059c7f86ab6076fb19ff38c99d84e9e710851e5b4433eaee8ebd7910f55b0fa9e81149d25de792035376545b339e93af164db499f534a758865de871740acbc08bd0c87d8fc5329c654389a9288fb62ed108e97ada212a78b099ec45f3fe7dc75ff20934aca8a83aef195474b584498ced3b95a460bcf865e4e509169d4542ef2935796b504dfbc908801f83b89a2f93be8b97deb7df7d6c414a2507e629300ddafd388a2b099c1d2a8691cf271226463a5b7610781fab6d08b8d86140fd2f2f4c11f5adcef8abdfc0a0a7090fb98e36da180c5d733bf5dc8daaba9b415822db515e7ee2848fcdeadae3d3c948fafdfadcde2a37f53c9edae07c6be93df15f6dc6bc2524eb70665462535d77a27675c01a57536966d6456865a859e432219c3bb2e6eec4d10299112ee873ca58c183c82712ef7d20270f6b27257a71629c8c7dc5e929b3cd8733366e240dedb100e8b21905e3f6fb16a7c7262ca82e3dbd0e70cb99b74e60a8e941e181fcb9e0c6be786aebf12e685495cafe508b3c882f683eecc570d47f72f3daf3a2d3ff91ba6ed81082079a13307ecd78f83109d2cf3edfebbaaf67b6f9daeb6f9f8b19678904c40dff347285d228715d474efc60a9c14e1663a32dc4a1e91d08e40b87141200f5a1d6b796eda5eecc448d755f3106c4b170ac6e8ea1e5b476172c9584d5696a8e5aa4c971a7f57114b1e2fdae930cbe117c13d0e4b62c886364673bb029011391654ff9155d3aadc4d39896c9ac80f399a46abb00c8732688a11934d49c69c7728dbe08c0c5440fcffd1087df6b526c6a9730055ce42115034d3517b12af2bcc914838945e25bd9153d9adb6d4093ffee4e988c8e567112c0c65ef645b227a51ef5eaf5fc824b9778fe5b92f214ef70a689b3be4f16fb58e84053acbedb1bdf7f8ba15e650826ca7a38dc13480a5c7afaa9d8ff976045cce41002a25a9889fd0fe7d4358a88e0718b855be47e18e55164b61633e11b2e0d178ab1bc0481aa36af8aac0703e9bd06cd0212fba8cd57012a2a1a4107e4e96ef64d63112df9619a823d088a256e1f51f6c13c347cad0576448b922ef57a43129c9a43b225c1b952f86cf22349046199901c3dc87cae59315fa35bfdc80d09196e647ba1a6833ab7ceb1b1c82f3cbe50b4335bb5762cbf4519d00ca18c4f932fe9b3d0d9cfda694c4849c268fb9982fbf57fb81e54a38a60828639a774b648b03b689a127ee3b6541a46a202f2659cda7769204328674f625705e3afc6fe1c5cc5607225ebb398b898b97830de7626667f0ebbc40e5b6799a468b5542bec3c5d399f46c9c448f30f94008ccefaad070cf310b831df17a6f9c9a99f2395327121530c8215c445d65dbb50a8459c36b1f80c6716ee4433e9e82274fb808775dd97fa70d6118c633c2f11ac32b5543762b7e7ef7e6ce3fc3741853dec70411f490bc1954c569b06b2c98444c005b4c7a2b570e3e93f13ce820869", 0xbf0, r3) keyctl$set_timeout(0xf, r4, 0x0) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={r4, 0x0, 0x38}, 0x0, &(0x7f0000000040), &(0x7f0000000100)=""/56) [ 1183.702099] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1183.737166] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1183.768924] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1183.774978] Node 0 DMA32 free:555688kB min:36272kB low:45340kB high:54408kB active_anon:936140kB inactive_anon:24364kB active_file:29428kB inactive_file:131416kB unevictable:0kB writepending:664kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14496kB pagetables:23680kB bounce:0kB free_pcp:916kB local_pcp:580kB free_cma:0kB 04:28:26 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockname$llc(r1, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1183.806499] lowmem_reserve[]: 0 0 0 0 0 [ 1183.811430] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1183.849445] lowmem_reserve[]: 0 0 0 0 0 [ 1183.853837] Node 1 Normal free:3783636kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1183.886425] lowmem_reserve[]: 0 0 0 0 0 [ 1183.890533] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1183.907994] Node 0 DMA32: 497*4kB (UME) 107*8kB (UE) 160*16kB (UME) 303*32kB (UME) 151*64kB (UME) 37*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 2*2048kB (UE) 123*4096kB (M) = 555068kB [ 1183.927076] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1183.938696] Node 1 Normal: 51*4kB (UME) 343*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783636kB [ 1183.957561] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1183.967152] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1183.976703] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1183.986564] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1183.997211] 25490 total pagecache pages [ 1184.001824] 0 pages in swap cache [ 1184.005678] Swap cache stats: add 0, delete 0, find 0/0 [ 1184.012208] Free swap = 0kB [ 1184.015317] Total swap = 0kB [ 1184.018798] 1965979 pages RAM [ 1184.024481] 0 pages HighMem/MovableOnly [ 1184.028560] 339072 pages reserved [ 1184.034117] 0 pages cma reserved [ 1184.038251] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1184.052325] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1184.069811] CPU: 1 PID: 6741 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1184.077673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1184.087025] Call Trace: [ 1184.089602] dump_stack+0x1b2/0x283 [ 1184.093230] warn_alloc.cold+0x96/0x1cc [ 1184.097330] ? check_preemption_disabled+0x35/0x240 [ 1184.102347] ? zone_watermark_ok_safe+0x220/0x220 [ 1184.107288] ? perf_trace_lock_acquire+0x510/0x510 [ 1184.112218] ? fs_reclaim_release+0xd0/0x110 [ 1184.116636] ? ip_set_alloc+0x47/0x60 [ 1184.120425] vzalloc+0x122/0x150 [ 1184.123796] ip_set_alloc+0x47/0x60 [ 1184.127412] hash_mac_create+0x36e/0x7c6 [ 1184.131473] ip_set_create+0x5f9/0xf30 [ 1184.135359] ? __find_set_type_get+0x360/0x360 [ 1184.139941] ? __mutex_lock+0x360/0x1310 [ 1184.144017] ? __find_set_type_get+0x360/0x360 [ 1184.148593] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1184.152848] netlink_rcv_skb+0x125/0x390 [ 1184.156961] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1184.162233] ? netlink_ack+0x9a0/0x9a0 [ 1184.166113] ? ns_capable_common+0x127/0x150 [ 1184.170508] nfnetlink_rcv+0x1ab/0x1da0 [ 1184.174464] ? __dev_queue_xmit+0xcd6/0x2480 [ 1184.178883] ? check_preemption_disabled+0x35/0x240 [ 1184.183898] ? perf_trace_lock+0xf7/0x490 [ 1184.188065] ? perf_trace_lock_acquire+0x510/0x510 [ 1184.193000] ? nfnetlink_bind+0x240/0x240 [ 1184.197153] ? netlink_deliver_tap+0x90/0x7d0 [ 1184.201736] ? lock_downgrade+0x740/0x740 [ 1184.205875] netlink_unicast+0x437/0x610 [ 1184.209920] ? netlink_sendskb+0xd0/0xd0 [ 1184.213966] netlink_sendmsg+0x62e/0xb80 [ 1184.218027] ? nlmsg_notify+0x170/0x170 [ 1184.221984] ? kernel_recvmsg+0x210/0x210 [ 1184.226118] ? security_socket_sendmsg+0x83/0xb0 [ 1184.231661] ? nlmsg_notify+0x170/0x170 [ 1184.235621] sock_sendmsg+0xb5/0x100 [ 1184.239604] ___sys_sendmsg+0x6c8/0x800 [ 1184.243562] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1184.248298] ? __lock_acquire+0x5fc/0x3f20 [ 1184.252517] ? perf_trace_lock_acquire+0x510/0x510 [ 1184.257428] ? do_futex+0x12b/0x1930 [ 1184.261128] ? check_preemption_disabled+0x35/0x240 [ 1184.266144] ? __fget+0x1fe/0x360 [ 1184.269579] ? lock_acquire+0x170/0x3f0 [ 1184.273535] ? lock_downgrade+0x740/0x740 [ 1184.277681] ? __fget+0x225/0x360 [ 1184.281126] ? __fdget+0x196/0x1f0 [ 1184.284654] ? sockfd_lookup_light+0xb2/0x160 [ 1184.289146] __sys_sendmsg+0xa3/0x120 [ 1184.292934] ? SyS_shutdown+0x160/0x160 [ 1184.296919] ? SyS_clock_gettime+0xf5/0x180 [ 1184.301316] ? SyS_clock_settime+0x1a0/0x1a0 [ 1184.305710] SyS_sendmsg+0x27/0x40 [ 1184.309264] ? __sys_sendmsg+0x120/0x120 [ 1184.313317] do_syscall_64+0x1d5/0x640 04:28:26 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:28:26 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockname$llc(r1, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1184.317189] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1184.322382] RIP: 0033:0x45d249 [ 1184.325552] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1184.333330] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1184.340597] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1184.347862] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1184.355114] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1184.362362] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1184.375237] IPVS: ftp: loaded support on port[0] = 21 [ 1184.397180] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1184.440227] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1184.455798] CPU: 1 PID: 6744 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1184.463648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1184.473095] Call Trace: [ 1184.475841] dump_stack+0x1b2/0x283 [ 1184.479483] warn_alloc.cold+0x96/0x1cc [ 1184.483473] ? check_preemption_disabled+0x35/0x240 [ 1184.488505] ? zone_watermark_ok_safe+0x220/0x220 [ 1184.493366] ? perf_trace_lock_acquire+0x510/0x510 [ 1184.498303] ? fs_reclaim_release+0xd0/0x110 [ 1184.502816] ? ip_set_alloc+0x47/0x60 [ 1184.506664] vzalloc+0x122/0x150 [ 1184.510042] ip_set_alloc+0x47/0x60 [ 1184.513688] hash_mac_create+0x36e/0x7c6 [ 1184.517749] ip_set_create+0x5f9/0xf30 [ 1184.521629] ? __find_set_type_get+0x360/0x360 [ 1184.526199] ? __mutex_lock+0x360/0x1310 [ 1184.530314] ? __find_set_type_get+0x360/0x360 [ 1184.534902] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1184.539155] netlink_rcv_skb+0x125/0x390 [ 1184.543479] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1184.548511] ? netlink_ack+0x9a0/0x9a0 [ 1184.552406] ? ns_capable_common+0x127/0x150 [ 1184.556823] nfnetlink_rcv+0x1ab/0x1da0 [ 1184.560878] ? __dev_queue_xmit+0xcd6/0x2480 [ 1184.565344] ? check_preemption_disabled+0x35/0x240 [ 1184.570366] ? perf_trace_lock+0xf7/0x490 [ 1184.574532] ? perf_trace_lock_acquire+0x510/0x510 [ 1184.579464] ? nfnetlink_bind+0x240/0x240 [ 1184.583694] ? netlink_deliver_tap+0x90/0x7d0 [ 1184.588177] ? lock_downgrade+0x740/0x740 [ 1184.592323] netlink_unicast+0x437/0x610 [ 1184.596377] ? netlink_sendskb+0xd0/0xd0 [ 1184.600428] netlink_sendmsg+0x62e/0xb80 [ 1184.604612] ? nlmsg_notify+0x170/0x170 [ 1184.608575] ? kernel_recvmsg+0x210/0x210 [ 1184.612722] ? security_socket_sendmsg+0x83/0xb0 [ 1184.617472] ? nlmsg_notify+0x170/0x170 [ 1184.621441] sock_sendmsg+0xb5/0x100 [ 1184.625151] ___sys_sendmsg+0x6c8/0x800 [ 1184.629113] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1184.633859] ? __lock_acquire+0x5fc/0x3f20 [ 1184.638100] ? perf_trace_lock_acquire+0x510/0x510 [ 1184.643024] ? do_futex+0x12b/0x1930 [ 1184.646719] ? check_preemption_disabled+0x35/0x240 [ 1184.651732] ? __fget+0x1fe/0x360 [ 1184.655188] ? lock_acquire+0x170/0x3f0 [ 1184.659154] ? lock_downgrade+0x740/0x740 [ 1184.663382] ? __fget+0x225/0x360 [ 1184.666856] ? __fdget+0x196/0x1f0 [ 1184.670404] ? sockfd_lookup_light+0xb2/0x160 [ 1184.674911] __sys_sendmsg+0xa3/0x120 [ 1184.678708] ? SyS_shutdown+0x160/0x160 [ 1184.682706] ? SyS_clock_gettime+0xf5/0x180 [ 1184.687019] ? SyS_clock_settime+0x1a0/0x1a0 [ 1184.691438] SyS_sendmsg+0x27/0x40 [ 1184.694973] ? __sys_sendmsg+0x120/0x120 [ 1184.699057] do_syscall_64+0x1d5/0x640 [ 1184.702947] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1184.708135] RIP: 0033:0x45d249 [ 1184.711310] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1184.719012] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1184.726271] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1184.733541] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1184.740995] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1184.748250] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1184.765014] warn_alloc_show_mem: 1 callbacks suppressed [ 1184.765018] Mem-Info: [ 1184.794769] active_anon:233531 inactive_anon:6091 isolated_anon:0 [ 1184.794769] active_file:7393 inactive_file:32869 isolated_file:0 [ 1184.794769] unevictable:0 dirty:163 writeback:0 unstable:0 [ 1184.794769] slab_reclaimable:18467 slab_unreclaimable:134549 [ 1184.794769] mapped:62602 shmem:6280 pagetables:5888 bounce:0 [ 1184.794769] free:1089015 free_pcp:314 free_cma:0 [ 1184.830219] Node 0 active_anon:934124kB inactive_anon:24364kB active_file:29428kB inactive_file:131476kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250408kB dirty:652kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 892928kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1184.862278] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1184.890848] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1184.917834] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1184.924400] Node 0 DMA32 free:558252kB min:36272kB low:45340kB high:54408kB active_anon:934096kB inactive_anon:24364kB active_file:29428kB inactive_file:131496kB unevictable:0kB writepending:700kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14336kB pagetables:23536kB bounce:0kB free_pcp:1144kB local_pcp:612kB free_cma:0kB [ 1184.955914] lowmem_reserve[]: 0 0 0 0 0 [ 1184.960036] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1184.987730] lowmem_reserve[]: 0 0 0 0 0 [ 1184.992459] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1185.020433] lowmem_reserve[]: 0 0 0 0 0 [ 1185.025526] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1185.039810] Node 0 DMA32: 529*4kB (UME) 261*8kB (UE) 169*16kB (UME) 277*32kB (UME) 151*64kB (UME) 37*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 123*4096kB (M) = 557788kB [ 1185.059187] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1185.070120] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1185.087778] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1185.097296] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1185.106496] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1185.116001] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1185.125195] 25501 total pagecache pages [ 1185.129612] 0 pages in swap cache [ 1185.133104] Swap cache stats: add 0, delete 0, find 0/0 [ 1185.138484] Free swap = 0kB [ 1185.143847] Total swap = 0kB [ 1185.146884] 1965979 pages RAM [ 1185.149979] 0 pages HighMem/MovableOnly [ 1185.154956] 339072 pages reserved [ 1185.158431] 0 pages cma reserved [ 1185.163517] syz-executor.3: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1185.176291] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1185.182450] CPU: 1 PID: 6757 Comm: syz-executor.3 Not tainted 4.14.193-syzkaller #0 [ 1185.190274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1185.199735] Call Trace: [ 1185.202333] dump_stack+0x1b2/0x283 [ 1185.205970] warn_alloc.cold+0x96/0x1cc [ 1185.209935] ? check_preemption_disabled+0x35/0x240 [ 1185.214951] ? zone_watermark_ok_safe+0x220/0x220 [ 1185.219801] ? perf_trace_lock_acquire+0x510/0x510 [ 1185.225223] ? fs_reclaim_release+0xd0/0x110 [ 1185.229650] ? ip_set_alloc+0x47/0x60 [ 1185.233459] vzalloc+0x122/0x150 [ 1185.236828] ip_set_alloc+0x47/0x60 [ 1185.240450] hash_mac_create+0x36e/0x7c6 [ 1185.244505] ip_set_create+0x5f9/0xf30 [ 1185.248382] ? __find_set_type_get+0x360/0x360 [ 1185.252958] ? __mutex_lock+0x360/0x1310 [ 1185.257034] ? __find_set_type_get+0x360/0x360 [ 1185.262440] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1185.266698] ? lock_downgrade+0x740/0x740 [ 1185.270843] netlink_rcv_skb+0x125/0x390 [ 1185.274901] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1185.279920] ? netlink_ack+0x9a0/0x9a0 [ 1185.283836] ? ns_capable_common+0x127/0x150 [ 1185.288341] nfnetlink_rcv+0x1ab/0x1da0 [ 1185.292313] ? do_syscall_64+0x1d5/0x640 [ 1185.296456] ? check_preemption_disabled+0x35/0x240 [ 1185.301459] ? check_preemption_disabled+0x35/0x240 [ 1185.306587] ? perf_trace_lock+0xf7/0x490 [ 1185.310729] ? perf_trace_lock_acquire+0x510/0x510 [ 1185.315658] ? nfnetlink_bind+0x240/0x240 [ 1185.320236] ? netlink_table_grab.part.0+0x1f0/0x1f0 [ 1185.325545] ? netlink_deliver_tap+0x90/0x7d0 [ 1185.330050] ? lock_downgrade+0x740/0x740 [ 1185.334208] netlink_unicast+0x437/0x610 [ 1185.338263] ? netlink_sendskb+0xd0/0xd0 [ 1185.342318] netlink_sendmsg+0x62e/0xb80 [ 1185.346366] ? nlmsg_notify+0x170/0x170 [ 1185.350321] ? kernel_recvmsg+0x210/0x210 [ 1185.354464] ? security_socket_sendmsg+0x83/0xb0 [ 1185.359221] ? nlmsg_notify+0x170/0x170 [ 1185.363181] sock_sendmsg+0xb5/0x100 [ 1185.366894] ___sys_sendmsg+0x6c8/0x800 [ 1185.370853] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1185.375600] ? __lock_acquire+0x5fc/0x3f20 [ 1185.379829] ? perf_trace_lock_acquire+0x510/0x510 [ 1185.384741] ? do_futex+0x12b/0x1930 [ 1185.388437] ? check_preemption_disabled+0x35/0x240 [ 1185.393464] ? __fget+0x1fe/0x360 [ 1185.397790] ? lock_acquire+0x170/0x3f0 [ 1185.401756] ? lock_downgrade+0x740/0x740 [ 1185.406061] ? __fget+0x225/0x360 [ 1185.409500] ? __fdget+0x196/0x1f0 [ 1185.413034] ? sockfd_lookup_light+0xb2/0x160 [ 1185.417519] __sys_sendmsg+0xa3/0x120 [ 1185.421333] ? SyS_shutdown+0x160/0x160 [ 1185.425306] ? SyS_clock_gettime+0xf5/0x180 [ 1185.429611] ? SyS_clock_settime+0x1a0/0x1a0 [ 1185.434014] SyS_sendmsg+0x27/0x40 [ 1185.437560] ? __sys_sendmsg+0x120/0x120 [ 1185.441624] do_syscall_64+0x1d5/0x640 [ 1185.445526] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1185.450707] RIP: 0033:0x45d249 [ 1185.453884] RSP: 002b:00007f5110811c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1185.461590] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1185.468858] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1185.476121] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1185.483375] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1185.490641] R13: 00007fffed97491f R14: 00007f51108129c0 R15: 000000000118cf4c [ 1185.500564] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1185.525896] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1185.531110] CPU: 1 PID: 6745 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1185.538907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1185.548268] Call Trace: [ 1185.550865] dump_stack+0x1b2/0x283 [ 1185.554505] warn_alloc.cold+0x96/0x1cc [ 1185.558498] ? check_preemption_disabled+0x35/0x240 [ 1185.563529] ? zone_watermark_ok_safe+0x220/0x220 [ 1185.568472] ? perf_trace_lock_acquire+0x510/0x510 [ 1185.573412] ? fs_reclaim_release+0xd0/0x110 [ 1185.577844] ? ip_set_alloc+0x47/0x60 [ 1185.581655] vzalloc+0x122/0x150 [ 1185.585026] ip_set_alloc+0x47/0x60 [ 1185.588653] hash_mac_create+0x36e/0x7c6 [ 1185.592704] ip_set_create+0x5f9/0xf30 [ 1185.596684] ? __find_set_type_get+0x360/0x360 [ 1185.601256] ? __mutex_lock+0x360/0x1310 [ 1185.605434] ? __find_set_type_get+0x360/0x360 [ 1185.610001] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1185.614324] netlink_rcv_skb+0x125/0x390 [ 1185.618378] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1185.623403] ? netlink_ack+0x9a0/0x9a0 [ 1185.627293] ? ns_capable_common+0x127/0x150 [ 1185.631711] nfnetlink_rcv+0x1ab/0x1da0 [ 1185.635698] ? __dev_queue_xmit+0xcd6/0x2480 [ 1185.640093] ? check_preemption_disabled+0x35/0x240 [ 1185.645121] ? perf_trace_lock+0xf7/0x490 [ 1185.649268] ? perf_trace_lock_acquire+0x510/0x510 [ 1185.654316] ? nfnetlink_bind+0x240/0x240 [ 1185.658459] ? netlink_deliver_tap+0x90/0x7d0 [ 1185.662957] ? lock_downgrade+0x740/0x740 [ 1185.667103] netlink_unicast+0x437/0x610 [ 1185.671159] ? netlink_sendskb+0xd0/0xd0 [ 1185.675263] netlink_sendmsg+0x62e/0xb80 [ 1185.679311] ? nlmsg_notify+0x170/0x170 [ 1185.683276] ? kernel_recvmsg+0x210/0x210 [ 1185.687425] ? security_socket_sendmsg+0x83/0xb0 [ 1185.692296] ? nlmsg_notify+0x170/0x170 [ 1185.696271] sock_sendmsg+0xb5/0x100 [ 1185.699977] ___sys_sendmsg+0x6c8/0x800 [ 1185.703945] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1185.708690] ? __lock_acquire+0x5fc/0x3f20 [ 1185.712919] ? perf_trace_lock_acquire+0x510/0x510 [ 1185.717840] ? do_futex+0x12b/0x1930 [ 1185.721549] ? check_preemption_disabled+0x35/0x240 [ 1185.726577] ? __fget+0x1fe/0x360 [ 1185.730018] ? lock_acquire+0x170/0x3f0 [ 1185.733982] ? lock_downgrade+0x740/0x740 [ 1185.738133] ? __fget+0x225/0x360 [ 1185.741585] ? __fdget+0x196/0x1f0 [ 1185.745123] ? sockfd_lookup_light+0xb2/0x160 [ 1185.749714] __sys_sendmsg+0xa3/0x120 [ 1185.753499] ? SyS_shutdown+0x160/0x160 [ 1185.757492] ? SyS_clock_gettime+0xf5/0x180 [ 1185.761807] ? SyS_clock_settime+0x1a0/0x1a0 [ 1185.766211] SyS_sendmsg+0x27/0x40 [ 1185.769755] ? __sys_sendmsg+0x120/0x120 [ 1185.773801] do_syscall_64+0x1d5/0x640 [ 1185.777674] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1185.782937] RIP: 0033:0x45d249 [ 1185.786115] RSP: 002b:00007f1c6354cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1185.793825] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1185.801114] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1185.808376] RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 [ 1185.815629] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 1185.822890] R13: 00007ffd3fb1901f R14: 00007f1c6354d9c0 R15: 000000000118cfec [ 1185.835949] warn_alloc_show_mem: 1 callbacks suppressed [ 1185.835953] Mem-Info: [ 1185.847467] active_anon:232992 inactive_anon:6091 isolated_anon:0 [ 1185.847467] active_file:7393 inactive_file:32874 isolated_file:0 [ 1185.847467] unevictable:0 dirty:175 writeback:0 unstable:0 [ 1185.847467] slab_reclaimable:18467 slab_unreclaimable:133979 [ 1185.847467] mapped:62617 shmem:6280 pagetables:5847 bounce:0 [ 1185.847467] free:1090096 free_pcp:305 free_cma:0 [ 1185.885115] Node 0 active_anon:931968kB inactive_anon:24364kB active_file:29428kB inactive_file:131496kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250528kB dirty:700kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 892928kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1185.915010] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1185.942317] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1185.968685] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1185.974483] Node 0 DMA32 free:559644kB min:36272kB low:45340kB high:54408kB active_anon:931948kB inactive_anon:24364kB active_file:29428kB inactive_file:131524kB unevictable:0kB writepending:748kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14208kB pagetables:23424kB bounce:0kB free_pcp:1348kB local_pcp:616kB free_cma:0kB [ 1186.005469] lowmem_reserve[]: 0 0 0 0 0 [ 1186.009573] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1186.035485] lowmem_reserve[]: 0 0 0 0 0 [ 1186.039483] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1186.067149] lowmem_reserve[]: 0 0 0 0 0 [ 1186.071217] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1186.084895] Node 0 DMA32: 527*4kB (UME) 162*8kB (UME) 182*16kB (UME) 281*32kB (UME) 151*64kB (UME) 37*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 4*2048kB (UME) 123*4096kB (M) = 559372kB [ 1186.103546] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1186.114442] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1186.131334] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1186.140184] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1186.148818] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1186.157729] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1186.166388] 25515 total pagecache pages [ 1186.170407] 0 pages in swap cache [ 1186.173962] Swap cache stats: add 0, delete 0, find 0/0 [ 1186.179359] Free swap = 0kB [ 1186.182454] Total swap = 0kB [ 1186.185479] 1965979 pages RAM [ 1186.188567] 0 pages HighMem/MovableOnly [ 1186.192597] 339072 pages reserved [ 1186.196134] 0 pages cma reserved [ 1186.199719] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1186.218465] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1186.224327] CPU: 0 PID: 6781 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1186.232147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1186.241532] Call Trace: [ 1186.244108] dump_stack+0x1b2/0x283 [ 1186.247741] warn_alloc.cold+0x96/0x1cc [ 1186.251716] ? check_preemption_disabled+0x35/0x240 [ 1186.256739] ? zone_watermark_ok_safe+0x220/0x220 [ 1186.261596] ? perf_trace_lock_acquire+0x510/0x510 [ 1186.266536] ? fs_reclaim_release+0xd0/0x110 [ 1186.270964] ? ip_set_alloc+0x47/0x60 [ 1186.274775] vzalloc+0x122/0x150 [ 1186.278155] ip_set_alloc+0x47/0x60 [ 1186.281798] hash_mac_create+0x36e/0x7c6 [ 1186.285870] ip_set_create+0x5f9/0xf30 [ 1186.289192] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1186.289787] ? __find_set_type_get+0x360/0x360 04:28:28 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r6 = getpid() sched_setattr(r6, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1000000, 0x7, 0x40}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001840)={&(0x7f00000000c0)=@kern={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001800)=[{&(0x7f0000000100)={0xf4, 0x23, 0x800, 0x70bd2c, 0x25dfdbfd, "", [@generic="eb50af7b8d29e08aa18e1d770c68100dde71da865146e41f424c84199fc24fbac753497e41059a619b377cb84212aab403aa7a9f357e1e391f79ff215c105e796b0eb77bdd55c85c66f619135441d30c116c55c5cd81b872d7a26408ca539f61ea42b658cf576aeb092bed69e6239b905cf047bed6eeabb1cf99f9c6b476ed0224c49ce22de3c05bd35f46869fc0332a32e7b3d969a876f4c11eaec593efcefd6066bc3c96b5483d20d18cfea5e3a86fe2be86108fa2437eefca7ecd9ea2cc04fa4be332f6cac96560803caa5e61797ac73decfac99f809f769bd51d", @typed={0x8, 0x94, 0x0, 0x0, @ipv4=@multicast2}]}, 0xf4}, {&(0x7f0000000380)={0x18, 0x3e, 0x300, 0x70bd27, 0x25dfdbfc, "", [@typed={0x8, 0x24, 0x0, 0x0, @ipv4=@loopback}]}, 0x18}, {&(0x7f00000003c0)={0x1410, 0x1d, 0x10, 0x70bd27, 0x25dfdbff, "", [@nested={0x18f, 0x4, 0x0, 0x1, [@generic="0266244443678f0f42", @generic="150fe72814f6c6764588ab1b6edd6b47f45d49acd271ce0189b5dc4a5cf04aa159bbbf331f40fe857d9c0c1ac55ee04f7f40ddbedfbe4fc5f0c962294a009ed7e3afc706a36f124894538d87ecb47e5582ca8d71dac06d75e1a6fc6c08c235f0a05c9c57bdc5b534cfeb4466738297e36437fd539266abd7f0c7898a1295ba593754fae4c08a9b0c72d0799b8aa25b0c2f285cd453a83d5c77f345196d782a6d678872af0cad82b3879b31fe9d19c170561766b2587147461bccdd8c4f8155e7e42d5e6294928d39ad490569268a48629f5f9ec1b6897424d0e94f85c1e70dced0fdd9e1ea244ab848dd6a8097d0686ef2a5377b123fddac04506499", @typed={0xe, 0x68, 0x0, 0x0, @str='/dev/ptmx\x00'}, @generic="c518b0f2fb38d79083f056d02a3a38e6e9d358013cba8758c314e5a9f728ce75900cf11382137c9d81031fdf3744967da0f3fa334488387ef3cde32ae9db286c5daf365c1bd6be1e4d6811f0b983a00008bf298fdcf9c79f8def2e537e9ed1108c89900147de", @typed={0x8, 0x4e, 0x0, 0x0, @uid}, @typed={0x8, 0x2e, 0x0, 0x0, @fd}]}, @typed={0x8, 0x96, 0x0, 0x0, @fd=r0}, @nested={0x1231, 0x95, 0x0, 0x1, [@generic="6bef31a04d83a425f3f67451d5def46aa8a613aacc8ad13dfb7029a466f477b880b4754613eded707f9df887ca44fe3c88ef0d71f162b0d51feb4b62", @generic="cb21ca10e3ad6cd3b41a5971f5db80664e7a0e8c43583a8bcaf288a307fb06c2e6b99199d2806d4ec183bf44dc625e53e039a8a932c75df278454757e67294c3b60882c49cba97e22c1837a46b9fd6b8cdfd8a6bac2d133101c2daabdab3b03b1cea3993430fcb7e8b8eb6e85cbd78b7868a3a7d5d94a55666b5738e8abc53e7463f014c64e6f6886402fb1856afd94087a11c98103706c709a90d5b0b93ba58a4a7da004e27b6b97d920ef938f88e81326b291bff1eb4f1f12028a112bb5ca166a979eea6dcbde40989b4fb2ca1ffd8560881c74827607e2f5a2644ead9a0e2d779b0386a9a805fc14cdc7d1a3bf8042bb85b6f569dcb7aa09f102f1ae80c89598a272cd5f9aa2b8aa3b4948dc8c9f1c5c33e9089b84bf739777ec99f25b8b9a2adaacb19a940a90d83691874ea76ea6e280731e5b9ec0c5beffaf31faf4a7d9640ee7bc1306a5a214f8ce217909d4d603ef69f8fd134b4fcc1cfa08ea70ba6626bdec1fe5ec5e9f45c20f84f4837f578b56543be1d1584a8559bd580531cc06345f23fe73954a1a9c731ca76569c00c22fdcdb45010b5c744069498812601036a85efbf247dcd0403be8159e9287fa9416b68af8ceada6012e23065eaac0576e851a7424e197fbe90fcf54711c7dc4c2279c1f01386235e91eb7fca077420569255deec3fdb3a0d15a02caaa9acc7e71cf23d5314d0ecc3523e65fd5a41d6d7f7a59916ae0a2cede97761ef15bb3099a7e25d2cda16440bc4abcd64cfd60055db4f5dfdd0c5c71eb2febd09e7e19226248c15497a47b7ea57ead0e7f69612e6a229e4e44d3a75d8cf9e781be64ae8605864d5f6d23e13f7a0d9aef93c40b686f2b4fd94cfba5e8cf5633c47b0e0e592171f7221a39ea8fdb7c0028f3560b1eaf0a4f37c32b6bd60868997737dfa7fdf90cef2506452ccde6f01f183d0b1a530845f47995dde43775abe4d5e95fca2d0ec0140a280679dd921ae7c3c94ecda3e4cea9f999c44c3834b71780c3d76147e2a9027708ca37fdb05d9d5a11c404c404c4740006f8c1c638e4360dab7ab8c9a686bd6d26cac4bd4adfb50d5e64f370254bcf72fde7078b5e431d1e57642550d8a89558b01ed194ee073889da4dfd1ab2136cccaf8a866dc97145e8784bd6b60ede7b3d063e8b8bcb1173d6a93f60f19b13802bef18033cca81fcc749776d8de6c592f4ec104d48fc9c28016acaed07112db32359174f6be32fa128b85db5d02cadbbd89298f2de5f4e1fd3ea34c8b007cb3d11cb5ae2f8134595741369407a46b63b34f1b038c6c5035cb826825c3e3de888b05671a04d1d73d337a8db597a91fee5834ac992e0f9444b727df4062d98ed811368eeef6e3ab312370b004446594a126816af49f58dd08c97d4e098c58cd5e8eab15d6be0c5e22814b1adc4c7f3e19fba0212543507a12ebf200c8bee720482b0b5039b04f932f553a0e55f8886dbd5c840aa8e09ba824a7cc818bc94d5f21cba39471abaa4be5ba9a65812bf414f336e0511bf708c816de65fba5040db6bcd3f3bbade5de6cedc1e7176bdd2c0bfe8b279fde43860b1e0d26c67e5ec074057fcd58fde2cdf72bb195c1dd3878536ff80c5bd580cb69f05ed2618621384218d99e5ee09de0d4b1fbe5104562bf8c820d4b547d98776c15315dd7598aa9ce5058007980ec5bfad841a1cd50961c48a47f6d337b01a5ab86367fbb443c8a5e0d8327fefb161372d09c7818b4d289f900f9c4c527ecbeb3adc068d171ef350a981d6948185515e2747c4767cdd91d27bfaef2fdd2b52d1e4fa6520cb00cd0ce85a3497e64acae1eb76181eeb3a99ae860eabb62ee02e1fe0f5bea16d89435630d46f8c8de2c3c0d1020d53295f9e3dd86a25847145cb1841196d6eaa1c1783b64f3a66c6d7f854c28e19611884f6c699d9f40a0078283c9cdc3b8364e6e21d9032e5998189427c7dcf383792b8bd959d98071ba623cd3318fc96675938869bf203ae0a4b2b227dfc877e38fccf70f1005f94d8707ad5ef8121c8fdb2f5f23e79f410edb883a40972889d8c4b027f702fdaf29155e10a61e7aeefe40adc1a8e77ada00d23a39349fbe11bc4b184707661b96aca72cd11b05700f4fb4a3b54f3dca1daf72f4a911081afef70cd9165aa8cdd7386cc484b54badf6e46d3ba1a7a5a2c5160cf2a49c5a41ba341794592ccf26ba5fe29c7430f2d5ef40c2518d38630997799a59d1be1321701bee5b4e38e6898ea1ed58370934d69d7eeebeeec7326c21b83f0510aad4056ca1a327110f82370524dbbfcde998382af25ed06f6fa484a8ef7a504715b31ef7c21e2ec6dbdf3587390278a43c5c6f99750f3268eb0b257d24f3561c78c8fc2a2ee7a1979d5cf6008c0c9bbb7a3ebe3e638893cabdcbf409b4eb7cd60a4cb9f923fbb84b6b1272b6d0dd1f1e455ea45f504713709bfc72baf827081c17d1c010b0cb89162508ef7725e662f59324fe9073326c4099203fa9f59d450da5ccf1652f85275341d14b15722d0b7c15264968d6408782e4aaf0de50c949208f8d9d5fc4350347ea5c151008810ea8501280b17588442eb73a424ea94b08bff7119f4df7f5a4db86396cde6ca17718956be38a418ddd9048c103e2c6ca427e297da12e053cb7dc0686e15f2f8af4222efa8a676951b007ef8535707399786ddca109ba19a5f87b57c09f300bdd8d3245150f091eaaa26439d9262e50072eb4b15c8d44dc0b09263661bd8dc4394007909a5fc304c0a919c302509c7ce98c2107a320444ffbc7f0344b6b34a9bc6e00afc800722f6259da246e40dc5ef96146d6124227c87bd2fcda658cf4756a53eb5d979b26964443e2d55533d02be8a88ad56b9cd21040397b609f298d30fd4aa405c7d981305ee44b4ad11249e10a674c034db0122d86688e85d24a29f3bed9ff3f0a7c8ba06206ac3f652625f232ba43481e343cfc8dcf5b84c2d0fef5c61c13b56720df029bbaf41940570c41514a9810a05ada871aa4383916a83c5f9b5ef7c9d774959b30de6f71b94bf75c123f907c70a4ce7f0dbadcc7063f8563100db950a2804a8c6b2320ee616818ca65bf3b5566852af779e8eb4ab367d80bb84e37e997e9fc239af9d058929365ccc959faeb960701763be1a8abfa0775682cb765c94fce1293205b27a4b8f44aaefa0383b3cecfc2804e3925b969f579ded7adad9345bbb7370ae4be07ffe2a1e7cb76dca459c1ba0e37ebe14fdb65cfecc7a412b9839a005ab41ae7476498de78add354e0bfb10d7cf8aa4f6dbd97f326f018ac9aa79d10694107048b089d4240fbdae1c10f1b2d5729883bb52edc5c1c55285d7836aea77f68de588bc47cc69c3ad3c1d0b6dc506429fefcc56455d9394ccd6fce5a09312b1e9d88d339e50905a8bbde85672738ca9e88c8bb96c954886aca8fb30d221a46c32c62171944e8d06bc004caeff088402136a96a4b3fc4ba417e449738e0c6b8c50a31bc4ea63e924e2667b59ac5ff38db66f06749f1b2f0b0eb88e575fd70532633c12de17a8b0ee09a8416c2f9e7b89b9bb2f843f8f0282c2c4898c2c7ee6d32a2630edf8845710d8c5f0a108a87c240212b2fb57db6eb37d31777041cc67aa751bef39067d2b968e8abc5e9c7e9fc22a44f32a299428ae6ae832ce131e07fd6d2ceadae89e6ec9846feceecdf659c3c4de17a07fd02aca4d728895c25a171ab1c6d80f90ef834b4d00dc90508cef7b8e44ef7a551adc3d6eed989ba481caf486539dde7ae46d39088d0ad8e7c36b783ad236b2d53d8b7ef97fad8f1f2c7aad13ac83de1ccbb8742be02ade74a2ea8161eb134e8183abefc7f857bebcef313fb255ff9b1577115f4d99ee4f20377e15d0d4348548b05d9f145f04f2a205120174ae8a9b3415dd5305167f99a346c7e1e030ac76d76edab1c99eb36a71d7642ebbc7a14505cc365d76781af1dedbf68461dfd2666a793fdcf3565f6f41cbe12bc1089cdb32b4a803522bead7e1592f25c5ffdb90b05d00f60dea1fb940c6b1a575a590826fd483c8e6a5241ecb3b22ea90c8c28a31868be8a45ea347aa4066070ea45d16cb9e4de23818b824b1633e95d9c5c38e6b8ebcfe8d799815315637302902ba39083ca4b972bcf994ab7c5054987c2e765dad546fc3d23783a9ed587ce98282c087fa4d482d168f9f41f49f1231cfff70a3dd900bfa026395c9ec987766e9a85a1aea47582be404c483c232d02e7eab45f9a80cde364a7f8ee232e967ee5d07d3d6d80ae85cfcb576662faffb8dff68f7307c9c8afc004752bb48b2faa801a241c4647497b1164db372f6da7899526c554150704e42bfeba9fe496846277da3bdc9549e22436fb00bce3458989bc77c3bf762bfb7bce1834aafe78b9362d7def238614c099f4e574e57bc4f6a60a429cf127257468d6f32509db10e4d11c0b6bb0f889664ae9400acef2664681ac1a0b5f13a51ca13af89f9f1180eb3b0c8ffca0c96244a8949d83594d11962741c2de3cd31ea0fa2a48b0cb2b279bd8183561715cb76d8deafc0057a03b01c5a00220290b1c49bbbb5ac52fa590f50d809de8f602728de0bd693b421b86726bc5664fe75f628b546c480a9454eb6b824cc5c262966e1156b402266514eab233a2410dd11615604680a8bd4a3e0ddc2a710dd84c2e9f0c76a26debbf4a5c914e6bb4f23c570533b8f09d509a3a4358ccd99ed81cd53b0bee7300f0ce07c5f381a5c03ec6d27f3b28147625210e135cc472662b050d5b5c5ce3b7a279176c86bc30f4db560131215a852b8c926bbeb0b3201ea2e9c48d0cdbea761102c93366f2ce42721354e658aba0e034177d1522670b69cd2699a3da4f6fe876b52203ed3b28b58af280c8c3134a80318fb45768e07059f9cb751f9d0b4c6c35647d59d0a86440d879ea1b41a3682f76a45e00bbfc1b817eea0dd93fcb473da5db538efe9169c98491d1c25b557a4ecc50b59e89029768f6c3a19b09b723f582b2595a34f355343bad37dd5a5e7a3c4cb54aacb95a5bce497d75ea9831bf7aacdc942f30e91a681816253f4ebcacdbba8a78d1d30fe8f15690e0dc97f2094cd59ccd575640b79dee629d931e60866bff23fc9e44d96222fd9c5781050af37bdc882bfdcc3ccaf1d932dec5fb1c5158d35704471706d6551121ad5aac42bf5062abf0034845d9e572b7e0d97128da9505f5a95da5eedd0a1f176d371a8f96a19d275d069edeeedf294352952f98579493652deb4a1aa917e911174152b808bf75ad44bb0d63331d4b10e0f978740e71661085522afca3c001c10340563ae372fe691aa482580616d0928f2a8a7ac3e6dcc76c3eb9fb11566a5df4267afff2fd9809624bc5dad56595c9d25295240fe4b0ade9f5325d28c6b58864a55b455a8a83ecf05c62596c8be75499bfa6539c749a427d993cc177035e2a98a3100c15d82dd600eb3d987628d8a6036c30f43a03d12a7828e9930689f074d0bee9c262acd1140ebec1f72a7ff403a1b7d785b3b0c61a95f8283d3aa34e07c1eb4cad8a4d082db3a58582bbc8917836e113acd01ffa9cff58d011d4b20247e2fcb7e439cb631dcb9cdf5baf0bc0f186a86f3ef5bbd2ab3aa9db114519d426aeaee2035ffa1daad1a4a77b0f847dfa42389bd7e38541d16bf57e3d81d5f71fadedc562ea1f743f43fc54f93f25e356b75bfc071b278a7b7e4d1b9db1d34d7a366979fa534a9c0edb4979e2b0ac58eb16c739b570248d5c60cb3c3624cf211ad97f5dd18045492e07ba9d969df1309f93a648c374c13ee1edac488ddadb6", @typed={0x14, 0x81, 0x0, 0x0, @ipv6=@private2}, @generic="ae228d36489fdd5016cfc8a410d1364e9ccc63a84bd1c3ec7322738423b1d640ebf621bb0b8092db563fd79fe49f986f0508d5a39c6d1429552b963371097e97944c780ff86a57e7412697244ced31ce9a5acc7e4459987bfc324afdb015d4e5028ef5fac1076417eac9818828ba352aad243fea8f6e696131e4ca2fca9cb435c335111e1f8bb7dd010b61b44fe7b5b38563141e4b44b5812f49de7e91f069007e0152d8", @typed={0x8, 0x1f, 0x0, 0x0, @fd}, @generic="da85d9412c69563cdb8d13088ee10fd4fbb5289846513d422697d925535d8bb7cc6a174b833d9355b3efd3ead0", @generic="614c3eb1a9e95c797d0a2311e487b40403ea49c1efe27e95785eafb1d27ff51dc08ffddbab7d7ae90cc6cf3edc94c947c21c6f4a93b37941dbd470f98013e55ee209713d0b6ca509f26d076ba9c28982170f3298026dbfe7e42db01c772d1ad3b56c33006b78dab975e587f6e465bc5fcd17975532b6623490e58d4b027eb2fe1b662395674d56d49485cad63997e92108df9f411cad9809a4573b81f2f6207594aadd689a148ed88b5f5959adf1ca3544906fba3fa2f8523c86365baeed75d41f6411e782632c64d0840de13d552e48d107a941aaa59d20c77c63d4be432518100acbcae462c97f90bd0a504da6df73edf6cd125249944f96361103", @typed={0x8, 0x13, 0x0, 0x0, @u32=0x8}]}, @typed={0x14, 0xa, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, [], 0x1, 0x0}}, @nested={0xc, 0xa, 0x0, 0x1, [@typed={0x8, 0x39, 0x0, 0x0, @pid=r6}]}, @typed={0x14, 0x18, 0x0, 0x0, @ipv6=@loopback}]}, 0x1410}], 0x3, 0x0, 0x0, 0x4000}, 0x20044004) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:28 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockname$llc(r1, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6119}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x224501, 0x0) 04:28:28 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:28:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SOUND_MIXER_INFO(r2, 0x805c4d65, &(0x7f0000000140)) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000000206010100000500040000000000090002000500050000008074ed1240479e61220d002000686173683a6d616300"/69], 0x54}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r6, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10) r7 = dup3(r6, r5, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x17) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x70, &(0x7f0000000080)=@sack_info={r8}, &(0x7f0000002000)=0xc) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f00000001c0)={r8, 0xc4, "80567c753712d9d8b8fbe503cf5d2c4a109e0a2838d423b355f0c77f955494ab1a8ac71f8158cc12ebef3a2b471cadf664490f4e70c968da53e8cf366b394a041cb902c1e8d11e53875f5c61ccd715ee83444b42250244e8ddf202443754dffe15896b6ade341dd84b7a86d948c196026f28c0b7d25d6a383aff3b32789d9dfe32006da176d92a4f63a1ab2af2b9a35a29071e39636b8a33b6130e77e514f2e794080b0f77f21f97ac6a4d562013b65b1c7f8fb2596264ac0045517df0fb0bb706f06126"}, &(0x7f0000000080)=0xcc) [ 1186.302931] ? __mutex_lock+0x360/0x1310 [ 1186.307020] ? __find_set_type_get+0x360/0x360 [ 1186.311609] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1186.315879] netlink_rcv_skb+0x125/0x390 [ 1186.319954] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1186.324982] ? netlink_ack+0x9a0/0x9a0 [ 1186.328884] ? ns_capable_common+0x127/0x150 [ 1186.333327] nfnetlink_rcv+0x1ab/0x1da0 [ 1186.337332] ? __dev_queue_xmit+0xcd6/0x2480 [ 1186.341753] ? check_preemption_disabled+0x35/0x240 [ 1186.346771] ? perf_trace_lock+0xf7/0x490 [ 1186.350926] ? perf_trace_lock_acquire+0x510/0x510 [ 1186.355859] ? nfnetlink_bind+0x240/0x240 [ 1186.360075] ? netlink_deliver_tap+0x90/0x7d0 [ 1186.364593] ? lock_downgrade+0x740/0x740 [ 1186.368755] netlink_unicast+0x437/0x610 [ 1186.372829] ? netlink_sendskb+0xd0/0xd0 [ 1186.376891] netlink_sendmsg+0x62e/0xb80 [ 1186.380949] ? nlmsg_notify+0x170/0x170 [ 1186.384980] ? kernel_recvmsg+0x210/0x210 [ 1186.389126] ? security_socket_sendmsg+0x83/0xb0 [ 1186.393875] ? nlmsg_notify+0x170/0x170 [ 1186.397840] sock_sendmsg+0xb5/0x100 [ 1186.401541] ___sys_sendmsg+0x6c8/0x800 [ 1186.405503] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1186.411289] ? __lock_acquire+0x5fc/0x3f20 [ 1186.415543] ? perf_trace_lock_acquire+0x510/0x510 [ 1186.420915] ? do_futex+0x12b/0x1930 [ 1186.424989] ? check_preemption_disabled+0x35/0x240 [ 1186.430005] ? __fget+0x1fe/0x360 [ 1186.433604] ? lock_acquire+0x170/0x3f0 [ 1186.437583] ? lock_downgrade+0x740/0x740 [ 1186.441729] ? __fget+0x225/0x360 [ 1186.445207] ? __fdget+0x196/0x1f0 [ 1186.448740] ? sockfd_lookup_light+0xb2/0x160 [ 1186.453236] __sys_sendmsg+0xa3/0x120 [ 1186.457040] ? SyS_shutdown+0x160/0x160 [ 1186.461008] ? SyS_clock_gettime+0xf5/0x180 [ 1186.465322] ? SyS_clock_settime+0x1a0/0x1a0 [ 1186.469735] SyS_sendmsg+0x27/0x40 [ 1186.473261] ? __sys_sendmsg+0x120/0x120 [ 1186.477307] do_syscall_64+0x1d5/0x640 [ 1186.481207] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1186.486406] RIP: 0033:0x45d249 [ 1186.489581] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1186.497291] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 04:28:28 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockname$llc(r1, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1186.504556] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1186.511828] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1186.519076] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1186.526327] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1186.559540] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1186.591998] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1186.601893] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1186.607039] CPU: 1 PID: 6818 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1186.614831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1186.624191] Call Trace: [ 1186.626789] dump_stack+0x1b2/0x283 [ 1186.630431] warn_alloc.cold+0x96/0x1cc [ 1186.634414] ? check_preemption_disabled+0x35/0x240 [ 1186.639443] ? zone_watermark_ok_safe+0x220/0x220 [ 1186.644297] ? perf_trace_lock_acquire+0x510/0x510 [ 1186.649237] ? fs_reclaim_release+0xd0/0x110 [ 1186.653659] ? ip_set_alloc+0x47/0x60 [ 1186.657466] vzalloc+0x122/0x150 [ 1186.660832] ip_set_alloc+0x47/0x60 [ 1186.664459] hash_mac_create+0x36e/0x7c6 [ 1186.668518] ip_set_create+0x5f9/0xf30 [ 1186.672411] ? __find_set_type_get+0x360/0x360 [ 1186.676990] ? __mutex_lock+0x360/0x1310 [ 1186.681070] ? __find_set_type_get+0x360/0x360 [ 1186.685652] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1186.689907] netlink_rcv_skb+0x125/0x390 [ 1186.693965] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1186.698982] ? netlink_ack+0x9a0/0x9a0 [ 1186.703304] ? ns_capable_common+0x127/0x150 04:28:29 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) [ 1186.707714] nfnetlink_rcv+0x1ab/0x1da0 [ 1186.711683] ? __dev_queue_xmit+0xcd6/0x2480 [ 1186.716089] ? check_preemption_disabled+0x35/0x240 [ 1186.721107] ? perf_trace_lock+0xf7/0x490 [ 1186.725348] ? perf_trace_lock_acquire+0x510/0x510 [ 1186.730277] ? nfnetlink_bind+0x240/0x240 [ 1186.734425] ? netlink_deliver_tap+0x90/0x7d0 [ 1186.738919] ? lock_downgrade+0x740/0x740 [ 1186.743069] netlink_unicast+0x437/0x610 [ 1186.747136] ? netlink_sendskb+0xd0/0xd0 [ 1186.751286] netlink_sendmsg+0x62e/0xb80 [ 1186.755351] ? nlmsg_notify+0x170/0x170 [ 1186.759320] ? kernel_recvmsg+0x210/0x210 [ 1186.763472] ? security_socket_sendmsg+0x83/0xb0 [ 1186.768235] ? nlmsg_notify+0x170/0x170 [ 1186.772207] sock_sendmsg+0xb5/0x100 [ 1186.775918] ___sys_sendmsg+0x6c8/0x800 [ 1186.779897] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1186.784657] ? __lock_acquire+0x5fc/0x3f20 [ 1186.788926] ? perf_trace_lock_acquire+0x510/0x510 [ 1186.793868] ? do_futex+0x12b/0x1930 [ 1186.797582] ? check_preemption_disabled+0x35/0x240 [ 1186.802614] ? __fget+0x1fe/0x360 [ 1186.806078] ? lock_acquire+0x170/0x3f0 [ 1186.810057] ? lock_downgrade+0x740/0x740 [ 1186.814214] ? __fget+0x225/0x360 [ 1186.817677] ? __fdget+0x196/0x1f0 [ 1186.821218] ? sockfd_lookup_light+0xb2/0x160 [ 1186.825732] __sys_sendmsg+0xa3/0x120 [ 1186.829529] ? SyS_shutdown+0x160/0x160 [ 1186.833513] ? SyS_clock_gettime+0xf5/0x180 [ 1186.837832] ? SyS_clock_settime+0x1a0/0x1a0 [ 1186.842331] SyS_sendmsg+0x27/0x40 [ 1186.845862] ? __sys_sendmsg+0x120/0x120 [ 1186.849920] do_syscall_64+0x1d5/0x640 [ 1186.853825] entry_SYSCALL_64_after_hwframe+0x46/0xbb 04:28:29 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1186.859024] RIP: 0033:0x45d249 [ 1186.862214] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1186.869922] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1186.877194] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 1186.884458] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1186.891723] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1186.898986] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1186.915755] warn_alloc_show_mem: 1 callbacks suppressed [ 1186.915759] Mem-Info: [ 1186.933086] active_anon:233534 inactive_anon:6091 isolated_anon:0 [ 1186.933086] active_file:7393 inactive_file:32898 isolated_file:0 [ 1186.933086] unevictable:0 dirty:212 writeback:0 unstable:0 [ 1186.933086] slab_reclaimable:18467 slab_unreclaimable:134339 [ 1186.933086] mapped:62643 shmem:6280 pagetables:5915 bounce:0 [ 1186.933086] free:1089145 free_pcp:273 free_cma:0 [ 1186.973738] Node 0 active_anon:936248kB inactive_anon:24364kB active_file:29428kB inactive_file:131592kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250572kB dirty:848kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 890880kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1187.003449] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1187.029846] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1187.057231] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1187.062644] Node 0 DMA32 free:556100kB min:36272kB low:45340kB high:54408kB active_anon:936252kB inactive_anon:24364kB active_file:29428kB inactive_file:131592kB unevictable:0kB writepending:848kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14528kB pagetables:23716kB bounce:0kB free_pcp:1032kB local_pcp:548kB free_cma:0kB [ 1187.093496] lowmem_reserve[]: 0 0 0 0 0 [ 1187.097758] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1187.129133] lowmem_reserve[]: 0 0 0 0 0 [ 1187.134146] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1187.165649] lowmem_reserve[]: 0 0 0 0 0 [ 1187.172263] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1187.186842] Node 0 DMA32: 509*4kB (UME) 276*8kB (UME) 176*16kB (UME) 275*32kB (UME) 152*64kB (UME) 37*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 2*2048kB (UE) 123*4096kB (M) = 555892kB [ 1187.206424] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1187.218197] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1187.236555] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1187.246355] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1187.255963] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1187.265813] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1187.275350] 25520 total pagecache pages [ 1187.279482] 0 pages in swap cache [ 1187.284410] Swap cache stats: add 0, delete 0, find 0/0 [ 1187.289915] Free swap = 0kB [ 1187.294352] Total swap = 0kB [ 1187.297501] 1965979 pages RAM [ 1187.300699] 0 pages HighMem/MovableOnly [ 1187.307412] 339072 pages reserved [ 1187.312715] 0 pages cma reserved [ 1187.316280] syz-executor.3: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1187.330199] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1187.336494] CPU: 1 PID: 6821 Comm: syz-executor.3 Not tainted 4.14.193-syzkaller #0 [ 1187.344307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1187.353685] Call Trace: [ 1187.356287] dump_stack+0x1b2/0x283 [ 1187.359920] warn_alloc.cold+0x96/0x1cc [ 1187.363899] ? check_preemption_disabled+0x35/0x240 [ 1187.368917] ? zone_watermark_ok_safe+0x220/0x220 [ 1187.373760] ? perf_trace_lock_acquire+0x510/0x510 [ 1187.378690] ? fs_reclaim_release+0xd0/0x110 [ 1187.383112] ? ip_set_alloc+0x47/0x60 [ 1187.386918] vzalloc+0x122/0x150 [ 1187.390294] ip_set_alloc+0x47/0x60 [ 1187.393935] hash_mac_create+0x36e/0x7c6 [ 1187.398003] ip_set_create+0x5f9/0xf30 [ 1187.401895] ? __find_set_type_get+0x360/0x360 [ 1187.406472] ? __mutex_lock+0x360/0x1310 [ 1187.410563] ? __find_set_type_get+0x360/0x360 [ 1187.415164] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1187.419416] ? lock_downgrade+0x740/0x740 [ 1187.423581] netlink_rcv_skb+0x125/0x390 [ 1187.427647] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1187.432673] ? netlink_ack+0x9a0/0x9a0 [ 1187.436599] ? ns_capable_common+0x127/0x150 [ 1187.441009] nfnetlink_rcv+0x1ab/0x1da0 [ 1187.444982] ? do_syscall_64+0x1d5/0x640 [ 1187.449050] ? check_preemption_disabled+0x35/0x240 [ 1187.454071] ? check_preemption_disabled+0x35/0x240 [ 1187.459097] ? perf_trace_lock+0xf7/0x490 [ 1187.463249] ? perf_trace_lock_acquire+0x510/0x510 [ 1187.468266] ? nfnetlink_bind+0x240/0x240 [ 1187.472412] ? netlink_table_grab.part.0+0x1f0/0x1f0 [ 1187.477514] ? netlink_deliver_tap+0x90/0x7d0 [ 1187.482063] ? lock_downgrade+0x740/0x740 [ 1187.486214] netlink_unicast+0x437/0x610 [ 1187.490275] ? netlink_sendskb+0xd0/0xd0 [ 1187.494348] netlink_sendmsg+0x62e/0xb80 [ 1187.500289] ? nlmsg_notify+0x170/0x170 [ 1187.504348] ? kernel_recvmsg+0x210/0x210 [ 1187.508543] ? security_socket_sendmsg+0x83/0xb0 [ 1187.513298] ? nlmsg_notify+0x170/0x170 [ 1187.517275] sock_sendmsg+0xb5/0x100 [ 1187.520996] ___sys_sendmsg+0x6c8/0x800 [ 1187.524971] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1187.529742] ? __lock_acquire+0x5fc/0x3f20 [ 1187.533978] ? perf_trace_lock_acquire+0x510/0x510 [ 1187.538993] ? do_futex+0x12b/0x1930 [ 1187.542808] ? check_preemption_disabled+0x35/0x240 [ 1187.547844] ? __fget+0x1fe/0x360 [ 1187.551310] ? lock_acquire+0x170/0x3f0 [ 1187.555286] ? lock_downgrade+0x740/0x740 [ 1187.559438] ? __fget+0x225/0x360 [ 1187.562893] ? __fdget+0x196/0x1f0 [ 1187.566429] ? sockfd_lookup_light+0xb2/0x160 [ 1187.570920] __sys_sendmsg+0xa3/0x120 [ 1187.574713] ? SyS_shutdown+0x160/0x160 [ 1187.578781] ? SyS_clock_gettime+0xf5/0x180 [ 1187.583109] ? SyS_clock_settime+0x1a0/0x1a0 [ 1187.587519] SyS_sendmsg+0x27/0x40 [ 1187.591052] ? __sys_sendmsg+0x120/0x120 [ 1187.595115] do_syscall_64+0x1d5/0x640 [ 1187.599007] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1187.604189] RIP: 0033:0x45d249 [ 1187.607369] RSP: 002b:00007f5110811c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 04:28:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockname$llc(r1, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1187.615075] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1187.622344] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1187.629611] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1187.636880] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1187.644145] R13: 00007fffed97491f R14: 00007f51108129c0 R15: 000000000118cf4c [ 1187.663207] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1187.696831] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1187.722908] CPU: 0 PID: 6831 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1187.730753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1187.740110] Call Trace: [ 1187.742708] dump_stack+0x1b2/0x283 [ 1187.746357] warn_alloc.cold+0x96/0x1cc [ 1187.750346] ? check_preemption_disabled+0x35/0x240 [ 1187.755362] ? zone_watermark_ok_safe+0x220/0x220 [ 1187.760214] ? perf_trace_lock_acquire+0x510/0x510 [ 1187.765244] ? fs_reclaim_release+0xd0/0x110 04:28:30 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a310000000005000100060000000500078008001240479e61390d000300686173683a6d616300"/84], 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$cgroup_ro(r3, &(0x7f0000000140)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$IPSET_CMD_RENAME(r4, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x20, 0x5, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0xa}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8045}, 0x8005) r5 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$NFNL_MSG_CTHELPER_DEL(r5, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="60000000020903000000000000000000070000090e0004800800014000000008090001007379107f00000000080005400000000c0c000480080001400000000208000340000004000c000480080801400000797a85ce8d7a0000000000000000249c2cf0b8a1579f68d73b73327b79e765e8e742e99a8090245c6fb9ec835bde9c31786956651cdfea63468e5a72935c448b7c8ca87addb5709fbf3d4e5aaab41390329754f8d9c58d3ff2fc0f7b8892314606aeb024837d4bc6014bcf0ac743c972ca8412129672be633ff313db15a69fdf3bb168529394675a36d2bbb4b4f1d8e2a115af012763a81523432f524a911cbbe7b802024055c9e85809d23fb135c706045ce656b1269a8419873eb8d6d2e553cd"], 0x60}, 0x1, 0x0, 0x0, 0xc00}, 0x800) 04:28:30 executing program 0: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$bt_l2cap_L2CAP_CONNINFO(r4, 0x6, 0x2, &(0x7f00000002c0), &(0x7f0000000300)=0x6) r5 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$bt_BT_FLUSHABLE(r5, 0x112, 0x8, &(0x7f0000000280)=0x400, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r6 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000340), 0x4) setsockopt$sock_attach_bpf(r6, 0x29, 0x15, &(0x7f0000000000), 0x4) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x60, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRESHEX=r6], 0x54}}, 0x0) r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000240)={'hsr0\x00', @local}) r8 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x20400, 0x76) sendmsg$IPSET_CMD_GET_BYNAME(r8, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0xe, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}}, 0x20000884) [ 1187.769668] ? ip_set_alloc+0x47/0x60 [ 1187.773483] vzalloc+0x122/0x150 [ 1187.776862] ip_set_alloc+0x47/0x60 [ 1187.780500] hash_mac_create+0x36e/0x7c6 [ 1187.784566] ip_set_create+0x5f9/0xf30 [ 1187.788461] ? __find_set_type_get+0x360/0x360 [ 1187.793044] ? __mutex_lock+0x360/0x1310 [ 1187.797124] ? __find_set_type_get+0x360/0x360 [ 1187.801709] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1187.805972] netlink_rcv_skb+0x125/0x390 [ 1187.810041] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1187.815064] ? netlink_ack+0x9a0/0x9a0 [ 1187.818966] ? ns_capable_common+0x127/0x150 04:28:30 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000100)={0x30, 0x8, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x1) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0xa000, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a3100000000050001000000000005000500000000000c00078008001240479e61390d000300686173683a6d6163000000004512f0db990e294b6905b2e4e9bd0bbcd75e9c9764f1dbf3a001c6fa2291ae6c632888d2b95d560cfc81a949d71b21150e4ea2c9d98eb57d1e99ebd47e2779c5316e58c842afe8d96464ffbadb05e1d59de99a1af764b4f7ab1a4aec822d5974e8d4543837f60eca92"], 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10) r5 = dup3(r4, r3, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x17) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x70, &(0x7f0000000080)=@sack_info={r6}, &(0x7f0000002000)=0xc) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000280)={r6, 0x6}, &(0x7f00000002c0)=0x8) ioctl$FIOCLEX(r1, 0x5451) [ 1187.823643] nfnetlink_rcv+0x1ab/0x1da0 [ 1187.827619] ? __dev_queue_xmit+0xcd6/0x2480 [ 1187.832038] ? check_preemption_disabled+0x35/0x240 [ 1187.837067] ? perf_trace_lock+0xf7/0x490 [ 1187.841223] ? perf_trace_lock_acquire+0x510/0x510 [ 1187.846159] ? nfnetlink_bind+0x240/0x240 [ 1187.850316] ? netlink_deliver_tap+0x90/0x7d0 [ 1187.854826] ? lock_downgrade+0x740/0x740 [ 1187.858987] netlink_unicast+0x437/0x610 [ 1187.863152] ? netlink_sendskb+0xd0/0xd0 [ 1187.867232] netlink_sendmsg+0x62e/0xb80 [ 1187.871302] ? nlmsg_notify+0x170/0x170 [ 1187.875278] ? kernel_recvmsg+0x210/0x210 [ 1187.879438] ? security_socket_sendmsg+0x83/0xb0 [ 1187.884201] ? nlmsg_notify+0x170/0x170 [ 1187.888182] sock_sendmsg+0xb5/0x100 [ 1187.891892] ___sys_sendmsg+0x6c8/0x800 [ 1187.895855] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1187.900747] ? __lock_acquire+0x5fc/0x3f20 [ 1187.904975] ? perf_trace_lock_acquire+0x510/0x510 [ 1187.909912] ? do_futex+0x12b/0x1930 [ 1187.913614] ? check_preemption_disabled+0x35/0x240 [ 1187.918624] ? __fget+0x1fe/0x360 [ 1187.922086] ? lock_acquire+0x170/0x3f0 [ 1187.926047] ? lock_downgrade+0x740/0x740 [ 1187.930252] ? __fget+0x225/0x360 [ 1187.933763] ? __fdget+0x196/0x1f0 [ 1187.937303] ? sockfd_lookup_light+0xb2/0x160 [ 1187.941804] __sys_sendmsg+0xa3/0x120 [ 1187.945588] ? SyS_shutdown+0x160/0x160 [ 1187.949659] ? SyS_clock_gettime+0xf5/0x180 [ 1187.953965] ? SyS_clock_settime+0x1a0/0x1a0 [ 1187.958356] SyS_sendmsg+0x27/0x40 [ 1187.961890] ? __sys_sendmsg+0x120/0x120 [ 1187.965940] do_syscall_64+0x1d5/0x640 [ 1187.969911] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1187.975088] RIP: 0033:0x45d249 [ 1187.978258] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1187.985963] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1187.993218] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1188.000473] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1188.007726] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1188.014984] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1188.023522] warn_alloc_show_mem: 1 callbacks suppressed [ 1188.023526] Mem-Info: [ 1188.031487] active_anon:234072 inactive_anon:6091 isolated_anon:0 [ 1188.031487] active_file:7393 inactive_file:32910 isolated_file:0 [ 1188.031487] unevictable:0 dirty:228 writeback:0 unstable:0 [ 1188.031487] slab_reclaimable:18467 slab_unreclaimable:134630 [ 1188.031487] mapped:62659 shmem:6280 pagetables:5912 bounce:0 [ 1188.031487] free:1088339 free_pcp:172 free_cma:0 [ 1188.065744] Node 0 active_anon:936288kB inactive_anon:24364kB active_file:29428kB inactive_file:131640kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250664kB dirty:932kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 894976kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1188.094720] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1188.120933] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1188.147244] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1188.152529] Node 0 DMA32 free:553332kB min:36272kB low:45340kB high:54408kB active_anon:936288kB inactive_anon:24364kB active_file:29428kB inactive_file:131640kB unevictable:0kB writepending:936kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14336kB pagetables:23648kB bounce:0kB free_pcp:1216kB local_pcp:528kB free_cma:0kB [ 1188.183637] lowmem_reserve[]: 0 0 0 0 0 [ 1188.187693] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1188.214777] lowmem_reserve[]: 0 0 0 0 0 [ 1188.218795] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1188.247268] lowmem_reserve[]: 0 0 0 0 0 [ 1188.251918] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1188.266499] Node 0 DMA32: 491*4kB (UE) 372*8kB (UME) 169*16kB (UME) 213*32kB (UME) 153*64kB (UME) 37*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 2*2048kB (UE) 123*4096kB (M) = 554556kB [ 1188.284784] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1188.296107] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1188.313476] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1188.322898] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1188.332100] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1188.341442] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1188.350058] 25540 total pagecache pages [ 1188.355026] 0 pages in swap cache [ 1188.358495] Swap cache stats: add 0, delete 0, find 0/0 [ 1188.364722] Free swap = 0kB [ 1188.367740] Total swap = 0kB [ 1188.371722] 1965979 pages RAM [ 1188.374832] 0 pages HighMem/MovableOnly [ 1188.378794] 339072 pages reserved [ 1188.383245] 0 pages cma reserved [ 1188.390968] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1188.405358] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1188.421206] CPU: 0 PID: 6823 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1188.429043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1188.438486] Call Trace: [ 1188.441074] dump_stack+0x1b2/0x283 [ 1188.444688] warn_alloc.cold+0x96/0x1cc [ 1188.448768] ? check_preemption_disabled+0x35/0x240 [ 1188.453771] ? zone_watermark_ok_safe+0x220/0x220 [ 1188.458594] ? perf_trace_lock_acquire+0x510/0x510 [ 1188.463519] ? fs_reclaim_release+0xd0/0x110 [ 1188.467909] ? ip_set_alloc+0x47/0x60 [ 1188.471701] vzalloc+0x122/0x150 [ 1188.475054] ip_set_alloc+0x47/0x60 [ 1188.478670] hash_mac_create+0x36e/0x7c6 [ 1188.482709] ip_set_create+0x5f9/0xf30 [ 1188.486589] ? __find_set_type_get+0x360/0x360 [ 1188.491147] ? __mutex_lock+0x360/0x1310 [ 1188.495197] ? __find_set_type_get+0x360/0x360 [ 1188.500044] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1188.504267] netlink_rcv_skb+0x125/0x390 [ 1188.508303] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1188.513308] ? netlink_ack+0x9a0/0x9a0 [ 1188.517177] ? ns_capable_common+0x127/0x150 [ 1188.521574] nfnetlink_rcv+0x1ab/0x1da0 [ 1188.525524] ? __dev_queue_xmit+0xcd6/0x2480 [ 1188.529947] ? check_preemption_disabled+0x35/0x240 [ 1188.534943] ? perf_trace_lock+0xf7/0x490 [ 1188.539080] ? perf_trace_lock_acquire+0x510/0x510 [ 1188.544099] ? nfnetlink_bind+0x240/0x240 [ 1188.548235] ? netlink_deliver_tap+0x90/0x7d0 [ 1188.552721] ? lock_downgrade+0x740/0x740 [ 1188.557025] netlink_unicast+0x437/0x610 [ 1188.561075] ? netlink_sendskb+0xd0/0xd0 [ 1188.565120] netlink_sendmsg+0x62e/0xb80 [ 1188.569160] ? nlmsg_notify+0x170/0x170 [ 1188.573135] ? kernel_recvmsg+0x210/0x210 [ 1188.577278] ? security_socket_sendmsg+0x83/0xb0 [ 1188.582114] ? nlmsg_notify+0x170/0x170 [ 1188.586293] sock_sendmsg+0xb5/0x100 [ 1188.589997] ___sys_sendmsg+0x6c8/0x800 [ 1188.593978] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1188.598710] ? __lock_acquire+0x5fc/0x3f20 [ 1188.602933] ? perf_trace_lock_acquire+0x510/0x510 [ 1188.607838] ? do_futex+0x12b/0x1930 [ 1188.611530] ? check_preemption_disabled+0x35/0x240 [ 1188.616528] ? __fget+0x1fe/0x360 [ 1188.619983] ? lock_acquire+0x170/0x3f0 [ 1188.623942] ? lock_downgrade+0x740/0x740 [ 1188.628069] ? __fget+0x225/0x360 [ 1188.631501] ? __fdget+0x196/0x1f0 [ 1188.635053] ? sockfd_lookup_light+0xb2/0x160 [ 1188.639523] __sys_sendmsg+0xa3/0x120 [ 1188.643304] ? SyS_shutdown+0x160/0x160 [ 1188.647271] ? SyS_clock_gettime+0xf5/0x180 [ 1188.651569] ? SyS_clock_settime+0x1a0/0x1a0 [ 1188.655953] SyS_sendmsg+0x27/0x40 [ 1188.659481] ? __sys_sendmsg+0x120/0x120 [ 1188.663538] do_syscall_64+0x1d5/0x640 [ 1188.667428] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1188.672606] RIP: 0033:0x45d249 [ 1188.675773] RSP: 002b:00007fe770c23c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1188.683470] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1188.690724] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 1188.697969] RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 [ 1188.705221] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec [ 1188.712479] R13: 00007fffec3adf2f R14: 00007fe770c249c0 R15: 000000000118cfec [ 1188.740952] syz-executor.3: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1188.767946] syz-executor.3 cpuset=/ mems_allowed=0-1 [ 1188.777827] CPU: 0 PID: 6842 Comm: syz-executor.3 Not tainted 4.14.193-syzkaller #0 [ 1188.785664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1188.795032] Call Trace: [ 1188.797603] dump_stack+0x1b2/0x283 [ 1188.801319] warn_alloc.cold+0x96/0x1cc [ 1188.805272] ? check_preemption_disabled+0x35/0x240 [ 1188.810275] ? zone_watermark_ok_safe+0x220/0x220 [ 1188.815098] ? perf_trace_lock_acquire+0x510/0x510 [ 1188.820008] ? fs_reclaim_release+0xd0/0x110 [ 1188.824401] ? ip_set_alloc+0x47/0x60 [ 1188.828268] vzalloc+0x122/0x150 [ 1188.831614] ip_set_alloc+0x47/0x60 [ 1188.835220] hash_mac_create+0x36e/0x7c6 [ 1188.839318] ip_set_create+0x5f9/0xf30 [ 1188.843189] ? __find_set_type_get+0x360/0x360 [ 1188.847832] ? __mutex_lock+0x360/0x1310 [ 1188.851918] ? __find_set_type_get+0x360/0x360 [ 1188.856576] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1188.861010] ? lock_downgrade+0x740/0x740 [ 1188.865232] netlink_rcv_skb+0x125/0x390 [ 1188.869476] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1188.874471] ? netlink_ack+0x9a0/0x9a0 [ 1188.878337] ? ns_capable_common+0x127/0x150 [ 1188.882726] nfnetlink_rcv+0x1ab/0x1da0 [ 1188.886675] ? do_syscall_64+0x1d5/0x640 [ 1188.890712] ? check_preemption_disabled+0x35/0x240 [ 1188.895706] ? check_preemption_disabled+0x35/0x240 [ 1188.900871] ? perf_trace_lock+0xf7/0x490 [ 1188.905061] ? perf_trace_lock_acquire+0x510/0x510 [ 1188.909969] ? nfnetlink_bind+0x240/0x240 [ 1188.914112] ? netlink_table_grab.part.0+0x1f0/0x1f0 [ 1188.919192] ? netlink_deliver_tap+0x90/0x7d0 [ 1188.923828] ? lock_downgrade+0x740/0x740 [ 1188.927967] netlink_unicast+0x437/0x610 [ 1188.932016] ? netlink_sendskb+0xd0/0xd0 [ 1188.936062] netlink_sendmsg+0x62e/0xb80 [ 1188.940174] ? nlmsg_notify+0x170/0x170 [ 1188.944126] ? kernel_recvmsg+0x210/0x210 [ 1188.948341] ? security_socket_sendmsg+0x83/0xb0 [ 1188.953159] ? nlmsg_notify+0x170/0x170 [ 1188.957111] sock_sendmsg+0xb5/0x100 [ 1188.960804] ___sys_sendmsg+0x6c8/0x800 [ 1188.964758] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1188.969505] ? __lock_acquire+0x5fc/0x3f20 [ 1188.973720] ? perf_trace_lock_acquire+0x510/0x510 [ 1188.978637] ? do_futex+0x12b/0x1930 [ 1188.982331] ? check_preemption_disabled+0x35/0x240 [ 1188.987350] ? __fget+0x1fe/0x360 [ 1188.990782] ? lock_acquire+0x170/0x3f0 [ 1188.994819] ? lock_downgrade+0x740/0x740 [ 1188.998956] ? __fget+0x225/0x360 [ 1189.002388] ? __fdget+0x196/0x1f0 [ 1189.005905] ? sockfd_lookup_light+0xb2/0x160 [ 1189.010375] __sys_sendmsg+0xa3/0x120 [ 1189.014153] ? SyS_shutdown+0x160/0x160 [ 1189.018110] ? SyS_clock_gettime+0xf5/0x180 [ 1189.022428] ? SyS_clock_settime+0x1a0/0x1a0 [ 1189.026814] SyS_sendmsg+0x27/0x40 [ 1189.030327] ? __sys_sendmsg+0x120/0x120 [ 1189.034376] do_syscall_64+0x1d5/0x640 [ 1189.038246] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1189.043410] RIP: 0033:0x45d249 [ 1189.046575] RSP: 002b:00007f5110811c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1189.054258] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1189.061532] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1189.068794] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1189.076141] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1189.083388] R13: 00007fffed97491f R14: 00007f51108129c0 R15: 000000000118cf4c [ 1189.091874] warn_alloc_show_mem: 1 callbacks suppressed [ 1189.091879] Mem-Info: [ 1189.099789] active_anon:232465 inactive_anon:6091 isolated_anon:0 [ 1189.099789] active_file:7393 inactive_file:32919 isolated_file:0 [ 1189.099789] unevictable:0 dirty:241 writeback:0 unstable:0 [ 1189.099789] slab_reclaimable:18467 slab_unreclaimable:134433 [ 1189.099789] mapped:62674 shmem:6280 pagetables:5828 bounce:0 [ 1189.099789] free:1090233 free_pcp:320 free_cma:0 [ 1189.134741] Node 0 active_anon:929860kB inactive_anon:24364kB active_file:29428kB inactive_file:131676kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250720kB dirty:984kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 888832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1189.167230] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1189.196142] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1189.223368] lowmem_reserve[]: 0 2557 2557 2557 2557 04:28:31 executing program 5: dup(0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) gettid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0x101040, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000440)={{0x1, 0x5, 0x400, 0x0, 'syz1\x00', 0x5}, 0x4, 0x40, 0x1000, r0, 0x2, 0x9, 'syz0\x00', &(0x7f0000000400)=['/-$\'}\\^[}*&^-.]{\x00', 'ethtool\x00'], 0x19, [], [0x207, 0xffff, 0x9, 0x48]}) read(r1, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f0000000a80)=ANY=[@ANYBLOB="2e8222ff4d823118bbcd0016938fbab522893d46472706a9a767af8508d5476053244be6dce906f5b4288e610e3b7476b64c63c243740d5db05a4d75628acedfbf9278f984e4430b3ee33d5a2059405b38e48bb8e281e08039e27a5f999bb5f3e04a2351091fb676225a70fa38297d0ac8ecc1f9201e034188ee054d7c1d29b8919dadd671b53ffd74ed76452b1ab0575cf3b877f8eef92cba08e2c602488a3d99c8c85e52cd97046d06935ded02035824109aa82010763dce86f2c9bd07049814a82a425175fed33bf7e5b6943400006a9aceb2cedfaaf277baccefb29de349281c46a345b69c3f35481722c57f39ce0c79fc60fc8896d57f5bee358cf0a3b6dab534fda8a8d90255e51f723b3f6a36ce9b645d3552121bb0aaf4d644a532daa4bab4b356f76cfedb8762d9715c6bc022c5c4a94306b798de8364b301abc5629c9a60729212aa414f0d303e4ebd64e8b5d895ae242e15fb6c2992d7711e832f9bd76bef91b6c157a0a7707e6cf4b405c695", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe8000000000000000be78d65d2175e91cff0131750000000000002f08000500060000004000038005000800d0000000060007004e210000060004000800000014000600fe800000000000000000000000000029080001000000000008000100000000001c0003800800010002000000060007004e220000060007004e2000003c0002800800080002800080060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0x12c}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100)='ethtool\x00') sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000600)={0x4c, r6, 0x8, 0x70bd2a, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_PKT_RATE_LOW={0x8, 0xd, 0x3}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0xfffff7d5}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x7}, @ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8, 0x12, 0x5d60}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5}, @ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8, 0x12, 0x9}, @ETHTOOL_A_COALESCE_TX_USECS_HIGH={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x20048004) ioctl$SIOCNRDECOBS(r4, 0x89e2) ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000005c0)) 04:28:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockname$llc(r1, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:31 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="54000000020601010000000000000000000000ee0400047fbb471bcb1d21df10bd39540dbd00000000000900020073797a3102000000050001000600000005000500000000000c00078008000100000000000000", @ANYRES64=r1, @ANYRES32=r0], 0x54}}, 0x0) [ 1189.228529] Node 0 DMA32 free:560904kB min:36272kB low:45340kB high:54408kB active_anon:929860kB inactive_anon:24364kB active_file:29428kB inactive_file:131676kB unevictable:0kB writepending:984kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14176kB pagetables:23312kB bounce:0kB free_pcp:1268kB local_pcp:632kB free_cma:0kB [ 1189.258874] lowmem_reserve[]: 0 0 0 0 0 [ 1189.262954] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1189.288728] lowmem_reserve[]: 0 0 0 0 0 04:28:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockname$llc(r1, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1189.300547] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1189.315000] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1189.338483] lowmem_reserve[]: 0 0 0 0 0 04:28:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockname$llc(r1, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000140)=0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1189.342780] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1189.362976] Node 0 DMA32: 542*4kB (UME) 207*8kB (UME) 215*16kB (UME) 215*32kB (UME) 156*64kB (UME) 37*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 123*4096kB (M) = 556480kB 04:28:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1189.397392] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1189.423909] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1189.445384] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1189.461133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1189.481701] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 04:28:31 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "c5f29d7b89c63f6018cf53591bdf91e0a0a3b9"}) [ 1189.495935] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1189.505908] 25552 total pagecache pages [ 1189.510078] 0 pages in swap cache [ 1189.515464] Swap cache stats: add 0, delete 0, find 0/0 [ 1189.521480] Free swap = 0kB [ 1189.524588] Total swap = 0kB [ 1189.527614] 1965979 pages RAM [ 1189.532127] 0 pages HighMem/MovableOnly [ 1189.536103] 339072 pages reserved [ 1189.539538] 0 pages cma reserved 04:28:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffff2, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000000206010100000000000000000000000100000000000000000900020073797a3100000000050001000600000005080000000000000c00078008001240479e6139ffffffff000000000000616300000000"], 0x54}}, 0x40) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x5, 0x2000) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e24, 0xffffffff, @loopback, 0x5}, 0x1c) 04:28:31 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1189.545801] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1189.585784] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1189.600306] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1189.616059] CPU: 1 PID: 6880 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1189.623893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1189.633241] Call Trace: [ 1189.635822] dump_stack+0x1b2/0x283 [ 1189.639434] warn_alloc.cold+0x96/0x1cc [ 1189.643389] ? check_preemption_disabled+0x35/0x240 [ 1189.648399] ? zone_watermark_ok_safe+0x220/0x220 [ 1189.653239] ? perf_trace_lock_acquire+0x510/0x510 [ 1189.658167] ? fs_reclaim_release+0xd0/0x110 [ 1189.662564] ? ip_set_alloc+0x47/0x60 [ 1189.666346] vzalloc+0x122/0x150 [ 1189.669693] ip_set_alloc+0x47/0x60 [ 1189.673316] hash_mac_create+0x36e/0x7c6 [ 1189.677445] ip_set_create+0x5f9/0xf30 [ 1189.681316] ? __find_set_type_get+0x360/0x360 [ 1189.685878] ? __mutex_lock+0x360/0x1310 [ 1189.689933] ? __find_set_type_get+0x360/0x360 [ 1189.694497] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1189.698728] netlink_rcv_skb+0x125/0x390 [ 1189.702769] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1189.707869] ? netlink_ack+0x9a0/0x9a0 [ 1189.711740] ? ns_capable_common+0x127/0x150 [ 1189.716130] nfnetlink_rcv+0x1ab/0x1da0 [ 1189.720083] ? __dev_queue_xmit+0xcd6/0x2480 [ 1189.724480] ? check_preemption_disabled+0x35/0x240 [ 1189.729490] ? perf_trace_lock+0xf7/0x490 [ 1189.733619] ? perf_trace_lock_acquire+0x510/0x510 [ 1189.738531] ? nfnetlink_bind+0x240/0x240 [ 1189.742676] ? netlink_deliver_tap+0x90/0x7d0 [ 1189.747153] ? lock_downgrade+0x740/0x740 [ 1189.751284] netlink_unicast+0x437/0x610 [ 1189.755328] ? netlink_sendskb+0xd0/0xd0 [ 1189.759719] netlink_sendmsg+0x62e/0xb80 [ 1189.763767] ? nlmsg_notify+0x170/0x170 [ 1189.767722] ? kernel_recvmsg+0x210/0x210 [ 1189.771865] ? security_socket_sendmsg+0x83/0xb0 [ 1189.776598] ? nlmsg_notify+0x170/0x170 [ 1189.780560] sock_sendmsg+0xb5/0x100 [ 1189.784264] ___sys_sendmsg+0x6c8/0x800 [ 1189.788223] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1189.792959] ? __lock_acquire+0x5fc/0x3f20 [ 1189.797175] ? perf_trace_lock_acquire+0x510/0x510 [ 1189.802091] ? do_futex+0x12b/0x1930 [ 1189.805787] ? check_preemption_disabled+0x35/0x240 [ 1189.810792] ? __fget+0x1fe/0x360 [ 1189.814226] ? lock_acquire+0x170/0x3f0 [ 1189.818193] ? lock_downgrade+0x740/0x740 [ 1189.822342] ? __fget+0x225/0x360 [ 1189.825787] ? __fdget+0x196/0x1f0 [ 1189.829308] ? sockfd_lookup_light+0xb2/0x160 [ 1189.833785] __sys_sendmsg+0xa3/0x120 [ 1189.837568] ? SyS_shutdown+0x160/0x160 [ 1189.841534] ? SyS_clock_gettime+0xf5/0x180 [ 1189.845844] ? SyS_clock_settime+0x1a0/0x1a0 [ 1189.850232] SyS_sendmsg+0x27/0x40 [ 1189.853749] ? __sys_sendmsg+0x120/0x120 [ 1189.857803] do_syscall_64+0x1d5/0x640 [ 1189.861675] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1189.867284] RIP: 0033:0x45d249 [ 1189.870461] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1189.878164] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1189.885428] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1189.894762] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 04:28:32 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1189.902034] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1189.909293] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c 04:28:32 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="54000000020601010000000000000000000000000500040000000000090002007379010000000000050001000600000005000500000000000c00078008001240479e61390d000300686173683a6d61630000000007f50ab332cd4aa7ad0bebc762796d56605e67ba23e6f649d574732dbeb8f9d16f4f2eeb402fb78ba892f22cebad2fea1044c3e87f0201cec105e6a72791410ba2a458388c681ba9a8b0cda77a73524970644f2ac8b536d13be738642d6b86c147bdc18e02"], 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$P9_RSTAT(r4, &(0x7f0000000180)={0x52, 0x7d, 0x2, {0x0, 0x4b, 0x0, 0xffffe3d1, {0x2, 0x4}, 0x1000000, 0x80000000, 0xffff2b5a, 0x3f, 0x3, '&)$', 0x9, 'hash:mac\x00', 0x9, 'hash:mac\x00', 0x3, '}-}'}}, 0x52) utimensat(r2, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$sock_inet6_tcp_SIOCINQ(r6, 0x541b, &(0x7f00000000c0)) [ 1190.060291] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1190.077934] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1190.097909] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1190.108852] CPU: 0 PID: 6896 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1190.116687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1190.126041] Call Trace: [ 1190.128619] dump_stack+0x1b2/0x283 [ 1190.132229] warn_alloc.cold+0x96/0x1cc [ 1190.136184] ? check_preemption_disabled+0x35/0x240 [ 1190.141183] ? zone_watermark_ok_safe+0x220/0x220 [ 1190.146024] ? perf_trace_lock_acquire+0x510/0x510 [ 1190.150932] ? fs_reclaim_release+0xd0/0x110 [ 1190.155327] ? ip_set_alloc+0x47/0x60 [ 1190.159109] vzalloc+0x122/0x150 [ 1190.162455] ip_set_alloc+0x47/0x60 [ 1190.166079] hash_mac_create+0x36e/0x7c6 [ 1190.170127] ip_set_create+0x5f9/0xf30 [ 1190.174003] ? __find_set_type_get+0x360/0x360 [ 1190.178575] ? __mutex_lock+0x360/0x1310 [ 1190.182642] ? lock_downgrade+0x740/0x740 [ 1190.186782] ? __find_set_type_get+0x360/0x360 [ 1190.191357] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1190.195588] netlink_rcv_skb+0x125/0x390 [ 1190.199630] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1190.204646] ? netlink_ack+0x9a0/0x9a0 [ 1190.208515] ? ns_capable_common+0x127/0x150 [ 1190.212907] nfnetlink_rcv+0x1ab/0x1da0 [ 1190.216859] ? __dev_queue_xmit+0xcd6/0x2480 [ 1190.221270] ? check_preemption_disabled+0x35/0x240 [ 1190.226267] ? perf_trace_lock+0xf7/0x490 [ 1190.230488] ? perf_trace_lock_acquire+0x510/0x510 [ 1190.235415] ? nfnetlink_bind+0x240/0x240 [ 1190.239555] ? netlink_deliver_tap+0x90/0x7d0 [ 1190.244033] ? lock_downgrade+0x740/0x740 [ 1190.248162] netlink_unicast+0x437/0x610 [ 1190.252208] ? netlink_sendskb+0xd0/0xd0 [ 1190.256252] netlink_sendmsg+0x62e/0xb80 [ 1190.260306] ? nlmsg_notify+0x170/0x170 [ 1190.264259] ? kernel_recvmsg+0x210/0x210 [ 1190.268401] ? security_socket_sendmsg+0x83/0xb0 [ 1190.273153] ? nlmsg_notify+0x170/0x170 [ 1190.277723] sock_sendmsg+0xb5/0x100 [ 1190.281426] ___sys_sendmsg+0x6c8/0x800 [ 1190.285395] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1190.290231] ? __lock_acquire+0x5fc/0x3f20 [ 1190.294461] ? perf_trace_lock_acquire+0x510/0x510 [ 1190.299384] ? do_futex+0x12b/0x1930 [ 1190.303100] ? check_preemption_disabled+0x35/0x240 [ 1190.308103] ? __fget+0x1fe/0x360 [ 1190.311560] ? lock_acquire+0x170/0x3f0 [ 1190.315524] ? lock_downgrade+0x740/0x740 [ 1190.319677] ? __fget+0x225/0x360 [ 1190.323112] ? __fdget+0x196/0x1f0 [ 1190.326636] ? sockfd_lookup_light+0xb2/0x160 [ 1190.331114] __sys_sendmsg+0xa3/0x120 [ 1190.334895] ? SyS_shutdown+0x160/0x160 [ 1190.338857] ? SyS_clock_gettime+0xf5/0x180 [ 1190.343156] ? SyS_clock_settime+0x1a0/0x1a0 [ 1190.347642] SyS_sendmsg+0x27/0x40 [ 1190.351159] ? __sys_sendmsg+0x120/0x120 [ 1190.355200] do_syscall_64+0x1d5/0x640 [ 1190.359303] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1190.364506] RIP: 0033:0x45d249 [ 1190.367680] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1190.375384] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1190.382638] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1190.389890] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1190.397137] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1190.404385] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1190.459880] warn_alloc_show_mem: 1 callbacks suppressed [ 1190.459884] Mem-Info: [ 1190.480338] IPVS: ftp: loaded support on port[0] = 21 [ 1190.487890] active_anon:232466 inactive_anon:6091 isolated_anon:0 [ 1190.487890] active_file:7393 inactive_file:32935 isolated_file:0 [ 1190.487890] unevictable:0 dirty:255 writeback:0 unstable:0 [ 1190.487890] slab_reclaimable:18466 slab_unreclaimable:135232 [ 1190.487890] mapped:62713 shmem:6280 pagetables:5830 bounce:0 [ 1190.487890] free:1089357 free_pcp:317 free_cma:0 [ 1190.522650] Node 0 active_anon:929964kB inactive_anon:24364kB active_file:29428kB inactive_file:131740kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250952kB dirty:1020kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 892928kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1190.552612] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1190.578744] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1190.605151] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1190.610282] Node 0 DMA32 free:557972kB min:36272kB low:45340kB high:54408kB active_anon:929872kB inactive_anon:24364kB active_file:29428kB inactive_file:131744kB unevictable:0kB writepending:1028kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14304kB pagetables:23376kB bounce:0kB free_pcp:1260kB local_pcp:652kB free_cma:0kB [ 1190.640738] lowmem_reserve[]: 0 0 0 0 0 [ 1190.644862] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1190.670603] lowmem_reserve[]: 0 0 0 0 0 [ 1190.674711] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1190.703168] lowmem_reserve[]: 0 0 0 0 0 [ 1190.707272] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1190.721333] Node 0 DMA32: 640*4kB (UME) 235*8kB (UME) 163*16kB (UME) 128*32kB (UME) 155*64kB (UME) 38*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 5*2048kB (UME) 123*4096kB (M) = 557640kB [ 1190.739397] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1190.750418] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1190.767484] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1190.776448] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1190.785354] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1190.794331] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1190.803046] 25561 total pagecache pages [ 1190.807096] 0 pages in swap cache [ 1190.810910] Swap cache stats: add 0, delete 0, find 0/0 [ 1190.816345] Free swap = 0kB [ 1190.819415] Total swap = 0kB [ 1190.822550] 1965979 pages RAM [ 1190.825943] 0 pages HighMem/MovableOnly [ 1190.829978] 339072 pages reserved [ 1190.835100] 0 pages cma reserved [ 1190.840594] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. 04:28:34 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:34 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:34 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x4}, {0x0, 0x1}], 0x2, &(0x7f0000000040)) 04:28:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NFNL_MSG_COMPAT_GET(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x70, 0x0, 0xb, 0x201, 0x0, 0x0, {0x273aca6bb7a5cc41, 0x0, 0x7}, [@NFTA_COMPAT_NAME={0xd, 0x1, 'hash:mac\x00'}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_COMPAT_NAME={0x8, 0x1, '\xc1{\xa6\x00'}, @NFTA_COMPAT_TYPE={0x8}, @NFTA_COMPAT_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_COMPAT_NAME={0xd, 0x1, 'hash:mac\x00'}, @NFTA_COMPAT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x70}}, 0x2000c094) socket$nl_generic(0x10, 0x3, 0x10) 04:28:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000400000000000900020073797a31000000000500010006000000050005000000000013000300686173683a6e65742c696661636500000d000300686173683a6d616300000000834ab5f4e8c35922b227847c471ed843b12f67ec8a874724358e8fea653254dbbc9f5745033b15e23e0d305bf55916ecf3efd56f44feb7ced29d565ceb426b63fed21ceb8b3c7e1918529d59e8f6f2d4f8e7f15b0dcad1c6d1841ddb95fd8e49fba5d9007c72884eb5e059fc0c33f27d639270a86a401c188ff143480fdedbd9dc791af3f969be6975f6395fea0ace6a1b72c6dc9492595f0fe8063d044a2ff1dc9ee57a1b3c13ad1f00000058742053e698c4e5b2494104c1d84799f29bdd311a39f9f0087b1739e1524bf64050c5872fc426afd287888b1c26704929f4028d4c2c896080f37e9c4300"/336], 0x5c}}, 0x1) r1 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, 0x0, 0x0, r1) add_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000180)="2f2f5905eaab2ac4bc41fb8a4d610b7e71cabe7a338e830be1426a3859d722b61435913972b4a3a3882a18883ee57700d5747e993681a3dc1850ad5682c11a1b6ba1ea509267ce6c93e445ce7868ee51e0052ca88801a9a5e785c63010b3264ba7d8da88ef0d75db1e33799ec9798907c51a11fca4591d115b78c1a7ed0c46a3ee71cd5e81897aa60e333d9d1f716f78a7c7c33650ee3a3c44e00ba74a8332b6e2daf9c29a8ff954dda0bc4f5dc79c25029a78239d86a81fcd353d45199a90ac667d4253f65dc995006befb9a1fc241ba962d1c184293ddc77c3c35759d9a0ac8d88821cd03e5ac37ed7702fab5425c110eee76ee5719a906f813238e50c24882ca406f9b790e3deea537380c66f9da477374ea3c947e8b74bb9a212308acd9f57b0bc96f39257adf2648a5dc4a73ff06d23c98a4beae96e49c63be1a09ec0dd2f08437347ff1e94cea3328b17b5bfff0bf1bc1eecdd75c7ba8ba852baa5cc0d73d9b1e3e94324cff0300904d80f7ecfbe14a3e5d01c50462b8808c8fd21d3ba04be45f9c8594714a47147865ef148158b526fb5482ac8118a3a5d55a37fbeb13100a7af1572c373765b7a1355f1cd7604f9d6e317a1f7515980835fb62ded06ec302536cae155e1d0045d485d8e1ef5072581408c2427e8e99b8413432e66e1dfed81f28c8c63caaebf439f82cd2da21455a7373466a948338a567f2f55a17bf73b83e74aa2e0676eb44646e098adfdf464839e2fa8fa321b963fdf013f015fe4b3b50000df2e7464918885c8e7543b274d4cc1cfdb0096deef33b4ea4b7d23e7604f3457ca1a4253797510b79f492adf71f747511cf532e1983171b59789ef2f64f7a7c917a13109b516f5b3c5233ed73253e5716d4f05115a6962dcfac69205504d159974c0d971441047ad7522a92e83577b7b6c365f6552c8ca48790cb3b776a2021c16975cf6d009d6be91d09fb65da82fb1bf18abf83c8c8bc77b3c754ede82c6f18d7c1584d31f4dd84034b320fe2cc98fe8f3b05992ab4a55a4310c67d58302ca06ca361b2739a384b2a60da9a324d2e1c7c9a7aab9678e22b583107d0d1841c62dbb86e8efd9b347cb7aa4166f5e206ef2c1ad9dabf960e07044147b36b779fcf93efb9d0a4fe1db255aabc2b5743a293dbca63728e8e15e6993e1c3a96a1cff299e7e6d4e1ede09100c8d11cfce35a5f25a89c486b15b1ddc2775cee56aaed835fbe0855418f7e1533c01267d08c1eeb1ceeceaabc8467f81647bef94c84678c91a42699cb72e091ceb33b6ceda980083e209a0ac25b1e66d5251b172f79f7b9900040297dedf7f077817a573948fdf91de51e79e22c37b8b9e447868409273d58e08dc0241649b454afb89f1c453e241d4a89e8d9b1c6eacfb397165f8f423d7fd9821a1190a3b9dbabd5ed78acb2d93175571797ddc224363d80d50533945a43a3f0225cdbc7ff02b870954f12fe3be7e15076b4e90e035d167d43ba62902c4d492b1fbf457eefe664c39fc77449d24e12797211e930f41073a9943a801c68c086b657bc76aaf8c0ca7376ae09f83a972d108c3ce4d34aa8c04c895b718d7855ac93d0acd91f3cada1cd952849a57d3671676c5331a37e2b220b4dc7d08a11c25337e7331912dd4bc8bc83b559821785ff8319d51a27a873fd393060232621ac6368315bddd502f9832c2a9ba48bb71cbe19c3308947609f7a77b9c1a5da681c2e707fd94d5899fc97676cc4db2ffc3daa06345641e5f62d84f4bd6075ec7a31b45edaed4499190552abcc8e17360593662eaea6b61834851713301d9a6e2c5ef0e257a4f3b6df3e31a35b68004f95d50337b8eb19437bc6579668b1ae2bd60d303e826b926d014e8f26600053612f5742d245d454afc200bcd21bdff424b685bfd4fd0c5a345b64fb1debe168ac88f33b325cc09ea20329c89b54faca7cc3f305ac0e1761619af4ea27427b5250b9833f775376aae0238df555391cb819395ce0521c6a60f40918e75d52916a7455ec25d5b665590fac1b67f35335855c2c0f6cc47507c5ab3861451a2613ba724bda38abc3571dab978a567182d57927eb7515135b52be9e7b30a1d24845e090e746ead92d0441357ed1ab90a3f13c57b1905443d1b736e3a4a958f1e266f07e1a9adbbf21260bab6e4e1079db3685d0c615d39fac9c9eb68fb5ff6e5c891b938c017d7ac473ecbc70c375c827648f3d987662c36bdf34dda81b7ee6a2bdffd2491087190834227d3cc4d5a585ef5280d0f8d96cf3d6781e7b6de6aa4ab882dd563bdcc77cdace7e6a98e5c0131f85b2e03cf36d9f28888db4bbaa6dda77f8f654b5437c60f72574beb1622de1a51b7eadf2be5f2698f59ac69841852cad669a675bd65263f59b55148cc28b87e2add334ec927d823d1041c0669edea16d2dcfe3491ff8f159db0043f8bdde6597a122d7e86e1958ac665a493947fb99dc7af65e5cdc81769d063cc9ad3bffaa28cff2534a8ec21c46171e81379e3f45fd7343eda1136e18ebdedf57a1d29952058d221a7df30d1aff0b0e94f16a4b057fc23cfd842fa6d025d40f45fa2db930025373afba71ed5401dc86a9082ae28d02947b7b428c9719bdb52afb3d103c57289a6a040d6f52064ccd4b828f60a233ad15682447278803a9eebc93927126c7e526bf2c571e247c6081adacac3c3138236f1b97e364bc58a86bf4540c42132f8893cef394f3c5d7f36436b34de7c23e35063ad5f0d4f4238b38b7ab836a5d5510c21d101730d36ebe29f6ca0f9aae6cf08f26d6701eef3e20ef137b9901f3d96be9f1c2e8e52e1062cb75f53e2ff059c7f86ab6076fb19ff38c99d84e9e710851e5b4433eaee8ebd7910f55b0fa9e81149d25de792035376545b339e93af164db499f534a758865de871740acbc08bd0c87d8fc5329c654389a9288fb62ed108e97ada212a78b099ec45f3fe7dc75ff20934aca8a83aef195474b584498ced3b95a460bcf865e4e509169d4542ef2935796b504dfbc908801f83b89a2f93be8b97deb7df7d6c414a2507e629300ddafd388a2b099c1d2a8691cf271226463a5b7610781fab6d08b8d86140fd2f2f4c11f5adcef8abdfc0a0a7090fb98e36da180c5d733bf5dc8daaba9b415822db515e7ee2848fcdeadae3d3c948fafdfadcde2a37f53c9edae07c6be93df15f6dc6bc2524eb70665462535d77a27675c01a57536966d6456865a859e432219c3bb2e6eec4d10299112ee873ca58c183c82712ef7d20270f6b27257a71629c8c7dc5e929b3cd8733366e240dedb100e8b21905e3f6fb16a7c7262ca82e3dbd0e70cb99b74e60a8e941e181fcb9e0c6be786aebf12e685495cafe508b3c882f683eecc570d47f72f3daf3a2d3ff91ba6ed81082079a13307ecd78f83109d2cf3edfebbaaf67b6f9daeb6f9f8b19678904c40dff347285d228715d474efc60a9c14e1663a32dc4a1e91d08e40b87141200f5a1d6b796eda5eecc448d755f3106c4b170ac6e8ea1e5b476172c9584d5696a8e5aa4c971a7f57114b1e2fdae930cbe117c13d0e4b62c886364673bb029011391654ff9155d3aadc4d39896c9ac80f399a46abb00c8732688a11934d49c69c7728dbe08c0c5440fcffd1087df6b526c6a9730055ce42115034d3517b12af2bcc914838945e25bd9153d9adb6d4093ffee4e988c8e567112c0c65ef645b227a51ef5eaf5fc824b9778fe5b92f214ef70a689b3be4f16fb58e84053acbedb1bdf7f8ba15e650826ca7a38dc13480a5c7afaa9d8ff976045cce41002a25a9889fd0fe7d4358a88e0718b855be47e18e55164b61633e11b2e0d178ab1bc0481aa36af8aac0703e9bd06cd0212fba8cd57012a2a1a4107e4e96ef64d63112df9619a823d088a256e1f51f6c13c347cad0576448b922ef57a43129c9a43b225c1b952f86cf22349046199901c3dc87cae59315fa35bfdc80d09196e647ba1a6833ab7ceb1b1c82f3cbe50b4335bb5762cbf4519d00ca18c4f932fe9b3d0d9cfda694c4849c268fb9982fbf57fb81e54a38a60828639a774b648b03b689a127ee3b6541a46a202f2659cda7769204328674f625705e3afc6fe1c5cc5607225ebb398b898b97830de7626667f0ebbc40e5b6799a468b5542bec3c5d399f46c9c448f30f94008ccefaad070cf310b831df17a6f9c9a99f2395327121530c8215c445d65dbb50a8459c36b1f80c6716ee4433e9e82274fb808775dd97fa70d6118c633c2f11ac32b5543762b7e7ef7e6ce3fc3741853dec70411f490bc1954c569b06b2c98444c005b4c7a2b570e3e93f13ce820869", 0xbf0, r1) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) getsockopt$inet6_int(r2, 0x29, 0xce, &(0x7f0000000e40), &(0x7f0000000e80)=0x4) r3 = add_key$fscrypt_provisioning(&(0x7f0000000180)='fscrypt-provisioning\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000dc0)={0x1, 0x0, "ab6f456ef7d7fd8d9b6b8c555337f59b0218b80fcd36ea292ee5f35b81f454fb56209cdf1f7fc503322803639ff221af4b73dbe638c479430e11727f86912a7abd0cab5e6b83675030b8f98c471a714bb3e994"}, 0x5b, r1) keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f0000000240)={r3, 0x80, 0xe4}, &(0x7f0000000440)={'enc=', 'pkcs1', ' hash=', {'wp256-generic\x00'}}, &(0x7f00000004c0)="cf006a456d38d705ac5b84d6dbbc68ec73412d52383a8896b8cb8e598fa6e308541063b7905398c5379d43a7d4fc5b0c0d73e9b20bd6780aced2841b266717a61608a9d29969ea83b73b0523b1985b3a4ae789b346ea4dba3bce43803fb5108dd5fe60a9e349dc1140348c50ab1b87d72e7c6509563106502aeec041b8453957", &(0x7f0000000540)=""/228) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x140d, 0x4, 0x70bd2c, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x40000c4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) read$sequencer(r7, &(0x7f0000000d80)=""/11, 0xb) 04:28:34 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)={0x14c, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xc}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_DAEMON={0x60, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private0}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6tnl0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x81}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1={0xfc, 0x1, [], 0x1}}]}]}, 0x14c}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NFT_MSG_GETTABLE(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, 0x1, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}, 0x60}, 0x1, 0x0, 0x0, 0x44804}, 0xc880) 04:28:34 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='cpuset\x00') sendfile(r0, r1, 0x0, 0x800000080004109) 04:28:34 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1192.338134] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1192.367329] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1192.397912] CPU: 0 PID: 6938 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1192.405754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1192.415135] Call Trace: [ 1192.415154] dump_stack+0x1b2/0x283 [ 1192.415171] warn_alloc.cold+0x96/0x1cc [ 1192.415185] ? check_preemption_disabled+0x35/0x240 [ 1192.415196] ? zone_watermark_ok_safe+0x220/0x220 [ 1192.415211] ? perf_trace_lock_acquire+0x510/0x510 [ 1192.415221] ? fs_reclaim_release+0xd0/0x110 [ 1192.415241] ? ip_set_alloc+0x47/0x60 [ 1192.415253] vzalloc+0x122/0x150 [ 1192.415264] ip_set_alloc+0x47/0x60 [ 1192.415277] hash_mac_create+0x36e/0x7c6 [ 1192.415291] ip_set_create+0x5f9/0xf30 [ 1192.415307] ? __find_set_type_get+0x360/0x360 [ 1192.415315] ? __mutex_lock+0x360/0x1310 [ 1192.415345] ? lock_downgrade+0x740/0x740 [ 1192.415357] ? __find_set_type_get+0x360/0x360 [ 1192.415370] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1192.415402] netlink_rcv_skb+0x125/0x390 [ 1192.415413] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1192.415425] ? netlink_ack+0x9a0/0x9a0 [ 1192.415441] ? ns_capable_common+0x127/0x150 [ 1192.415454] nfnetlink_rcv+0x1ab/0x1da0 [ 1192.415463] ? __dev_queue_xmit+0xcd6/0x2480 [ 1192.415476] ? check_preemption_disabled+0x35/0x240 [ 1192.415488] ? perf_trace_lock+0xf7/0x490 [ 1192.415503] ? perf_trace_lock_acquire+0x510/0x510 [ 1192.415513] ? nfnetlink_bind+0x240/0x240 [ 1192.415525] ? netlink_deliver_tap+0x90/0x7d0 [ 1192.415540] ? lock_downgrade+0x740/0x740 [ 1192.415556] netlink_unicast+0x437/0x610 [ 1192.415569] ? netlink_sendskb+0xd0/0xd0 [ 1192.415585] netlink_sendmsg+0x62e/0xb80 [ 1192.415599] ? nlmsg_notify+0x170/0x170 [ 1192.415610] ? kernel_recvmsg+0x210/0x210 [ 1192.415624] ? security_socket_sendmsg+0x83/0xb0 [ 1192.415633] ? nlmsg_notify+0x170/0x170 [ 1192.415643] sock_sendmsg+0xb5/0x100 [ 1192.415655] ___sys_sendmsg+0x6c8/0x800 [ 1192.415667] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1192.415676] ? __lock_acquire+0x5fc/0x3f20 [ 1192.415689] ? perf_trace_lock_acquire+0x510/0x510 [ 1192.415699] ? do_futex+0x12b/0x1930 [ 1192.415708] ? check_preemption_disabled+0x35/0x240 [ 1192.415724] ? __fget+0x1fe/0x360 [ 1192.415737] ? lock_acquire+0x170/0x3f0 [ 1192.415747] ? lock_downgrade+0x740/0x740 [ 1192.415763] ? __fget+0x225/0x360 [ 1192.415778] ? __fdget+0x196/0x1f0 [ 1192.415788] ? sockfd_lookup_light+0xb2/0x160 [ 1192.415799] __sys_sendmsg+0xa3/0x120 [ 1192.415808] ? SyS_shutdown+0x160/0x160 [ 1192.415829] ? SyS_clock_gettime+0xf5/0x180 [ 1192.415840] ? SyS_clock_settime+0x1a0/0x1a0 [ 1192.415851] SyS_sendmsg+0x27/0x40 [ 1192.415859] ? __sys_sendmsg+0x120/0x120 [ 1192.415869] do_syscall_64+0x1d5/0x640 [ 1192.415887] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1192.415896] RIP: 0033:0x45d249 [ 1192.415901] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1192.415912] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1192.415918] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1192.415923] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1192.415929] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1192.415935] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1192.437180] Mem-Info: [ 1192.437204] active_anon:233525 inactive_anon:6091 isolated_anon:0 [ 1192.437204] active_file:7393 inactive_file:32943 isolated_file:0 [ 1192.437204] unevictable:0 dirty:266 writeback:0 unstable:0 [ 1192.437204] slab_reclaimable:18462 slab_unreclaimable:134372 [ 1192.437204] mapped:62700 shmem:6280 pagetables:5920 bounce:0 [ 1192.437204] free:1089110 free_pcp:107 free_cma:0 [ 1192.437222] Node 0 active_anon:934100kB inactive_anon:24364kB active_file:29428kB inactive_file:131772kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:250800kB dirty:1064kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 884736kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1192.437236] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1192.437240] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1192.437261] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1192.437285] Node 0 DMA32 free:556904kB min:36272kB low:45340kB high:54408kB active_anon:934100kB inactive_anon:24364kB active_file:29428kB inactive_file:131772kB unevictable:0kB writepending:1064kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14592kB pagetables:23680kB bounce:0kB free_pcp:428kB local_pcp:352kB free_cma:0kB [ 1192.437306] lowmem_reserve[]: 0 0 0 0 0 [ 1192.437329] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1192.437348] lowmem_reserve[]: 0 0 0 0 0 [ 1192.437370] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1192.437390] lowmem_reserve[]: 0 0 0 0 0 [ 1192.437412] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1192.437490] Node 0 DMA32: 540*4kB (UME) 653*8kB (UME) 197*16kB (UME) 124*32kB (ME) 154*64kB (UME) 38*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 123*4096kB (M) = 556840kB [ 1192.437579] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB 04:28:35 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:35 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:35 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000001b02020073797a3100000000050001000600000005000500000000000c00078008001240479e61390d000300784173683a6d616300000000"], 0x54}}, 0x0) [ 1192.437633] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1193.012581] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 04:28:35 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:35 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1193.012589] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1193.012596] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 04:28:35 executing program 1: ioctl$UI_SET_SNDBIT(0xffffffffffffffff, 0x4004556a, 0x6) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$KVM_SET_NR_MMU_PAGES(r2, 0xae44, 0x7fffffff) 04:28:35 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$IPSET_CMD_HEADER(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, 0xc, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1193.012602] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 04:28:35 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1193.012607] 25572 total pagecache pages [ 1193.012618] 0 pages in swap cache [ 1193.012623] Swap cache stats: add 0, delete 0, find 0/0 [ 1193.012627] Free swap = 0kB [ 1193.012631] Total swap = 0kB [ 1193.012638] 1965979 pages RAM [ 1193.012642] 0 pages HighMem/MovableOnly [ 1193.012646] 339072 pages reserved [ 1193.012649] 0 pages cma reserved [ 1193.012737] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1193.012765] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1193.012792] CPU: 1 PID: 6940 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1193.012799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1193.012803] Call Trace: [ 1193.012819] dump_stack+0x1b2/0x283 [ 1193.012837] warn_alloc.cold+0x96/0x1cc [ 1193.012850] ? check_preemption_disabled+0x35/0x240 [ 1193.012862] ? zone_watermark_ok_safe+0x220/0x220 [ 1193.012875] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.012886] ? fs_reclaim_release+0xd0/0x110 [ 1193.012907] ? ip_set_alloc+0x47/0x60 [ 1193.012921] vzalloc+0x122/0x150 [ 1193.012933] ip_set_alloc+0x47/0x60 [ 1193.012944] hash_mac_create+0x36e/0x7c6 [ 1193.012959] ip_set_create+0x5f9/0xf30 [ 1193.012974] ? __find_set_type_get+0x360/0x360 [ 1193.012984] ? __mutex_lock+0x360/0x1310 [ 1193.013018] ? __find_set_type_get+0x360/0x360 [ 1193.013031] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1193.013065] netlink_rcv_skb+0x125/0x390 [ 1193.013075] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1193.013096] ? netlink_ack+0x9a0/0x9a0 [ 1193.013114] ? ns_capable_common+0x127/0x150 [ 1193.013134] nfnetlink_rcv+0x1ab/0x1da0 [ 1193.013143] ? __dev_queue_xmit+0xcd6/0x2480 [ 1193.013156] ? check_preemption_disabled+0x35/0x240 [ 1193.013169] ? perf_trace_lock+0xf7/0x490 [ 1193.013184] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.013196] ? nfnetlink_bind+0x240/0x240 [ 1193.013208] ? netlink_deliver_tap+0x90/0x7d0 [ 1193.013224] ? lock_downgrade+0x740/0x740 [ 1193.013241] netlink_unicast+0x437/0x610 [ 1193.013255] ? netlink_sendskb+0xd0/0xd0 [ 1193.013271] netlink_sendmsg+0x62e/0xb80 [ 1193.013286] ? nlmsg_notify+0x170/0x170 [ 1193.013296] ? kernel_recvmsg+0x210/0x210 [ 1193.013310] ? security_socket_sendmsg+0x83/0xb0 [ 1193.013320] ? nlmsg_notify+0x170/0x170 [ 1193.013331] sock_sendmsg+0xb5/0x100 [ 1193.013344] ___sys_sendmsg+0x6c8/0x800 [ 1193.013358] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1193.013367] ? __lock_acquire+0x5fc/0x3f20 [ 1193.013381] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.013392] ? do_futex+0x12b/0x1930 [ 1193.013402] ? check_preemption_disabled+0x35/0x240 [ 1193.013417] ? __fget+0x1fe/0x360 [ 1193.013430] ? lock_acquire+0x170/0x3f0 [ 1193.013441] ? lock_downgrade+0x740/0x740 [ 1193.013457] ? __fget+0x225/0x360 [ 1193.013473] ? __fdget+0x196/0x1f0 [ 1193.013489] ? sockfd_lookup_light+0xb2/0x160 [ 1193.013501] __sys_sendmsg+0xa3/0x120 [ 1193.013510] ? SyS_shutdown+0x160/0x160 [ 1193.013532] ? SyS_clock_gettime+0xf5/0x180 [ 1193.013543] ? SyS_clock_settime+0x1a0/0x1a0 [ 1193.013554] SyS_sendmsg+0x27/0x40 [ 1193.013562] ? __sys_sendmsg+0x120/0x120 [ 1193.013573] do_syscall_64+0x1d5/0x640 [ 1193.013590] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1193.013599] RIP: 0033:0x45d249 [ 1193.013604] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1193.013616] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1193.013622] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1193.013628] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1193.013634] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1193.013640] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1193.015514] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1193.015540] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1193.015565] CPU: 1 PID: 6955 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1193.015572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1193.015576] Call Trace: [ 1193.015588] dump_stack+0x1b2/0x283 [ 1193.015606] warn_alloc.cold+0x96/0x1cc [ 1193.015619] ? check_preemption_disabled+0x35/0x240 [ 1193.015631] ? zone_watermark_ok_safe+0x220/0x220 [ 1193.015644] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.015655] ? fs_reclaim_release+0xd0/0x110 [ 1193.015675] ? ip_set_alloc+0x47/0x60 [ 1193.015689] vzalloc+0x122/0x150 [ 1193.015701] ip_set_alloc+0x47/0x60 [ 1193.015712] hash_mac_create+0x36e/0x7c6 [ 1193.015727] ip_set_create+0x5f9/0xf30 [ 1193.015742] ? __find_set_type_get+0x360/0x360 [ 1193.015752] ? __mutex_lock+0x360/0x1310 [ 1193.015785] ? __find_set_type_get+0x360/0x360 [ 1193.015797] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1193.015830] netlink_rcv_skb+0x125/0x390 [ 1193.015841] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1193.015853] ? netlink_ack+0x9a0/0x9a0 [ 1193.015869] ? ns_capable_common+0x127/0x150 [ 1193.015882] nfnetlink_rcv+0x1ab/0x1da0 [ 1193.015891] ? __dev_queue_xmit+0xcd6/0x2480 [ 1193.015904] ? check_preemption_disabled+0x35/0x240 [ 1193.015917] ? perf_trace_lock+0xf7/0x490 [ 1193.015933] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.015944] ? nfnetlink_bind+0x240/0x240 [ 1193.015957] ? netlink_deliver_tap+0x90/0x7d0 [ 1193.015973] ? lock_downgrade+0x740/0x740 [ 1193.015989] netlink_unicast+0x437/0x610 [ 1193.016003] ? netlink_sendskb+0xd0/0xd0 [ 1193.016020] netlink_sendmsg+0x62e/0xb80 [ 1193.016035] ? nlmsg_notify+0x170/0x170 [ 1193.016045] ? kernel_recvmsg+0x210/0x210 [ 1193.016058] ? security_socket_sendmsg+0x83/0xb0 [ 1193.016069] ? nlmsg_notify+0x170/0x170 [ 1193.016085] sock_sendmsg+0xb5/0x100 [ 1193.016098] ___sys_sendmsg+0x6c8/0x800 [ 1193.016111] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1193.016121] ? __lock_acquire+0x5fc/0x3f20 [ 1193.016135] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.016145] ? do_futex+0x12b/0x1930 [ 1193.016156] ? check_preemption_disabled+0x35/0x240 [ 1193.016172] ? __fget+0x1fe/0x360 [ 1193.016186] ? lock_acquire+0x170/0x3f0 [ 1193.016198] ? lock_downgrade+0x740/0x740 [ 1193.016215] ? __fget+0x225/0x360 [ 1193.016231] ? __fdget+0x196/0x1f0 [ 1193.016242] ? sockfd_lookup_light+0xb2/0x160 [ 1193.016254] __sys_sendmsg+0xa3/0x120 [ 1193.016263] ? SyS_shutdown+0x160/0x160 [ 1193.016284] ? SyS_clock_gettime+0xf5/0x180 [ 1193.016301] ? SyS_clock_settime+0x1a0/0x1a0 [ 1193.016313] SyS_sendmsg+0x27/0x40 [ 1193.016321] ? __sys_sendmsg+0x120/0x120 [ 1193.016331] do_syscall_64+0x1d5/0x640 [ 1193.016349] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1193.016357] RIP: 0033:0x45d249 [ 1193.016363] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1193.016374] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1193.016380] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1193.016386] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1193.016392] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1193.016398] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1193.045938] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1193.045964] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1193.045986] CPU: 1 PID: 6938 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1193.045993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1193.045996] Call Trace: [ 1193.046012] dump_stack+0x1b2/0x283 [ 1193.046046] warn_alloc.cold+0x96/0x1cc [ 1193.046060] ? check_preemption_disabled+0x35/0x240 [ 1193.046071] ? zone_watermark_ok_safe+0x220/0x220 [ 1193.046093] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.046104] ? fs_reclaim_release+0xd0/0x110 [ 1193.046127] ? ip_set_alloc+0x47/0x60 [ 1193.046140] vzalloc+0x122/0x150 [ 1193.046152] ip_set_alloc+0x47/0x60 [ 1193.046164] hash_mac_create+0x36e/0x7c6 [ 1193.046179] ip_set_create+0x5f9/0xf30 [ 1193.046195] ? __find_set_type_get+0x360/0x360 [ 1193.046204] ? __mutex_lock+0x360/0x1310 [ 1193.046240] ? lock_downgrade+0x740/0x740 [ 1193.046253] ? __find_set_type_get+0x360/0x360 [ 1193.046266] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1193.046300] netlink_rcv_skb+0x125/0x390 [ 1193.046311] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1193.046324] ? netlink_ack+0x9a0/0x9a0 [ 1193.046340] ? ns_capable_common+0x127/0x150 [ 1193.046353] nfnetlink_rcv+0x1ab/0x1da0 [ 1193.046362] ? __dev_queue_xmit+0xcd6/0x2480 [ 1193.046375] ? check_preemption_disabled+0x35/0x240 [ 1193.046389] ? perf_trace_lock+0xf7/0x490 [ 1193.046404] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.046416] ? nfnetlink_bind+0x240/0x240 [ 1193.046428] ? netlink_deliver_tap+0x90/0x7d0 [ 1193.046444] ? lock_downgrade+0x740/0x740 [ 1193.046461] netlink_unicast+0x437/0x610 [ 1193.046474] ? netlink_sendskb+0xd0/0xd0 [ 1193.046490] netlink_sendmsg+0x62e/0xb80 [ 1193.046506] ? nlmsg_notify+0x170/0x170 [ 1193.046516] ? kernel_recvmsg+0x210/0x210 [ 1193.046530] ? security_socket_sendmsg+0x83/0xb0 [ 1193.046541] ? nlmsg_notify+0x170/0x170 [ 1193.046552] sock_sendmsg+0xb5/0x100 [ 1193.046565] ___sys_sendmsg+0x6c8/0x800 [ 1193.046578] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1193.046587] ? __lock_acquire+0x5fc/0x3f20 [ 1193.046601] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.046611] ? do_futex+0x12b/0x1930 [ 1193.046621] ? check_preemption_disabled+0x35/0x240 [ 1193.046637] ? __fget+0x1fe/0x360 [ 1193.046650] ? lock_acquire+0x170/0x3f0 [ 1193.046659] ? lock_downgrade+0x740/0x740 [ 1193.046675] ? __fget+0x225/0x360 [ 1193.046691] ? __fdget+0x196/0x1f0 [ 1193.046703] ? sockfd_lookup_light+0xb2/0x160 [ 1193.046715] __sys_sendmsg+0xa3/0x120 [ 1193.046724] ? SyS_shutdown+0x160/0x160 [ 1193.046746] ? SyS_clock_gettime+0xf5/0x180 [ 1193.046757] ? SyS_clock_settime+0x1a0/0x1a0 [ 1193.046769] SyS_sendmsg+0x27/0x40 [ 1193.046777] ? __sys_sendmsg+0x120/0x120 [ 1193.046788] do_syscall_64+0x1d5/0x640 [ 1193.046805] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1193.046813] RIP: 0033:0x45d249 [ 1193.046818] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1193.046829] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1193.046836] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1193.046842] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1193.046848] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1193.046855] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1193.148528] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1193.151305] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1193.151331] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1193.151354] CPU: 0 PID: 6963 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1193.151360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1193.151364] Call Trace: [ 1193.151380] dump_stack+0x1b2/0x283 [ 1193.151399] warn_alloc.cold+0x96/0x1cc [ 1193.151412] ? check_preemption_disabled+0x35/0x240 [ 1193.151424] ? zone_watermark_ok_safe+0x220/0x220 [ 1193.151438] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.151449] ? fs_reclaim_release+0xd0/0x110 [ 1193.151470] ? ip_set_alloc+0x47/0x60 [ 1193.151482] vzalloc+0x122/0x150 [ 1193.151493] ip_set_alloc+0x47/0x60 [ 1193.151504] hash_mac_create+0x36e/0x7c6 [ 1193.151519] ip_set_create+0x5f9/0xf30 [ 1193.151537] ? __find_set_type_get+0x360/0x360 [ 1193.151547] ? __mutex_lock+0x360/0x1310 [ 1193.151589] ? lock_downgrade+0x740/0x740 [ 1193.151604] ? __find_set_type_get+0x360/0x360 [ 1193.151619] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1193.151658] netlink_rcv_skb+0x125/0x390 [ 1193.151668] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1193.151679] ? netlink_ack+0x9a0/0x9a0 [ 1193.151693] ? ns_capable_common+0x127/0x150 [ 1193.151703] nfnetlink_rcv+0x1ab/0x1da0 [ 1193.151712] ? __dev_queue_xmit+0xcd6/0x2480 [ 1193.151724] ? check_preemption_disabled+0x35/0x240 [ 1193.151743] ? perf_trace_lock+0xf7/0x490 [ 1193.151756] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.151767] ? nfnetlink_bind+0x240/0x240 [ 1193.151777] ? netlink_deliver_tap+0x90/0x7d0 [ 1193.151789] ? lock_downgrade+0x740/0x740 [ 1193.151804] netlink_unicast+0x437/0x610 [ 1193.151816] ? netlink_sendskb+0xd0/0xd0 [ 1193.151831] netlink_sendmsg+0x62e/0xb80 [ 1193.151845] ? nlmsg_notify+0x170/0x170 [ 1193.151854] ? kernel_recvmsg+0x210/0x210 [ 1193.151866] ? security_socket_sendmsg+0x83/0xb0 [ 1193.151879] ? nlmsg_notify+0x170/0x170 [ 1193.151891] sock_sendmsg+0xb5/0x100 [ 1193.151904] ___sys_sendmsg+0x6c8/0x800 [ 1193.151917] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1193.151926] ? __lock_acquire+0x5fc/0x3f20 [ 1193.151944] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.151954] ? do_futex+0x12b/0x1930 [ 1193.151965] ? check_preemption_disabled+0x35/0x240 [ 1193.151983] ? __fget+0x1fe/0x360 [ 1193.151997] ? lock_acquire+0x170/0x3f0 [ 1193.152009] ? lock_downgrade+0x740/0x740 [ 1193.152026] ? __fget+0x225/0x360 [ 1193.152043] ? __fdget+0x196/0x1f0 [ 1193.152054] ? sockfd_lookup_light+0xb2/0x160 [ 1193.152066] __sys_sendmsg+0xa3/0x120 [ 1193.152074] ? SyS_shutdown+0x160/0x160 [ 1193.152094] ? SyS_clock_gettime+0xf5/0x180 [ 1193.152106] ? SyS_clock_settime+0x1a0/0x1a0 [ 1193.152116] SyS_sendmsg+0x27/0x40 [ 1193.152123] ? __sys_sendmsg+0x120/0x120 [ 1193.152133] do_syscall_64+0x1d5/0x640 [ 1193.152150] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1193.152159] RIP: 0033:0x45d249 [ 1193.152165] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1193.152176] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1193.152183] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1193.152189] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1193.152194] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1193.152200] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1193.261705] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1193.261736] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1193.261758] CPU: 0 PID: 6975 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1193.261764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1193.261768] Call Trace: [ 1193.261783] dump_stack+0x1b2/0x283 [ 1193.261799] warn_alloc.cold+0x96/0x1cc [ 1193.261818] ? check_preemption_disabled+0x35/0x240 [ 1193.261831] ? zone_watermark_ok_safe+0x220/0x220 [ 1193.261844] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.261853] ? fs_reclaim_release+0xd0/0x110 [ 1193.261870] ? ip_set_alloc+0x47/0x60 [ 1193.261882] vzalloc+0x122/0x150 [ 1193.261894] ip_set_alloc+0x47/0x60 [ 1193.261908] hash_mac_create+0x36e/0x7c6 [ 1193.261923] ip_set_create+0x5f9/0xf30 [ 1193.261938] ? __find_set_type_get+0x360/0x360 [ 1193.261950] ? __mutex_lock+0x360/0x1310 [ 1193.261981] ? lock_downgrade+0x740/0x740 [ 1193.261994] ? __find_set_type_get+0x360/0x360 [ 1193.262006] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1193.262040] netlink_rcv_skb+0x125/0x390 [ 1193.262051] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1193.262062] ? netlink_ack+0x9a0/0x9a0 [ 1193.262077] ? ns_capable_common+0x127/0x150 [ 1193.262091] nfnetlink_rcv+0x1ab/0x1da0 [ 1193.262100] ? __dev_queue_xmit+0xcd6/0x2480 [ 1193.262113] ? check_preemption_disabled+0x35/0x240 [ 1193.262126] ? perf_trace_lock+0xf7/0x490 [ 1193.262141] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.262152] ? nfnetlink_bind+0x240/0x240 [ 1193.262165] ? netlink_deliver_tap+0x90/0x7d0 [ 1193.262180] ? lock_downgrade+0x740/0x740 [ 1193.262197] netlink_unicast+0x437/0x610 [ 1193.262210] ? netlink_sendskb+0xd0/0xd0 [ 1193.262227] netlink_sendmsg+0x62e/0xb80 [ 1193.262242] ? nlmsg_notify+0x170/0x170 [ 1193.262253] ? kernel_recvmsg+0x210/0x210 [ 1193.262265] ? security_socket_sendmsg+0x83/0xb0 [ 1193.262275] ? nlmsg_notify+0x170/0x170 [ 1193.262286] sock_sendmsg+0xb5/0x100 [ 1193.262298] ___sys_sendmsg+0x6c8/0x800 [ 1193.262311] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1193.262318] ? __lock_acquire+0x5fc/0x3f20 [ 1193.262331] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.262341] ? do_futex+0x12b/0x1930 [ 1193.262351] ? check_preemption_disabled+0x35/0x240 [ 1193.262366] ? __fget+0x1fe/0x360 [ 1193.262379] ? lock_acquire+0x170/0x3f0 [ 1193.262390] ? lock_downgrade+0x740/0x740 [ 1193.262405] ? __fget+0x225/0x360 [ 1193.262421] ? __fdget+0x196/0x1f0 [ 1193.262432] ? sockfd_lookup_light+0xb2/0x160 [ 1193.262443] __sys_sendmsg+0xa3/0x120 [ 1193.262452] ? SyS_shutdown+0x160/0x160 [ 1193.262473] ? SyS_clock_gettime+0xf5/0x180 [ 1193.262484] ? SyS_clock_settime+0x1a0/0x1a0 [ 1193.262495] SyS_sendmsg+0x27/0x40 [ 1193.262504] ? __sys_sendmsg+0x120/0x120 [ 1193.262515] do_syscall_64+0x1d5/0x640 [ 1193.262533] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1193.262541] RIP: 0033:0x45d249 [ 1193.262547] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1193.262567] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1193.262575] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1193.262581] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1193.262588] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1193.262599] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c 04:28:37 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xec, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4}}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x18c3a93e}]}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x99, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x0, 0x5, 0x7}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x33}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x0, 0x4, 0x252f5c2d}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e03}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xec}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000440)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)={0x28, r4, 0xf20aaac1f6a2385f, 0x0, 0x0, {}, [@SEG6_ATTR_DST={0x14, 0x1, @mcast1}]}, 0x28}}, 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r4, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x20}, @SEG6_ATTR_SECRET={0x14, 0x4, [0xfffffff9, 0x9, 0xfff, 0x7fff]}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000004}, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r2, 0x80083314, &(0x7f0000000080)) [ 1193.272700] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1193.272727] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1193.272752] CPU: 1 PID: 6976 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1193.272758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1193.272762] Call Trace: [ 1193.272778] dump_stack+0x1b2/0x283 [ 1193.272797] warn_alloc.cold+0x96/0x1cc [ 1193.272811] ? check_preemption_disabled+0x35/0x240 [ 1193.272823] ? zone_watermark_ok_safe+0x220/0x220 [ 1193.272838] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.272849] ? fs_reclaim_release+0xd0/0x110 [ 1193.272870] ? ip_set_alloc+0x47/0x60 [ 1193.272882] vzalloc+0x122/0x150 [ 1193.272894] ip_set_alloc+0x47/0x60 [ 1193.272905] hash_mac_create+0x36e/0x7c6 [ 1193.272920] ip_set_create+0x5f9/0xf30 [ 1193.272936] ? __find_set_type_get+0x360/0x360 [ 1193.272945] ? __mutex_lock+0x360/0x1310 [ 1193.272974] ? lock_downgrade+0x740/0x740 [ 1193.272985] ? __find_set_type_get+0x360/0x360 [ 1193.272996] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1193.273027] netlink_rcv_skb+0x125/0x390 [ 1193.273038] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1193.273050] ? netlink_ack+0x9a0/0x9a0 [ 1193.273075] ? ns_capable_common+0x127/0x150 [ 1193.273089] nfnetlink_rcv+0x1ab/0x1da0 [ 1193.273099] ? __dev_queue_xmit+0xcd6/0x2480 [ 1193.273112] ? check_preemption_disabled+0x35/0x240 [ 1193.273132] ? perf_trace_lock+0xf7/0x490 [ 1193.273147] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.273160] ? nfnetlink_bind+0x240/0x240 [ 1193.273173] ? netlink_deliver_tap+0x90/0x7d0 [ 1193.273189] ? lock_downgrade+0x740/0x740 [ 1193.273203] netlink_unicast+0x437/0x610 [ 1193.273216] ? netlink_sendskb+0xd0/0xd0 [ 1193.273230] netlink_sendmsg+0x62e/0xb80 [ 1193.273244] ? nlmsg_notify+0x170/0x170 [ 1193.273254] ? kernel_recvmsg+0x210/0x210 [ 1193.273266] ? security_socket_sendmsg+0x83/0xb0 [ 1193.273275] ? nlmsg_notify+0x170/0x170 [ 1193.273284] sock_sendmsg+0xb5/0x100 [ 1193.273296] ___sys_sendmsg+0x6c8/0x800 [ 1193.273307] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1193.273314] ? __lock_acquire+0x5fc/0x3f20 [ 1193.273326] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.273335] ? do_futex+0x12b/0x1930 [ 1193.273349] ? check_preemption_disabled+0x35/0x240 [ 1193.273364] ? __fget+0x1fe/0x360 [ 1193.273376] ? lock_acquire+0x170/0x3f0 [ 1193.273386] ? lock_downgrade+0x740/0x740 [ 1193.273400] ? __fget+0x225/0x360 [ 1193.273416] ? __fdget+0x196/0x1f0 [ 1193.273428] ? sockfd_lookup_light+0xb2/0x160 [ 1193.273440] __sys_sendmsg+0xa3/0x120 [ 1193.273449] ? SyS_shutdown+0x160/0x160 [ 1193.273471] ? SyS_clock_gettime+0xf5/0x180 [ 1193.273482] ? SyS_clock_settime+0x1a0/0x1a0 [ 1193.273494] SyS_sendmsg+0x27/0x40 [ 1193.273502] ? __sys_sendmsg+0x120/0x120 [ 1193.273513] do_syscall_64+0x1d5/0x640 [ 1193.273532] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1193.273540] RIP: 0033:0x45d249 [ 1193.273545] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1193.273556] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1193.273562] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1193.273568] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1193.273574] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1193.273580] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1193.294301] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1193.294334] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1193.294356] CPU: 0 PID: 6978 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1193.294362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1193.294366] Call Trace: [ 1193.294380] dump_stack+0x1b2/0x283 [ 1193.294398] warn_alloc.cold+0x96/0x1cc [ 1193.294411] ? check_preemption_disabled+0x35/0x240 [ 1193.294423] ? zone_watermark_ok_safe+0x220/0x220 [ 1193.294437] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.294447] ? fs_reclaim_release+0xd0/0x110 [ 1193.294465] ? ip_set_alloc+0x47/0x60 [ 1193.294477] vzalloc+0x122/0x150 [ 1193.294489] ip_set_alloc+0x47/0x60 [ 1193.294502] hash_mac_create+0x36e/0x7c6 [ 1193.294516] ip_set_create+0x5f9/0xf30 [ 1193.294532] ? __find_set_type_get+0x360/0x360 [ 1193.294541] ? __mutex_lock+0x360/0x1310 [ 1193.294581] ? lock_downgrade+0x740/0x740 [ 1193.294594] ? __find_set_type_get+0x360/0x360 [ 1193.294608] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1193.294643] netlink_rcv_skb+0x125/0x390 [ 1193.294654] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1193.294666] ? netlink_ack+0x9a0/0x9a0 [ 1193.294682] ? ns_capable_common+0x127/0x150 [ 1193.294696] nfnetlink_rcv+0x1ab/0x1da0 [ 1193.294705] ? __dev_queue_xmit+0xcd6/0x2480 [ 1193.294718] ? check_preemption_disabled+0x35/0x240 [ 1193.294731] ? perf_trace_lock+0xf7/0x490 [ 1193.294746] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.294758] ? nfnetlink_bind+0x240/0x240 [ 1193.294770] ? netlink_deliver_tap+0x90/0x7d0 [ 1193.294786] ? lock_downgrade+0x740/0x740 [ 1193.294803] netlink_unicast+0x437/0x610 [ 1193.294816] ? netlink_sendskb+0xd0/0xd0 [ 1193.294833] netlink_sendmsg+0x62e/0xb80 [ 1193.294849] ? nlmsg_notify+0x170/0x170 [ 1193.294859] ? kernel_recvmsg+0x210/0x210 [ 1193.294872] ? security_socket_sendmsg+0x83/0xb0 [ 1193.294882] ? nlmsg_notify+0x170/0x170 [ 1193.294893] sock_sendmsg+0xb5/0x100 [ 1193.294906] ___sys_sendmsg+0x6c8/0x800 [ 1193.294919] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1193.294928] ? __lock_acquire+0x5fc/0x3f20 [ 1193.294941] ? perf_trace_lock_acquire+0x510/0x510 [ 1193.294953] ? check_preemption_disabled+0x35/0x240 [ 1193.294968] ? __fget+0x1fe/0x360 [ 1193.294981] ? lock_acquire+0x170/0x3f0 [ 1193.294992] ? lock_downgrade+0x740/0x740 [ 1193.295008] ? __fget+0x225/0x360 [ 1193.295024] ? __fdget+0x196/0x1f0 [ 1193.295035] ? sockfd_lookup_light+0xb2/0x160 [ 1193.295047] __sys_sendmsg+0xa3/0x120 [ 1193.295056] ? SyS_shutdown+0x160/0x160 [ 1193.295076] ? SyS_clock_gettime+0xf5/0x180 [ 1193.295086] ? SyS_clock_settime+0x1a0/0x1a0 [ 1193.295094] ? fput+0xb/0x140 [ 1193.295104] SyS_sendmsg+0x27/0x40 [ 1193.295112] ? __sys_sendmsg+0x120/0x120 [ 1193.295122] do_syscall_64+0x1d5/0x640 [ 1193.295140] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1193.295148] RIP: 0033:0x45d249 [ 1193.295154] RSP: 002b:00007fe770c23c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1193.295165] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1193.295176] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1193.295183] RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 [ 1193.295189] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec 04:28:38 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='cpuset\x00') sendfile(r0, r1, 0x0, 0x800000080004109) 04:28:38 executing program 4: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:38 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:38 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a31000000000500010006000000050005000000006e755b1c274e45bf40479e61390d000300686173683a6d616300000000412a20556d8b09d8acb91d1bc940756cc5131ab227f29b7ef149e15dbd13"], 0x54}}, 0x0) [ 1193.295196] R13: 00007fffec3adf2f R14: 00007fe770c249c0 R15: 000000000118cfec [ 1195.358985] IPVS: ftp: loaded support on port[0] = 21 [ 1195.366827] syz-executor.1: [ 1195.645195] IPVS: ftp: loaded support on port[0] = 21 [ 1195.647323] vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1195.955323] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1195.967996] CPU: 0 PID: 6990 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 04:28:38 executing program 4: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:38 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x1e, 0x6, 0x2) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10) r4 = dup3(r3, r2, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x17) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x70, &(0x7f0000000080)=@sack_info={r5}, &(0x7f0000002000)=0xc) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000080)={r5, 0x1f, 0xbef}, &(0x7f00000000c0)=0x8) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="55000000020601010000eb75c2e000000000000005000400000000000900020073797a3100007e565c722192dd3700000500050000000c6aff8008001240479e61390d000300686173000000435fa499a237203b0ad9eec734f09a8a17f720880a73e9f128c7eff293c5c181fa78453410126cc6e23f272e89b2b73acaa6f348a7aa860f90db21b7b9cbd74d1c9d694df41519392049fe4d957e8343339d61f6bdb2f643720a88dfbce10ff1a3b5d6db18387e4b02beecbbb509de490eb019ebdcb45801cc76b01e214416a3153d76ea3ce0dc79778e7b5b104f85ba486f162ac9ef8ea8859dddeac9178f55311be1cb87c62530b9dc64dd7535a6235bb40fd1a7ed8a73bbe6bdee84066a0fa091200e40d52e4a2df2097fb79ef3b591d3bac63a8110dac2"], 0x54}}, 0x0) [ 1195.975821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1195.985185] Call Trace: [ 1195.987780] dump_stack+0x1b2/0x283 [ 1195.991421] warn_alloc.cold+0x96/0x1cc [ 1195.995397] ? check_preemption_disabled+0x35/0x240 [ 1196.000433] ? zone_watermark_ok_safe+0x220/0x220 04:28:38 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1196.005294] ? perf_trace_lock_acquire+0x510/0x510 04:28:38 executing program 4: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:38 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1196.005306] ? fs_reclaim_release+0xd0/0x110 [ 1196.005325] ? ip_set_alloc+0x47/0x60 [ 1196.005337] vzalloc+0x122/0x150 [ 1196.005349] ip_set_alloc+0x47/0x60 04:28:38 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) ioctl$SNDCTL_TMR_STOP(r1, 0x5403) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1196.005361] hash_mac_create+0x36e/0x7c6 [ 1196.005376] ip_set_create+0x5f9/0xf30 [ 1196.005391] ? __find_set_type_get+0x360/0x360 [ 1196.005400] ? __mutex_lock+0x360/0x1310 [ 1196.005430] ? lock_downgrade+0x740/0x740 [ 1196.005442] ? __find_set_type_get+0x360/0x360 [ 1196.005454] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1196.005488] netlink_rcv_skb+0x125/0x390 [ 1196.005499] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1196.005510] ? netlink_ack+0x9a0/0x9a0 [ 1196.005533] ? ns_capable_common+0x127/0x150 [ 1196.005546] nfnetlink_rcv+0x1ab/0x1da0 [ 1196.005555] ? __dev_queue_xmit+0xcd6/0x2480 [ 1196.005569] ? check_preemption_disabled+0x35/0x240 [ 1196.005582] ? perf_trace_lock+0xf7/0x490 [ 1196.005596] ? perf_trace_lock_acquire+0x510/0x510 [ 1196.005606] ? nfnetlink_bind+0x240/0x240 [ 1196.005618] ? netlink_deliver_tap+0x90/0x7d0 [ 1196.005632] ? lock_downgrade+0x740/0x740 [ 1196.005647] netlink_unicast+0x437/0x610 [ 1196.005660] ? netlink_sendskb+0xd0/0xd0 [ 1196.005675] netlink_sendmsg+0x62e/0xb80 [ 1196.005690] ? nlmsg_notify+0x170/0x170 [ 1196.005700] ? kernel_recvmsg+0x210/0x210 [ 1196.005713] ? security_socket_sendmsg+0x83/0xb0 [ 1196.005723] ? nlmsg_notify+0x170/0x170 [ 1196.005734] sock_sendmsg+0xb5/0x100 [ 1196.005745] ___sys_sendmsg+0x6c8/0x800 [ 1196.005759] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1196.005767] ? __lock_acquire+0x5fc/0x3f20 [ 1196.005780] ? perf_trace_lock_acquire+0x510/0x510 [ 1196.005790] ? do_futex+0x12b/0x1930 [ 1196.005799] ? check_preemption_disabled+0x35/0x240 [ 1196.005815] ? __fget+0x1fe/0x360 [ 1196.005827] ? lock_acquire+0x170/0x3f0 [ 1196.005837] ? lock_downgrade+0x740/0x740 [ 1196.005854] ? __fget+0x225/0x360 [ 1196.005869] ? __fdget+0x196/0x1f0 [ 1196.005879] ? sockfd_lookup_light+0xb2/0x160 [ 1196.005890] __sys_sendmsg+0xa3/0x120 [ 1196.005900] ? SyS_shutdown+0x160/0x160 [ 1196.005920] ? SyS_clock_gettime+0xf5/0x180 [ 1196.005931] ? SyS_clock_settime+0x1a0/0x1a0 [ 1196.005942] SyS_sendmsg+0x27/0x40 [ 1196.005949] ? __sys_sendmsg+0x120/0x120 [ 1196.005959] do_syscall_64+0x1d5/0x640 [ 1196.005977] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1196.005985] RIP: 0033:0x45d249 [ 1196.005990] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1196.006001] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1196.006007] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1196.006013] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1196.006019] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1196.006024] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1196.034421] warn_alloc_show_mem: 7 callbacks suppressed [ 1196.034425] Mem-Info: [ 1196.034447] active_anon:232480 inactive_anon:6091 isolated_anon:0 [ 1196.034447] active_file:7393 inactive_file:32981 isolated_file:0 [ 1196.034447] unevictable:0 dirty:303 writeback:0 unstable:0 [ 1196.034447] slab_reclaimable:18453 slab_unreclaimable:134724 [ 1196.034447] mapped:62755 shmem:6280 pagetables:5901 bounce:0 [ 1196.034447] free:1089863 free_pcp:175 free_cma:0 [ 1196.034465] Node 0 active_anon:929920kB inactive_anon:24364kB active_file:29428kB inactive_file:131924kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251020kB dirty:1212kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 886784kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1196.034480] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1196.034484] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1196.034504] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1196.034534] Node 0 DMA32 free:559916kB min:36272kB low:45340kB high:54408kB active_anon:929920kB inactive_anon:24364kB active_file:29428kB inactive_file:131924kB unevictable:0kB writepending:1212kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14368kB pagetables:23604kB bounce:0kB free_pcp:700kB local_pcp:356kB free_cma:0kB [ 1196.034555] lowmem_reserve[]: 0 0 0 0 0 [ 1196.034577] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1196.034595] lowmem_reserve[]: 0 0 0 0 0 [ 1196.034617] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1196.034637] lowmem_reserve[]: 0 0 0 0 0 [ 1196.034659] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1196.034739] Node 0 DMA32: 539*4kB (UME) 191*8kB (UME) 415*16kB (UE) 127*32kB (UME) 139*64kB (UME) 38*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 559860kB [ 1196.034829] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1196.034884] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1196.034978] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1196.047048] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1196.047057] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1196.047064] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1196.047068] 25603 total pagecache pages [ 1196.047079] 0 pages in swap cache [ 1196.047084] Swap cache stats: add 0, delete 0, find 0/0 [ 1196.047088] Free swap = 0kB [ 1196.047092] Total swap = 0kB [ 1196.047099] 1965979 pages RAM [ 1196.047103] 0 pages HighMem/MovableOnly [ 1196.047107] 339072 pages reserved [ 1196.047111] 0 pages cma reserved [ 1196.232828] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1196.278017] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1196.870942] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1196.876105] CPU: 1 PID: 7063 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1196.883899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1196.893263] Call Trace: [ 1196.895950] dump_stack+0x1b2/0x283 [ 1196.899599] warn_alloc.cold+0x96/0x1cc [ 1196.903663] ? check_preemption_disabled+0x35/0x240 [ 1196.908664] ? zone_watermark_ok_safe+0x220/0x220 [ 1196.913487] ? perf_trace_lock_acquire+0x510/0x510 [ 1196.918400] ? fs_reclaim_release+0xd0/0x110 [ 1196.922792] ? ip_set_alloc+0x47/0x60 [ 1196.926658] vzalloc+0x122/0x150 [ 1196.930021] ip_set_alloc+0x47/0x60 [ 1196.933634] hash_mac_create+0x36e/0x7c6 [ 1196.937708] ip_set_create+0x5f9/0xf30 [ 1196.941599] ? __find_set_type_get+0x360/0x360 [ 1196.946163] ? __mutex_lock+0x360/0x1310 [ 1196.950217] ? lock_downgrade+0x740/0x740 [ 1196.954361] ? __find_set_type_get+0x360/0x360 [ 1196.958926] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1196.963161] netlink_rcv_skb+0x125/0x390 [ 1196.967205] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1196.972303] ? netlink_ack+0x9a0/0x9a0 [ 1196.976188] ? ns_capable_common+0x127/0x150 [ 1196.980586] nfnetlink_rcv+0x1ab/0x1da0 [ 1196.984541] ? __dev_queue_xmit+0xcd6/0x2480 [ 1196.988934] ? check_preemption_disabled+0x35/0x240 [ 1196.993935] ? perf_trace_lock+0xf7/0x490 [ 1196.998064] ? perf_trace_lock_acquire+0x510/0x510 [ 1197.002973] ? nfnetlink_bind+0x240/0x240 [ 1197.007101] ? netlink_deliver_tap+0x90/0x7d0 [ 1197.011579] ? lock_downgrade+0x740/0x740 [ 1197.015707] netlink_unicast+0x437/0x610 [ 1197.019749] ? netlink_sendskb+0xd0/0xd0 [ 1197.023797] netlink_sendmsg+0x62e/0xb80 [ 1197.027839] ? nlmsg_notify+0x170/0x170 [ 1197.031795] ? kernel_recvmsg+0x210/0x210 [ 1197.035991] ? security_socket_sendmsg+0x83/0xb0 [ 1197.040733] ? nlmsg_notify+0x170/0x170 [ 1197.044716] sock_sendmsg+0xb5/0x100 [ 1197.048527] ___sys_sendmsg+0x6c8/0x800 [ 1197.052502] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1197.057387] ? __lock_acquire+0x5fc/0x3f20 [ 1197.061608] ? perf_trace_lock_acquire+0x510/0x510 [ 1197.066540] ? do_futex+0x12b/0x1930 [ 1197.070248] ? check_preemption_disabled+0x35/0x240 [ 1197.075274] ? __fget+0x1fe/0x360 [ 1197.078720] ? lock_acquire+0x170/0x3f0 [ 1197.082680] ? lock_downgrade+0x740/0x740 [ 1197.086813] ? __fget+0x225/0x360 [ 1197.090253] ? __fdget+0x196/0x1f0 [ 1197.093865] ? sockfd_lookup_light+0xb2/0x160 [ 1197.098451] __sys_sendmsg+0xa3/0x120 [ 1197.102235] ? SyS_shutdown+0x160/0x160 [ 1197.106196] ? SyS_clock_gettime+0xf5/0x180 [ 1197.110516] ? SyS_clock_settime+0x1a0/0x1a0 [ 1197.114903] ? do_vfs_ioctl+0xff0/0xff0 [ 1197.118857] SyS_sendmsg+0x27/0x40 [ 1197.122390] ? __sys_sendmsg+0x120/0x120 [ 1197.126445] do_syscall_64+0x1d5/0x640 [ 1197.130320] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1197.135497] RIP: 0033:0x45d249 [ 1197.138666] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1197.146367] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1197.153625] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1197.161056] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1197.168321] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1197.175571] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1197.196673] Mem-Info: [ 1197.201417] active_anon:231917 inactive_anon:6091 isolated_anon:0 [ 1197.201417] active_file:7393 inactive_file:32989 isolated_file:0 [ 1197.201417] unevictable:0 dirty:324 writeback:0 unstable:0 [ 1197.201417] slab_reclaimable:18453 slab_unreclaimable:135244 [ 1197.201417] mapped:62765 shmem:6280 pagetables:5800 bounce:0 [ 1197.201417] free:1089969 free_pcp:333 free_cma:0 [ 1197.236196] Node 0 active_anon:927668kB inactive_anon:24364kB active_file:29428kB inactive_file:131956kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251076kB dirty:1296kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 886784kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1197.265071] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1197.291388] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1197.317719] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1197.322907] Node 0 DMA32 free:560220kB min:36272kB low:45340kB high:54408kB active_anon:927668kB inactive_anon:24364kB active_file:29428kB inactive_file:131956kB unevictable:0kB writepending:1300kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14176kB pagetables:23200kB bounce:0kB free_pcp:1328kB local_pcp:644kB free_cma:0kB [ 1197.353225] lowmem_reserve[]: 0 0 0 0 0 [ 1197.357258] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1197.383626] lowmem_reserve[]: 0 0 0 0 0 [ 1197.387702] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1197.415467] lowmem_reserve[]: 0 0 0 0 0 [ 1197.419488] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1197.433146] Node 0 DMA32: 595*4kB (UME) 96*8kB (UME) 287*16kB (UE) 140*32kB (UME) 142*64kB (UME) 38*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 4*2048kB (UME) 124*4096kB (M) = 559932kB [ 1197.450953] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1197.461853] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1197.478736] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1197.487751] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1197.496425] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1197.505414] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1197.514063] 25619 total pagecache pages [ 1197.518029] 0 pages in swap cache [ 1197.521586] Swap cache stats: add 0, delete 0, find 0/0 [ 1197.526944] Free swap = 0kB [ 1197.530493] Total swap = 0kB [ 1197.533525] 1965979 pages RAM [ 1197.536621] 0 pages HighMem/MovableOnly [ 1197.541766] 339072 pages reserved [ 1197.545287] 0 pages cma reserved 04:28:40 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:28:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 04:28:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) splice(r1, &(0x7f0000000400)=0x2f9, r0, &(0x7f0000000440)=0xaf4, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$IPSET_CMD_SAVE(r4, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10050}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x60, 0x8, 0x6, 0x401, 0x0, 0x0, {0xa, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x40}, 0x8000) r5 = dup2(r2, r2) bind$rxrpc(0xffffffffffffffff, &(0x7f0000000200)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e24, 0x7fff, @loopback, 0x7f}}, 0x24) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_SET(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYRES64, @ANYRES16=r6, @ANYBLOB="000126bd7000ffdbdf25060000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000100000006000400020000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000300020000000600040001000000"], 0x74}}, 0x20044840) 04:28:40 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='cpuset\x00') sendfile(r0, r1, 0x0, 0x800000080004109) 04:28:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:40 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:28:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) [ 1198.427948] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1198.468054] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1198.477126] CPU: 1 PID: 7081 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1198.484963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1198.494322] Call Trace: [ 1198.496923] dump_stack+0x1b2/0x283 [ 1198.500565] warn_alloc.cold+0x96/0x1cc [ 1198.504552] ? check_preemption_disabled+0x35/0x240 [ 1198.509728] ? zone_watermark_ok_safe+0x220/0x220 [ 1198.514677] ? perf_trace_lock_acquire+0x510/0x510 [ 1198.521709] ? fs_reclaim_release+0xd0/0x110 [ 1198.526137] ? ip_set_alloc+0x47/0x60 [ 1198.529949] vzalloc+0x122/0x150 [ 1198.533328] ip_set_alloc+0x47/0x60 [ 1198.536977] hash_mac_create+0x36e/0x7c6 [ 1198.541054] ip_set_create+0x5f9/0xf30 [ 1198.544957] ? __find_set_type_get+0x360/0x360 [ 1198.549551] ? __mutex_lock+0x360/0x1310 [ 1198.553648] ? lock_downgrade+0x740/0x740 [ 1198.557818] ? __find_set_type_get+0x360/0x360 [ 1198.562531] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1198.566897] netlink_rcv_skb+0x125/0x390 [ 1198.571103] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1198.576136] ? netlink_ack+0x9a0/0x9a0 [ 1198.580037] ? ns_capable_common+0x127/0x150 [ 1198.584463] nfnetlink_rcv+0x1ab/0x1da0 [ 1198.588442] ? __dev_queue_xmit+0xcd6/0x2480 [ 1198.592868] ? check_preemption_disabled+0x35/0x240 [ 1198.597899] ? perf_trace_lock+0xf7/0x490 [ 1198.602064] ? perf_trace_lock_acquire+0x510/0x510 [ 1198.607004] ? nfnetlink_bind+0x240/0x240 [ 1198.611163] ? netlink_deliver_tap+0x90/0x7d0 [ 1198.615675] ? lock_downgrade+0x740/0x740 [ 1198.619840] netlink_unicast+0x437/0x610 [ 1198.623912] ? netlink_sendskb+0xd0/0xd0 [ 1198.627989] netlink_sendmsg+0x62e/0xb80 [ 1198.632064] ? nlmsg_notify+0x170/0x170 [ 1198.636046] ? kernel_recvmsg+0x210/0x210 [ 1198.640210] ? security_socket_sendmsg+0x83/0xb0 [ 1198.644980] ? nlmsg_notify+0x170/0x170 [ 1198.648967] sock_sendmsg+0xb5/0x100 [ 1198.652690] ___sys_sendmsg+0x6c8/0x800 [ 1198.656676] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1198.661441] ? __lock_acquire+0x5fc/0x3f20 [ 1198.665691] ? perf_trace_lock_acquire+0x510/0x510 [ 1198.670631] ? do_futex+0x12b/0x1930 [ 1198.674360] ? check_preemption_disabled+0x35/0x240 [ 1198.679387] ? __fget+0x1fe/0x360 [ 1198.682847] ? lock_acquire+0x170/0x3f0 [ 1198.686830] ? lock_downgrade+0x740/0x740 [ 1198.690994] ? __fget+0x225/0x360 [ 1198.694460] ? __fdget+0x196/0x1f0 [ 1198.698008] ? sockfd_lookup_light+0xb2/0x160 [ 1198.702509] __sys_sendmsg+0xa3/0x120 [ 1198.706323] ? SyS_shutdown+0x160/0x160 [ 1198.710317] ? SyS_clock_gettime+0xf5/0x180 [ 1198.714728] ? SyS_clock_settime+0x1a0/0x1a0 [ 1198.719153] SyS_sendmsg+0x27/0x40 [ 1198.722699] ? __sys_sendmsg+0x120/0x120 04:28:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x15}, [@call={0x67}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0xc6, &(0x7f00000002c0)=""/166, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8}, 0x3f) 04:28:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 04:28:41 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 04:28:41 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) [ 1198.726819] do_syscall_64+0x1d5/0x640 [ 1198.730726] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1198.735928] RIP: 0033:0x45d249 [ 1198.739121] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1198.746837] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1198.754110] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1198.761385] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1198.768663] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1198.775948] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c 04:28:41 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000612000/0x3000)=nil, 0x3) munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) 04:28:41 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 04:28:41 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="30000000010405000000080000000000000000000a0002000000000000000000080004ff000000000500010001"], 0x30}}, 0x0) [ 1198.841161] Mem-Info: [ 1198.843857] active_anon:232457 inactive_anon:6091 isolated_anon:0 [ 1198.843857] active_file:7393 inactive_file:32989 isolated_file:0 [ 1198.843857] unevictable:0 dirty:327 writeback:0 unstable:0 [ 1198.843857] slab_reclaimable:18453 slab_unreclaimable:135549 [ 1198.843857] mapped:62796 shmem:6280 pagetables:5874 bounce:0 [ 1198.843857] free:1088995 free_pcp:355 free_cma:0 [ 1198.940867] Node 0 active_anon:930000kB inactive_anon:24364kB active_file:29428kB inactive_file:131988kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251212kB dirty:1332kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 884736kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1199.004372] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1199.044267] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1199.073314] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1199.078506] Node 0 DMA32 free:556720kB min:36272kB low:45340kB high:54408kB active_anon:930168kB inactive_anon:24364kB active_file:29428kB inactive_file:132008kB unevictable:0kB writepending:1340kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14272kB pagetables:23480kB bounce:0kB free_pcp:844kB local_pcp:708kB free_cma:0kB [ 1199.111080] lowmem_reserve[]: 0 0 0 0 0 [ 1199.115223] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1199.187816] lowmem_reserve[]: 0 0 0 0 0 [ 1199.192137] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1199.223969] lowmem_reserve[]: 0 0 0 0 0 [ 1199.235702] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1199.266349] Node 0 DMA32: 697*4kB (UME) 205*8kB (UME) 208*16kB (UME) 134*32kB (UME) 144*64kB (UME) 38*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 557836kB [ 1199.322487] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1199.347238] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1199.383732] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1199.402953] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1199.421782] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1199.441071] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1199.460640] 25624 total pagecache pages [ 1199.469200] 0 pages in swap cache [ 1199.477268] Swap cache stats: add 0, delete 0, find 0/0 [ 1199.489488] Free swap = 0kB [ 1199.497779] Total swap = 0kB [ 1199.505215] 1965979 pages RAM [ 1199.512869] 0 pages HighMem/MovableOnly [ 1199.521646] 339072 pages reserved [ 1199.528528] 0 pages cma reserved [ 1199.542344] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1199.689694] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1199.694871] CPU: 0 PID: 7096 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1199.702660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1199.712012] Call Trace: [ 1199.714602] dump_stack+0x1b2/0x283 [ 1199.718227] warn_alloc.cold+0x96/0x1cc [ 1199.722203] ? check_preemption_disabled+0x35/0x240 [ 1199.727212] ? zone_watermark_ok_safe+0x220/0x220 [ 1199.732050] ? perf_trace_lock_acquire+0x510/0x510 [ 1199.736972] ? fs_reclaim_release+0xd0/0x110 [ 1199.741382] ? ip_set_alloc+0x47/0x60 [ 1199.745179] vzalloc+0x122/0x150 [ 1199.748539] ip_set_alloc+0x47/0x60 [ 1199.752160] hash_mac_create+0x36e/0x7c6 [ 1199.756220] ip_set_create+0x5f9/0xf30 [ 1199.760113] ? __find_set_type_get+0x360/0x360 [ 1199.764687] ? __mutex_lock+0x360/0x1310 [ 1199.768767] ? __find_set_type_get+0x360/0x360 [ 1199.773346] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1199.777599] netlink_rcv_skb+0x125/0x390 [ 1199.781655] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1199.786677] ? netlink_ack+0x9a0/0x9a0 [ 1199.790567] ? ns_capable_common+0x127/0x150 [ 1199.794971] nfnetlink_rcv+0x1ab/0x1da0 [ 1199.799032] ? __dev_queue_xmit+0xcd6/0x2480 [ 1199.803435] ? check_preemption_disabled+0x35/0x240 [ 1199.808446] ? perf_trace_lock+0xf7/0x490 [ 1199.812590] ? perf_trace_lock_acquire+0x510/0x510 [ 1199.817514] ? nfnetlink_bind+0x240/0x240 [ 1199.821657] ? netlink_deliver_tap+0x90/0x7d0 [ 1199.826152] ? lock_downgrade+0x740/0x740 [ 1199.830300] netlink_unicast+0x437/0x610 [ 1199.834354] ? netlink_sendskb+0xd0/0xd0 [ 1199.838413] netlink_sendmsg+0x62e/0xb80 [ 1199.842473] ? nlmsg_notify+0x170/0x170 [ 1199.846438] ? kernel_recvmsg+0x210/0x210 [ 1199.850582] ? security_socket_sendmsg+0x83/0xb0 [ 1199.855330] ? nlmsg_notify+0x170/0x170 [ 1199.859298] sock_sendmsg+0xb5/0x100 [ 1199.863110] ___sys_sendmsg+0x6c8/0x800 [ 1199.867083] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1199.871836] ? __lock_acquire+0x5fc/0x3f20 [ 1199.876100] ? perf_trace_lock_acquire+0x510/0x510 [ 1199.881020] ? do_futex+0x12b/0x1930 [ 1199.884736] ? check_preemption_disabled+0x35/0x240 [ 1199.889749] ? __fget+0x1fe/0x360 [ 1199.893196] ? lock_acquire+0x170/0x3f0 [ 1199.897161] ? lock_downgrade+0x740/0x740 [ 1199.901304] ? __fget+0x225/0x360 [ 1199.904760] ? __fdget+0x196/0x1f0 [ 1199.908293] ? sockfd_lookup_light+0xb2/0x160 [ 1199.912781] __sys_sendmsg+0xa3/0x120 [ 1199.916617] ? SyS_shutdown+0x160/0x160 [ 1199.920596] ? SyS_clock_gettime+0xf5/0x180 [ 1199.924920] ? SyS_clock_settime+0x1a0/0x1a0 [ 1199.929322] SyS_sendmsg+0x27/0x40 [ 1199.932852] ? __sys_sendmsg+0x120/0x120 [ 1199.936908] do_syscall_64+0x1d5/0x640 [ 1199.940799] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1199.945979] RIP: 0033:0x45d249 [ 1199.949158] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1199.956860] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1199.964120] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1199.971379] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1199.978731] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1199.985990] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1200.115781] Mem-Info: [ 1200.139704] active_anon:231376 inactive_anon:6091 isolated_anon:0 [ 1200.139704] active_file:7393 inactive_file:33005 isolated_file:0 [ 1200.139704] unevictable:0 dirty:342 writeback:0 unstable:0 [ 1200.139704] slab_reclaimable:18453 slab_unreclaimable:135756 [ 1200.139704] mapped:62785 shmem:6280 pagetables:5771 bounce:0 [ 1200.139704] free:1090135 free_pcp:266 free_cma:0 [ 1200.174238] Node 0 active_anon:925504kB inactive_anon:24364kB active_file:29428kB inactive_file:132020kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251140kB dirty:1368kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 884736kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1200.340148] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1200.366909] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1200.394641] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1200.402027] Node 0 DMA32 free:563188kB min:36272kB low:45340kB high:54408kB active_anon:925504kB inactive_anon:24364kB active_file:29428kB inactive_file:132020kB unevictable:0kB writepending:1368kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14080kB pagetables:23084kB bounce:0kB free_pcp:1080kB local_pcp:360kB free_cma:0kB [ 1200.433479] lowmem_reserve[]: 0 0 0 0 0 [ 1200.437532] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1200.464605] lowmem_reserve[]: 0 0 0 0 0 [ 1200.468672] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1200.498289] lowmem_reserve[]: 0 0 0 0 0 [ 1200.503329] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1200.518017] Node 0 DMA32: 745*4kB (UME) 274*8kB (UME) 227*16kB (UME) 138*32kB (UME) 144*64kB (UME) 38*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 5*2048kB (UME) 124*4096kB (M) = 563108kB [ 1200.537241] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1200.548991] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1200.566994] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1200.576844] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 04:28:43 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x5c, 0x2, 0x1, 0x3, 0x0, 0x0, {0x7, 0x0, 0x8}, [@CTA_SYNPROXY={0xc, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x200}]}, @CTA_SYNPROXY={0x3c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x200}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x6097}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x100}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4800}, 0x800) 04:28:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 04:28:43 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000100)="6653078000053c27bc327600363940", 0xf}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:28:43 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:28:43 executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x100000000400200) r4 = socket$kcm(0xa, 0x2, 0x11) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r6, 0xc00464b4, &(0x7f0000000040)) setsockopt$sock_attach_bpf(r4, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r4, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x54}}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r8, 0x23f, 0x0, 0x0, {{}, {0x0, 0xb, 0xf0}, {0x3, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0xfffffff0}, 0x0) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r8, 0x100, 0x70bd2d, 0x25dfdbfe, {}, ["", "", "", "", ""]}, 0x1c}}, 0x40480d4) [ 1200.586463] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1200.596270] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1200.605820] 25631 total pagecache pages [ 1200.610675] 0 pages in swap cache [ 1200.614200] Swap cache stats: add 0, delete 0, find 0/0 [ 1200.620829] Free swap = 0kB [ 1200.623904] Total swap = 0kB [ 1200.626924] 1965979 pages RAM [ 1200.631718] 0 pages HighMem/MovableOnly [ 1200.635738] 339072 pages reserved 04:28:43 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1200.639187] 0 pages cma reserved 04:28:43 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 04:28:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, 0x2, 0x3, 0x701, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x7}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0xf3f}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r3, 0x8008330e, &(0x7f0000000300)) r4 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x20, 0x0, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0x4) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1200.752791] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) 04:28:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 04:28:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$IPSET_CMD_DEL(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x5c, 0xa, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x200}, @IPSET_ATTR_ADT={0x38, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x1}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x52}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast2}}}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x801}, 0x20) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1200.926757] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1200.985444] CPU: 0 PID: 7135 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1200.993284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1201.002645] Call Trace: [ 1201.005241] dump_stack+0x1b2/0x283 [ 1201.008884] warn_alloc.cold+0x96/0x1cc [ 1201.012871] ? check_preemption_disabled+0x35/0x240 [ 1201.017896] ? zone_watermark_ok_safe+0x220/0x220 [ 1201.022753] ? perf_trace_lock_acquire+0x510/0x510 [ 1201.027783] ? fs_reclaim_release+0xd0/0x110 [ 1201.032215] ? ip_set_alloc+0x47/0x60 [ 1201.036035] vzalloc+0x122/0x150 [ 1201.039412] ip_set_alloc+0x47/0x60 [ 1201.043163] hash_mac_create+0x36e/0x7c6 [ 1201.047243] ip_set_create+0x5f9/0xf30 [ 1201.051150] ? __find_set_type_get+0x360/0x360 [ 1201.055750] ? __mutex_lock+0x360/0x1310 [ 1201.059842] ? lock_downgrade+0x740/0x740 [ 1201.064007] ? __find_set_type_get+0x360/0x360 [ 1201.068613] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1201.072980] netlink_rcv_skb+0x125/0x390 [ 1201.077059] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1201.082135] ? netlink_ack+0x9a0/0x9a0 [ 1201.086040] ? ns_capable_common+0x127/0x150 [ 1201.090462] nfnetlink_rcv+0x1ab/0x1da0 [ 1201.094445] ? __dev_queue_xmit+0xcd6/0x2480 [ 1201.098884] ? check_preemption_disabled+0x35/0x240 [ 1201.103919] ? perf_trace_lock+0xf7/0x490 [ 1201.108093] ? perf_trace_lock_acquire+0x510/0x510 [ 1201.113037] ? nfnetlink_bind+0x240/0x240 [ 1201.117203] ? netlink_deliver_tap+0x90/0x7d0 [ 1201.121717] ? lock_downgrade+0x740/0x740 [ 1201.126417] netlink_unicast+0x437/0x610 [ 1201.130502] ? netlink_sendskb+0xd0/0xd0 [ 1201.134581] netlink_sendmsg+0x62e/0xb80 [ 1201.138662] ? nlmsg_notify+0x170/0x170 [ 1201.142743] ? kernel_recvmsg+0x210/0x210 [ 1201.146908] ? security_socket_sendmsg+0x83/0xb0 [ 1201.151682] ? nlmsg_notify+0x170/0x170 [ 1201.155759] sock_sendmsg+0xb5/0x100 [ 1201.159485] ___sys_sendmsg+0x6c8/0x800 [ 1201.163562] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1201.168330] ? __lock_acquire+0x5fc/0x3f20 [ 1201.172583] ? perf_trace_lock_acquire+0x510/0x510 [ 1201.177517] ? do_futex+0x12b/0x1930 [ 1201.181222] ? check_preemption_disabled+0x35/0x240 [ 1201.186235] ? __fget+0x1fe/0x360 [ 1201.189686] ? lock_acquire+0x170/0x3f0 [ 1201.193792] ? lock_downgrade+0x740/0x740 [ 1201.197940] ? __fget+0x225/0x360 [ 1201.201438] ? __fdget+0x196/0x1f0 [ 1201.205009] ? sockfd_lookup_light+0xb2/0x160 [ 1201.209941] __sys_sendmsg+0xa3/0x120 [ 1201.213729] ? SyS_shutdown+0x160/0x160 [ 1201.217696] ? SyS_clock_gettime+0xf5/0x180 [ 1201.222045] ? SyS_clock_settime+0x1a0/0x1a0 [ 1201.226435] SyS_sendmsg+0x27/0x40 [ 1201.229964] ? __sys_sendmsg+0x120/0x120 [ 1201.234016] do_syscall_64+0x1d5/0x640 [ 1201.237888] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1201.243167] RIP: 0033:0x45d249 [ 1201.246873] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1201.254582] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1201.261832] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1201.269110] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1201.276484] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1201.283744] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1201.295016] Mem-Info: [ 1201.302297] active_anon:233032 inactive_anon:6090 isolated_anon:0 [ 1201.302297] active_file:7393 inactive_file:33013 isolated_file:0 [ 1201.302297] unevictable:0 dirty:347 writeback:0 unstable:0 [ 1201.302297] slab_reclaimable:18452 slab_unreclaimable:135680 [ 1201.302297] mapped:62793 shmem:6280 pagetables:5873 bounce:0 [ 1201.302297] free:1088383 free_pcp:214 free_cma:0 [ 1201.337233] Node 0 active_anon:932028kB inactive_anon:24360kB active_file:29428kB inactive_file:132052kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251172kB dirty:1388kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 890880kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1201.366969] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1201.393884] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1201.420912] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1201.426086] Node 0 DMA32 free:552196kB min:36272kB low:45340kB high:54408kB active_anon:932028kB inactive_anon:24360kB active_file:29428kB inactive_file:132052kB unevictable:0kB writepending:1388kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14208kB pagetables:23492kB bounce:0kB free_pcp:1324kB local_pcp:660kB free_cma:0kB [ 1201.456546] lowmem_reserve[]: 0 0 0 0 0 [ 1201.460745] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1201.486761] lowmem_reserve[]: 0 0 0 0 0 [ 1201.490926] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1201.519150] lowmem_reserve[]: 0 0 0 0 0 [ 1201.523716] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1201.538041] Node 0 DMA32: 643*4kB (UME) 92*8kB (ME) 158*16kB (E) 119*32kB (UME) 118*64kB (UME) 38*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 2*2048kB (UE) 124*4096kB (M) = 551724kB [ 1201.556059] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1201.567294] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1201.584688] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1201.594218] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1201.603423] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1201.613028] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1201.622220] 25639 total pagecache pages [ 1201.626415] 0 pages in swap cache [ 1201.630896] Swap cache stats: add 0, delete 0, find 0/0 04:28:44 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a3100000000050001000600000005000500000000000c00078008001240479e61390d000300686173683a6d6163000000005e053d42159932295edff8c2aeadf052"], 0x54}}, 0x0) 04:28:44 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1201.636267] Free swap = 0kB [ 1201.639268] Total swap = 0kB [ 1201.643825] 1965979 pages RAM [ 1201.647034] 0 pages HighMem/MovableOnly [ 1201.651175] 339072 pages reserved [ 1201.654620] 0 pages cma reserved [ 1201.695630] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1201.708004] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1201.720361] CPU: 1 PID: 7161 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1201.728273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1201.737849] Call Trace: [ 1201.740433] dump_stack+0x1b2/0x283 [ 1201.744043] warn_alloc.cold+0x96/0x1cc [ 1201.747995] ? check_preemption_disabled+0x35/0x240 [ 1201.753038] ? zone_watermark_ok_safe+0x220/0x220 [ 1201.757867] ? perf_trace_lock_acquire+0x510/0x510 [ 1201.762777] ? fs_reclaim_release+0xd0/0x110 [ 1201.767166] ? ip_set_alloc+0x47/0x60 [ 1201.770947] vzalloc+0x122/0x150 [ 1201.774290] ip_set_alloc+0x47/0x60 [ 1201.777892] hash_mac_create+0x36e/0x7c6 [ 1201.781948] ip_set_create+0x5f9/0xf30 [ 1201.785815] ? __find_set_type_get+0x360/0x360 [ 1201.790384] ? __mutex_lock+0x360/0x1310 [ 1201.794432] ? lock_downgrade+0x740/0x740 [ 1201.798557] ? __find_set_type_get+0x360/0x360 [ 1201.803118] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1201.808053] netlink_rcv_skb+0x125/0x390 [ 1201.812266] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1201.817261] ? netlink_ack+0x9a0/0x9a0 [ 1201.821131] ? ns_capable_common+0x127/0x150 [ 1201.825518] nfnetlink_rcv+0x1ab/0x1da0 [ 1201.829476] ? __dev_queue_xmit+0xcd6/0x2480 [ 1201.833882] ? check_preemption_disabled+0x35/0x240 [ 1201.838877] ? perf_trace_lock+0xf7/0x490 [ 1201.843006] ? perf_trace_lock_acquire+0x510/0x510 [ 1201.847913] ? nfnetlink_bind+0x240/0x240 [ 1201.852041] ? netlink_deliver_tap+0x90/0x7d0 [ 1201.856531] ? lock_downgrade+0x740/0x740 [ 1201.860673] netlink_unicast+0x437/0x610 [ 1201.864715] ? netlink_sendskb+0xd0/0xd0 [ 1201.868781] netlink_sendmsg+0x62e/0xb80 [ 1201.872933] ? nlmsg_notify+0x170/0x170 [ 1201.876885] ? kernel_recvmsg+0x210/0x210 [ 1201.881015] ? security_socket_sendmsg+0x83/0xb0 [ 1201.885765] ? nlmsg_notify+0x170/0x170 [ 1201.890078] sock_sendmsg+0xb5/0x100 [ 1201.893906] ___sys_sendmsg+0x6c8/0x800 [ 1201.897891] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1201.902637] ? __lock_acquire+0x5fc/0x3f20 [ 1201.907193] ? perf_trace_lock_acquire+0x510/0x510 [ 1201.912190] ? do_futex+0x12b/0x1930 [ 1201.915889] ? check_preemption_disabled+0x35/0x240 [ 1201.920898] ? __fget+0x1fe/0x360 [ 1201.924333] ? lock_acquire+0x170/0x3f0 [ 1201.928287] ? lock_downgrade+0x740/0x740 [ 1201.932506] ? __fget+0x225/0x360 [ 1201.935941] ? __fdget+0x196/0x1f0 [ 1201.939468] ? sockfd_lookup_light+0xb2/0x160 [ 1201.943960] __sys_sendmsg+0xa3/0x120 [ 1201.947745] ? SyS_shutdown+0x160/0x160 [ 1201.951792] ? SyS_clock_gettime+0xf5/0x180 [ 1201.956273] ? SyS_clock_settime+0x1a0/0x1a0 [ 1201.960663] SyS_sendmsg+0x27/0x40 [ 1201.964181] ? __sys_sendmsg+0x120/0x120 [ 1201.968230] do_syscall_64+0x1d5/0x640 [ 1201.972104] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1201.977273] RIP: 0033:0x45d249 [ 1201.980438] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1201.988211] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1201.995462] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1202.002709] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1202.009957] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1202.017289] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c 04:28:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x24, 0x16, 0xf31}, 0x24}}, 0x0) 04:28:46 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f00000002c0)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a3100000000050001000600000005000500000000000c00078008001240479e61390d000300686173683a6d616300000000156502dde865ec69186962ab40cfd0aafca3cbcd6cc3b7017f2943b365c39eefb393b0f5f4dd01b0950a8bda943d29b2433e3c45e687846ed0337e18c30bb3a3dd3215554cf64f5c81694aca6fb0b826b9f91ae61ea279e61732a2b102826cfa597836b688fb96d0cdb536ec310f646448bdf9377216bc6e1cedd61c93e6c262e5d1271bd954a4b4fd7ba40b94c3e110bdaa605e7321fa"], 0x54}}, 0x0) 04:28:46 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = syz_open_procfs(0x0, &(0x7f0000000180)='status\x00') r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180)='ethtool\x00') sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0xc4, r3, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x4c, 0x2, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}]}]}, @ETHTOOL_A_STRSET_HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000051}, 0x8000) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000380)={0x274, r3, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_FEATURES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}]}, @ETHTOOL_A_FEATURES_WANTED={0xd8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x32, 0x4, "87fb4308776c4ca09729fcd6a0290add8628de53f66d7960d73e13efb9795bc07797be8ab33265687c8fbb9145a5"}, @ETHTOOL_A_BITSET_VALUE={0xa0, 0x4, "89ed23fdcf0194f98f5ae425db18ff2373520523dc14cae2faa662e0ddc6ca17b21c67754e58bb3ff606aba8555e06e800e47b810070b702e7792d3dd422b3754e6e02a81e6dc17339ce4209dee2f5f8a57e421de68cd95d8deb38373214a02f99dfeff8452c74292a289eed2d7e500a0293413f409c33dcc9ce277b10f26990e9a340c435ed809ba7f8889617f86c25a8f9a45a65aeb56a7d43e142"}]}, @ETHTOOL_A_FEATURES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_FEATURES_WANTED={0x148, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x82, 0x4, "34cdbd25d4dcc8b76adf11a57de04bef513d7f833112d63a783314c393a980f7c0f650d5a9f6e32ba7a482ca03794d029a87e42d1a6d9b556540ee78c50b0f13b7ea2e1c66c004a86e74f2af89805c77aed0d4831062288a71fe2fc7b246c81e89510425c23b40b144277ce9c8231f1ac1cd71befa5e149243d7bc02a065"}, @ETHTOOL_A_BITSET_VALUE={0xb1, 0x4, "7bde235fca64be10530c68067ae6550c622ec2851c0b34c17d3e5ebb4ceba87e8223d9753602b6e59f1facea9b2df572a8f6d8384bcea4897e4ece9c58755b1115b66349f2d17a807f30371d55fe2c64b951987f845b8362ceb88845297fbdbf4326959396f7ad244da3121f03e4989229e72605291801e7d941f85d03164b831f16b04268c52346de662c69c12d67c8da95d727a34619c1e96d1f7bbd94bfc1ba737302c1f5f04e68f3023ce3"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x274}, 0x1, 0x0, 0x0, 0x4040004}, 0x40000d0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r4, &(0x7f00003fefff)=""/1, 0x1) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r7, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r6, 0x89e2) 04:28:46 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:46 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:46 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900023100000000050001000600001405000500000000000c00078008001240479e61390d000300686173683a6d61630000000000000000"], 0x54}}, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x40802, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r3, 0xc0884113, &(0x7f0000000180)={0x1, 0xfffffff9, 0x3, 0x400, 0x6, 0x2, 0x3, 0x3, 0x3, 0xc4, 0x98}) ioctl$TIOCSERGETLSR(r1, 0x5459, &(0x7f0000000140)) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KDSETMODE(r5, 0x4b3a, 0x0) 04:28:46 executing program 2: r0 = open(&(0x7f0000000040)='./bus\x00', 0x8001141042, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x10240, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(r0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x2c) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) r6 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) sendfile(r1, r6, 0x0, 0x8482) [ 1203.708375] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1203.739654] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1203.753442] CPU: 1 PID: 7170 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1203.761277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1203.770635] Call Trace: [ 1203.773215] dump_stack+0x1b2/0x283 [ 1203.778567] warn_alloc.cold+0x96/0x1cc [ 1203.782534] ? check_preemption_disabled+0x35/0x240 [ 1203.787535] ? zone_watermark_ok_safe+0x220/0x220 [ 1203.792361] ? perf_trace_lock_acquire+0x510/0x510 [ 1203.797270] ? fs_reclaim_release+0xd0/0x110 [ 1203.801751] ? ip_set_alloc+0x47/0x60 [ 1203.805620] vzalloc+0x122/0x150 [ 1203.808969] ip_set_alloc+0x47/0x60 [ 1203.812576] hash_mac_create+0x36e/0x7c6 [ 1203.816619] ip_set_create+0x5f9/0xf30 [ 1203.820489] ? __find_set_type_get+0x360/0x360 [ 1203.825052] ? __mutex_lock+0x360/0x1310 [ 1203.829107] ? lock_downgrade+0x740/0x740 [ 1203.833236] ? __find_set_type_get+0x360/0x360 [ 1203.837799] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1203.842027] netlink_rcv_skb+0x125/0x390 [ 1203.846069] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1203.851076] ? netlink_ack+0x9a0/0x9a0 [ 1203.854948] ? ns_capable_common+0x127/0x150 [ 1203.859345] nfnetlink_rcv+0x1ab/0x1da0 [ 1203.863309] ? __dev_queue_xmit+0xcd6/0x2480 [ 1203.867711] ? check_preemption_disabled+0x35/0x240 [ 1203.872711] ? perf_trace_lock+0xf7/0x490 [ 1203.876841] ? perf_trace_lock_acquire+0x510/0x510 [ 1203.881765] ? nfnetlink_bind+0x240/0x240 [ 1203.885911] ? netlink_deliver_tap+0x90/0x7d0 [ 1203.890391] ? lock_downgrade+0x740/0x740 [ 1203.894521] netlink_unicast+0x437/0x610 [ 1203.898566] ? netlink_sendskb+0xd0/0xd0 [ 1203.902609] netlink_sendmsg+0x62e/0xb80 [ 1203.906653] ? nlmsg_notify+0x170/0x170 [ 1203.910607] ? kernel_recvmsg+0x210/0x210 [ 1203.914738] ? security_socket_sendmsg+0x83/0xb0 [ 1203.919471] ? nlmsg_notify+0x170/0x170 [ 1203.923447] sock_sendmsg+0xb5/0x100 [ 1203.927142] ___sys_sendmsg+0x6c8/0x800 [ 1203.931097] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1203.935845] ? __lock_acquire+0x5fc/0x3f20 [ 1203.940065] ? perf_trace_lock_acquire+0x510/0x510 [ 1203.945087] ? do_futex+0x12b/0x1930 [ 1203.948790] ? check_preemption_disabled+0x35/0x240 [ 1203.953805] ? __fget+0x1fe/0x360 [ 1203.957248] ? lock_acquire+0x170/0x3f0 [ 1203.961203] ? lock_downgrade+0x740/0x740 [ 1203.965345] ? __fget+0x225/0x360 [ 1203.968781] ? __fdget+0x196/0x1f0 [ 1203.972313] ? sockfd_lookup_light+0xb2/0x160 [ 1203.976786] __sys_sendmsg+0xa3/0x120 [ 1203.980566] ? SyS_shutdown+0x160/0x160 [ 1203.984527] ? SyS_clock_gettime+0xf5/0x180 [ 1203.988828] ? SyS_clock_settime+0x1a0/0x1a0 [ 1203.993220] SyS_sendmsg+0x27/0x40 [ 1203.996765] ? __sys_sendmsg+0x120/0x120 [ 1204.000819] do_syscall_64+0x1d5/0x640 [ 1204.004690] entry_SYSCALL_64_after_hwframe+0x46/0xbb 04:28:46 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x44, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}]}, 0x44}}, 0x0) [ 1204.009872] RIP: 0033:0x45d249 [ 1204.013064] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1204.020866] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1204.028119] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1204.035463] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1204.042714] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1204.049971] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1204.069918] IPVS: ftp: loaded support on port[0] = 21 04:28:46 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) [ 1204.132104] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1204.157878] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1204.160504] warn_alloc_show_mem: 1 callbacks suppressed [ 1204.160508] Mem-Info: [ 1204.176570] active_anon:233536 inactive_anon:6091 isolated_anon:0 [ 1204.176570] active_file:7393 inactive_file:33025 isolated_file:0 [ 1204.176570] unevictable:0 dirty:363 writeback:0 unstable:0 [ 1204.176570] slab_reclaimable:18441 slab_unreclaimable:136326 [ 1204.176570] mapped:62807 shmem:6280 pagetables:5939 bounce:0 [ 1204.176570] free:1087106 free_pcp:209 free_cma:0 [ 1204.221656] Node 0 active_anon:934144kB inactive_anon:24364kB active_file:29428kB inactive_file:132100kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251228kB dirty:1452kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 888832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1204.252648] audit: type=1804 audit(1597379326.648:58): pid=7193 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir485960110/syzkaller.LKYue4/538/bus" dev="sda1" ino=17071 res=1 [ 1204.253591] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1204.305767] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1204.344934] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1204.353300] Node 0 DMA32 free:546248kB min:36272kB low:45340kB high:54408kB active_anon:936308kB inactive_anon:24364kB active_file:29428kB inactive_file:132100kB unevictable:0kB writepending:1452kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14656kB pagetables:23608kB bounce:0kB free_pcp:864kB local_pcp:428kB free_cma:0kB [ 1204.385635] lowmem_reserve[]: 0 0 0 0 0 [ 1204.391374] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1204.421087] lowmem_reserve[]: 0 0 0 0 0 04:28:46 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)) write$snapshot(0xffffffffffffffff, &(0x7f0000000040), 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)={0x1c, r1, 0x301, 0x0, 0x0, {0xd, 0x0, 0xd00}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x2000000}, 0x0) [ 1204.426022] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1204.456086] lowmem_reserve[]: 0 0 0 0 0 [ 1204.461661] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 04:28:46 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUTCMAP(r0, 0x4605, &(0x7f0000000200)={0x0, 0x3, &(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000100), &(0x7f0000000140), 0x0}) [ 1204.475908] audit: type=1804 audit(1597379326.868:59): pid=7193 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir485960110/syzkaller.LKYue4/538/bus" dev="sda1" ino=17071 res=1 [ 1204.481969] Node 0 DMA32: 556*4kB (UE) 406*8kB (UE) 183*16kB (UME) 125*32kB (UME) 85*64kB (UME) 38*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 123*4096kB (M) = 550320kB [ 1204.547983] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1204.560427] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 04:28:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x40040}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000)='batadv\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)={0x1c, r1, 0x301, 0x0, 0x0, {0xd, 0x0, 0xd00}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x2000000}, 0x0) socket$kcm(0x10, 0x0, 0x10) [ 1204.604122] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1204.636511] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1204.641881] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 04:28:47 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@allocspi={0xf8, 0x16, 0x311, 0x0, 0x0, {{{@in=@remote, @in=@broadcast}, {@in=@private, 0x0, 0x6c}, @in=@broadcast, {}, {}, {}, 0x0, 0x0, 0x300}}}, 0xf8}, 0x8}, 0x0) [ 1204.650701] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1204.682174] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1204.708671] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1204.721300] 25647 total pagecache pages [ 1204.725480] 0 pages in swap cache [ 1204.729940] Swap cache stats: add 0, delete 0, find 0/0 [ 1204.735715] Free swap = 0kB [ 1204.738908] Total swap = 0kB [ 1204.744331] 1965979 pages RAM [ 1204.747932] 0 pages HighMem/MovableOnly [ 1204.754692] 339072 pages reserved [ 1204.758395] 0 pages cma reserved [ 1204.763361] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1204.791812] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1204.805223] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1204.819482] CPU: 1 PID: 7223 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1204.827330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1204.836689] Call Trace: [ 1204.839289] dump_stack+0x1b2/0x283 [ 1204.842932] warn_alloc.cold+0x96/0x1cc [ 1204.846962] ? check_preemption_disabled+0x35/0x240 [ 1204.851990] ? zone_watermark_ok_safe+0x220/0x220 [ 1204.856846] ? perf_trace_lock_acquire+0x510/0x510 [ 1204.861788] ? fs_reclaim_release+0xd0/0x110 [ 1204.866215] ? ip_set_alloc+0x47/0x60 [ 1204.870441] vzalloc+0x122/0x150 [ 1204.873857] ip_set_alloc+0x47/0x60 [ 1204.877466] hash_mac_create+0x36e/0x7c6 [ 1204.881513] ip_set_create+0x5f9/0xf30 [ 1204.885383] ? __find_set_type_get+0x360/0x360 [ 1204.890004] ? __mutex_lock+0x360/0x1310 [ 1204.894451] ? __find_set_type_get+0x360/0x360 [ 1204.899015] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1204.903298] netlink_rcv_skb+0x125/0x390 [ 1204.907481] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1204.912588] ? netlink_ack+0x9a0/0x9a0 [ 1204.916463] ? ns_capable_common+0x127/0x150 [ 1204.920856] nfnetlink_rcv+0x1ab/0x1da0 [ 1204.924812] ? __dev_queue_xmit+0xcd6/0x2480 [ 1204.929219] ? check_preemption_disabled+0x35/0x240 [ 1204.934258] ? perf_trace_lock+0xf7/0x490 [ 1204.938393] ? perf_trace_lock_acquire+0x510/0x510 [ 1204.943922] ? nfnetlink_bind+0x240/0x240 [ 1204.948050] ? netlink_deliver_tap+0x90/0x7d0 [ 1204.952713] ? lock_downgrade+0x740/0x740 [ 1204.956860] netlink_unicast+0x437/0x610 [ 1204.960921] ? netlink_sendskb+0xd0/0xd0 [ 1204.964981] netlink_sendmsg+0x62e/0xb80 [ 1204.969037] ? nlmsg_notify+0x170/0x170 [ 1204.972992] ? kernel_recvmsg+0x210/0x210 [ 1204.977149] ? security_socket_sendmsg+0x83/0xb0 [ 1204.981907] ? nlmsg_notify+0x170/0x170 [ 1204.985864] sock_sendmsg+0xb5/0x100 [ 1204.989563] ___sys_sendmsg+0x6c8/0x800 [ 1204.993520] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1204.998253] ? __lock_acquire+0x5fc/0x3f20 [ 1205.002473] ? perf_trace_lock_acquire+0x510/0x510 [ 1205.007383] ? check_preemption_disabled+0x35/0x240 [ 1205.012385] ? __fget+0x1fe/0x360 [ 1205.015993] ? lock_acquire+0x170/0x3f0 [ 1205.019958] ? lock_downgrade+0x740/0x740 [ 1205.024091] ? __fget+0x225/0x360 [ 1205.027525] ? __fdget+0x196/0x1f0 [ 1205.031048] ? sockfd_lookup_light+0xb2/0x160 [ 1205.035523] __sys_sendmsg+0xa3/0x120 [ 1205.039361] ? SyS_shutdown+0x160/0x160 [ 1205.043344] ? SyS_clock_gettime+0xf5/0x180 [ 1205.047664] ? SyS_clock_settime+0x1a0/0x1a0 [ 1205.052063] ? fput+0xb/0x140 [ 1205.055259] SyS_sendmsg+0x27/0x40 [ 1205.058780] ? __sys_sendmsg+0x120/0x120 [ 1205.062828] do_syscall_64+0x1d5/0x640 [ 1205.066792] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1205.072064] RIP: 0033:0x45d249 [ 1205.075233] RSP: 002b:00007fe770be1c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1205.082938] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1205.090202] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1205.097459] RBP: 000000000118d160 R08: 0000000000000000 R09: 0000000000000000 04:28:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f00000000c0)) r2 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x14, &(0x7f0000000080), 0x301) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_S_JPEGCOMP(r4, 0x408c563e, &(0x7f0000000140)={0x101, 0x9, 0x0, "5702dc4b89326f5b34af143d02ec18b4231d0d34e7dcdc7b39e2e3fec862cbf15b0d0f3a7064a3bbaff8dad44f650e4e81fcc519a51d1dd3d74df8fe", 0x3c, "704a96993432a62dd5d5780103e4393eaa4b44c0451f7c4a02dea1de58617cc79be5fd5a5d7a7bbf699633122e0397de40355b039d077e0bc614476e", 0x60}) setsockopt$sock_attach_bpf(r2, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESOCT=r2], 0x14}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) setsockopt$inet_icmp_ICMP_FILTER(r6, 0x1, 0x1, &(0x7f0000000100)={0x9}, 0x4) [ 1205.105682] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118d12c [ 1205.112930] R13: 00007fffec3adf2f R14: 00007fe770be29c0 R15: 000000000118d12c 04:28:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x9f) 04:28:49 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@allocspi={0xf8, 0x16, 0x311, 0x0, 0x0, {{{@in=@remote, @in=@broadcast}, {@in=@private, 0x0, 0x33}, @in=@broadcast}}}, 0xf8}, 0x8}, 0x0) 04:28:49 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x44, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}]}, 0x44}}, 0x0) 04:28:49 executing program 0: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:49 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) r6 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r6, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r6, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000d, 0x810, r6, 0x1901a000) 04:28:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r2, 0x111, 0x2, 0x0, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:49 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x44, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}]}, 0x44}}, 0x0) 04:28:49 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv6_newnexthop={0x20, 0x68, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x4}, [@NHA_OIF={0x8, 0x5, r1}]}, 0x20}}, 0x0) 04:28:49 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$kcm(0x10, 0x2, 0x0) getsockopt$sock_int(r2, 0x1, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4) [ 1206.704470] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1206.774201] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1206.793022] CPU: 1 PID: 7267 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1206.800865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1206.807786] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=104 sclass=netlink_route_socket pid=7283 comm=syz-executor.2 [ 1206.810313] Call Trace: [ 1206.810333] dump_stack+0x1b2/0x283 [ 1206.810351] warn_alloc.cold+0x96/0x1cc [ 1206.810362] ? check_preemption_disabled+0x35/0x240 [ 1206.810372] ? zone_watermark_ok_safe+0x220/0x220 [ 1206.810383] ? perf_trace_lock_acquire+0x510/0x510 [ 1206.810394] ? fs_reclaim_release+0xd0/0x110 [ 1206.810412] ? ip_set_alloc+0x47/0x60 [ 1206.810424] vzalloc+0x122/0x150 [ 1206.810435] ip_set_alloc+0x47/0x60 [ 1206.810448] hash_mac_create+0x36e/0x7c6 [ 1206.810460] ip_set_create+0x5f9/0xf30 [ 1206.810474] ? __find_set_type_get+0x360/0x360 [ 1206.810485] ? __mutex_lock+0x360/0x1310 [ 1206.879292] ? lock_downgrade+0x740/0x740 [ 1206.884502] ? __find_set_type_get+0x360/0x360 [ 1206.889096] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1206.893378] netlink_rcv_skb+0x125/0x390 [ 1206.897448] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1206.902474] ? netlink_ack+0x9a0/0x9a0 [ 1206.906378] ? ns_capable_common+0x127/0x150 [ 1206.910802] nfnetlink_rcv+0x1ab/0x1da0 [ 1206.914779] ? __dev_queue_xmit+0xcd6/0x2480 [ 1206.919220] ? check_preemption_disabled+0x35/0x240 04:28:49 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x20, 0x3, 0xa, 0x5, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x2}}, 0x88}}, 0x0) 04:28:49 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c00000002060101000005000400000900020073797a3100000000050001000600000005000400010000000c00078008001240479e61390500040000000000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x5}, 0x404c840) ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000080)={0x3f, 0x3, 0xb0, &(0x7f0000000140)="ee306066d04e732763392470b0b893f855a5241e45910c7641199a3635f1e4b6833a3382c7862385b92267473228247593ecdcacc5ec5315000c89c4f891b03c8d39012b4aa35d65174f5ee0664ccc89b4b4322a6ee4d33c902592f48843934120ce87b8c0743572c1769c56511d58238d7da56da1413d737abd9d8da3abcd58438d31f343d4dd9eabee592452d3d2f6bde1c58eb567eff6027478b5417540fc72be0e762daf1ab8839217fd9b3b46dc"}) [ 1206.924246] ? perf_trace_lock+0xf7/0x490 [ 1206.928411] ? perf_trace_lock_acquire+0x510/0x510 [ 1206.935797] ? nfnetlink_bind+0x240/0x240 [ 1206.939968] ? netlink_deliver_tap+0x90/0x7d0 [ 1206.944477] ? lock_downgrade+0x740/0x740 [ 1206.948648] netlink_unicast+0x437/0x610 [ 1206.952749] ? netlink_sendskb+0xd0/0xd0 [ 1206.956823] netlink_sendmsg+0x62e/0xb80 [ 1206.960898] ? nlmsg_notify+0x170/0x170 [ 1206.964875] ? kernel_recvmsg+0x210/0x210 [ 1206.969030] ? security_socket_sendmsg+0x83/0xb0 [ 1206.973792] ? nlmsg_notify+0x170/0x170 [ 1206.977793] sock_sendmsg+0xb5/0x100 [ 1206.981520] ___sys_sendmsg+0x6c8/0x800 [ 1206.985507] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1206.990360] ? __lock_acquire+0x5fc/0x3f20 [ 1206.994606] ? perf_trace_lock_acquire+0x510/0x510 [ 1206.999540] ? do_futex+0x12b/0x1930 [ 1207.003253] ? check_preemption_disabled+0x35/0x240 [ 1207.008278] ? __fget+0x1fe/0x360 [ 1207.011740] ? lock_acquire+0x170/0x3f0 [ 1207.015718] ? lock_downgrade+0x740/0x740 [ 1207.019887] ? __fget+0x225/0x360 04:28:49 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) [ 1207.023344] ? __fdget+0x196/0x1f0 [ 1207.023436] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1207.026877] ? sockfd_lookup_light+0xb2/0x160 [ 1207.026891] __sys_sendmsg+0xa3/0x120 [ 1207.026901] ? SyS_shutdown+0x160/0x160 [ 1207.026923] ? SyS_clock_gettime+0xf5/0x180 [ 1207.026932] ? SyS_clock_settime+0x1a0/0x1a0 [ 1207.026942] SyS_sendmsg+0x27/0x40 [ 1207.060110] ? __sys_sendmsg+0x120/0x120 [ 1207.064177] do_syscall_64+0x1d5/0x640 [ 1207.068081] entry_SYSCALL_64_after_hwframe+0x46/0xbb 04:28:49 executing program 2: [ 1207.073271] RIP: 0033:0x45d249 [ 1207.076461] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1207.084179] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1207.091544] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006 [ 1207.099001] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1207.106287] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1207.113563] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c 04:28:49 executing program 2: 04:28:49 executing program 2: [ 1207.123346] warn_alloc_show_mem: 1 callbacks suppressed [ 1207.123350] Mem-Info: [ 1207.134339] active_anon:233527 inactive_anon:6091 isolated_anon:0 [ 1207.134339] active_file:7393 inactive_file:33042 isolated_file:0 [ 1207.134339] unevictable:0 dirty:99 writeback:0 unstable:0 [ 1207.134339] slab_reclaimable:18438 slab_unreclaimable:136289 [ 1207.134339] mapped:62831 shmem:6280 pagetables:5883 bounce:0 [ 1207.134339] free:1086908 free_pcp:233 free_cma:0 04:28:49 executing program 2: [ 1207.169082] Node 0 active_anon:934108kB inactive_anon:24364kB active_file:29428kB inactive_file:132172kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251328kB dirty:400kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 892928kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1207.198172] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1207.199393] IPVS: ftp: loaded support on port[0] = 21 [ 1207.235234] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1207.268889] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1207.274432] Node 0 DMA32 free:549296kB min:36272kB low:45340kB high:54408kB active_anon:934108kB inactive_anon:24364kB active_file:29428kB inactive_file:132172kB unevictable:0kB writepending:400kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14592kB pagetables:23680kB bounce:0kB free_pcp:924kB local_pcp:388kB free_cma:0kB [ 1207.305066] lowmem_reserve[]: 0 0 0 0 0 [ 1207.309252] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1207.335570] lowmem_reserve[]: 0 0 0 0 0 [ 1207.340531] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1207.369714] lowmem_reserve[]: 0 0 0 0 0 [ 1207.373896] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1207.392583] Node 0 DMA32: 650*4kB (UME) 351*8kB (UME) 171*16kB (UE) 128*32kB (UME) 88*64kB (UME) 33*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 4*2048kB (UME) 123*4096kB (M) = 551760kB [ 1207.411170] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1207.424098] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1207.442639] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1207.452959] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1207.462908] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1207.473420] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1207.483593] 25666 total pagecache pages [ 1207.487797] 0 pages in swap cache [ 1207.493269] Swap cache stats: add 0, delete 0, find 0/0 [ 1207.501162] Free swap = 0kB [ 1207.504388] Total swap = 0kB [ 1207.507720] 1965979 pages RAM [ 1207.512341] 0 pages HighMem/MovableOnly [ 1207.516471] 339072 pages reserved [ 1207.521931] 0 pages cma reserved [ 1207.528861] IPVS: ftp: loaded support on port[0] = 21 [ 1207.557454] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.0'. 04:28:52 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x10c, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x405}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@empty}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e01}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0x10c}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:52 executing program 2: 04:28:52 executing program 3: 04:28:52 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:28:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000000900020073797a3100000000050001000600000005000500000000000c00078001041240479e61390d000300686173683a6d616300000000"], 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000080)={0x3, r2}) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r3, 0x8, 0x70bd2a, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x10) 04:28:52 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x78, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffffffff}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x20}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e20}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x19}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x4}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x78}}, 0x0) 04:28:52 executing program 3: 04:28:52 executing program 2: 04:28:52 executing program 3: 04:28:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = userfaultfd(0x80800) fcntl$setsig(r1, 0xa, 0x22) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:52 executing program 2: 04:28:52 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) [ 1209.765624] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1209.914287] syz-executor.1: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1209.934034] syz-executor.1 cpuset=/ mems_allowed=0-1 [ 1209.944203] CPU: 1 PID: 7391 Comm: syz-executor.1 Not tainted 4.14.193-syzkaller #0 [ 1209.952035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1209.961397] Call Trace: [ 1209.963996] dump_stack+0x1b2/0x283 [ 1209.967638] warn_alloc.cold+0x96/0x1cc [ 1209.971625] ? check_preemption_disabled+0x35/0x240 [ 1209.976650] ? zone_watermark_ok_safe+0x220/0x220 [ 1209.981504] ? perf_trace_lock_acquire+0x510/0x510 [ 1209.986446] ? fs_reclaim_release+0xd0/0x110 [ 1209.990875] ? ip_set_alloc+0x47/0x60 [ 1209.994684] vzalloc+0x122/0x150 [ 1209.998060] ip_set_alloc+0x47/0x60 [ 1210.001783] hash_mac_create+0x36e/0x7c6 [ 1210.005858] ip_set_create+0x5f9/0xf30 [ 1210.009756] ? __find_set_type_get+0x360/0x360 [ 1210.014521] ? __mutex_lock+0x360/0x1310 [ 1210.018724] ? lock_downgrade+0x740/0x740 [ 1210.022866] ? __find_set_type_get+0x360/0x360 [ 1210.030389] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1210.034624] netlink_rcv_skb+0x125/0x390 [ 1210.038671] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1210.043678] ? netlink_ack+0x9a0/0x9a0 [ 1210.047549] ? ns_capable_common+0x127/0x150 [ 1210.051940] nfnetlink_rcv+0x1ab/0x1da0 [ 1210.055899] ? __dev_queue_xmit+0xcd6/0x2480 [ 1210.060324] ? check_preemption_disabled+0x35/0x240 [ 1210.065341] ? perf_trace_lock+0xf7/0x490 [ 1210.069474] ? perf_trace_lock_acquire+0x510/0x510 [ 1210.074400] ? nfnetlink_bind+0x240/0x240 [ 1210.078548] ? netlink_deliver_tap+0x90/0x7d0 [ 1210.083026] ? lock_downgrade+0x740/0x740 [ 1210.087164] netlink_unicast+0x437/0x610 [ 1210.091234] ? netlink_sendskb+0xd0/0xd0 [ 1210.095280] netlink_sendmsg+0x62e/0xb80 [ 1210.099353] ? nlmsg_notify+0x170/0x170 [ 1210.103305] ? kernel_recvmsg+0x210/0x210 [ 1210.107439] ? security_socket_sendmsg+0x83/0xb0 [ 1210.112200] ? nlmsg_notify+0x170/0x170 [ 1210.116154] sock_sendmsg+0xb5/0x100 [ 1210.119949] ___sys_sendmsg+0x6c8/0x800 [ 1210.124085] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1210.128877] ? __lock_acquire+0x5fc/0x3f20 [ 1210.133107] ? perf_trace_lock_acquire+0x510/0x510 [ 1210.138021] ? do_futex+0x12b/0x1930 [ 1210.141773] ? check_preemption_disabled+0x35/0x240 [ 1210.146799] ? __fget+0x1fe/0x360 [ 1210.150246] ? lock_acquire+0x170/0x3f0 [ 1210.154214] ? lock_downgrade+0x740/0x740 [ 1210.158367] ? __fget+0x225/0x360 [ 1210.161808] ? __fdget+0x196/0x1f0 [ 1210.165347] ? sockfd_lookup_light+0xb2/0x160 [ 1210.169862] __sys_sendmsg+0xa3/0x120 [ 1210.173649] ? SyS_shutdown+0x160/0x160 [ 1210.177619] ? SyS_clock_gettime+0xf5/0x180 [ 1210.181941] ? SyS_clock_settime+0x1a0/0x1a0 [ 1210.186349] ? fput+0xb/0x140 [ 1210.189440] SyS_sendmsg+0x27/0x40 [ 1210.192970] ? __sys_sendmsg+0x120/0x120 [ 1210.197038] do_syscall_64+0x1d5/0x640 [ 1210.200913] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1210.206094] RIP: 0033:0x45d249 [ 1210.211366] RSP: 002b:00007fe770c44c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1210.219075] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1210.226334] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1210.233602] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1210.241027] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1210.248279] R13: 00007fffec3adf2f R14: 00007fe770c459c0 R15: 000000000118cf4c [ 1210.264421] Mem-Info: [ 1210.266995] active_anon:231916 inactive_anon:6091 isolated_anon:0 [ 1210.266995] active_file:7394 inactive_file:33047 isolated_file:0 [ 1210.266995] unevictable:0 dirty:126 writeback:0 unstable:0 [ 1210.266995] slab_reclaimable:18438 slab_unreclaimable:134785 [ 1210.266995] mapped:62834 shmem:6280 pagetables:5799 bounce:0 [ 1210.266995] free:1090263 free_pcp:319 free_cma:0 [ 1210.301560] Node 0 active_anon:927664kB inactive_anon:24364kB active_file:29432kB inactive_file:132188kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251368kB dirty:520kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 886784kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1210.331137] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1210.357023] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1210.383936] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1210.389077] Node 0 DMA32 free:560328kB min:36272kB low:45340kB high:54408kB active_anon:927664kB inactive_anon:24364kB active_file:29432kB inactive_file:132188kB unevictable:0kB writepending:524kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14272kB pagetables:23196kB bounce:0kB free_pcp:1292kB local_pcp:664kB free_cma:0kB [ 1210.419587] lowmem_reserve[]: 0 0 0 0 0 [ 1210.423631] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1210.449493] lowmem_reserve[]: 0 0 0 0 0 [ 1210.453491] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1210.481198] lowmem_reserve[]: 0 0 0 0 0 [ 1210.485196] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1210.498851] Node 0 DMA32: 826*4kB (UME) 275*8kB (UME) 441*16kB (UME) 163*32kB (UME) 94*64kB (UME) 33*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 2*2048kB (UE) 125*4096kB (M) = 561776kB [ 1210.517480] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1210.528438] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1210.546130] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1210.555060] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1210.563975] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1210.573086] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1210.581837] 25677 total pagecache pages [ 1210.585889] 0 pages in swap cache [ 1210.589891] Swap cache stats: add 0, delete 0, find 0/0 [ 1210.595759] Free swap = 0kB [ 1210.598831] Total swap = 0kB [ 1210.601835] 1965979 pages RAM [ 1210.604914] 0 pages HighMem/MovableOnly [ 1210.610077] 339072 pages reserved [ 1210.613522] 0 pages cma reserved 04:28:55 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x1) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x104, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x28}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}]}, 0x104}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:55 executing program 2: 04:28:55 executing program 3: 04:28:55 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:28:55 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r3 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$VIDIOC_STREAMON(r5, 0x40045612, &(0x7f0000000140)=0x3) ioctl$FS_IOC_FSGETXATTR(r3, 0x801c581f, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'macvlan0\x00', {0x2, 0x4e20, @broadcast}}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:28:55 executing program 1: 04:28:55 executing program 1: 04:28:55 executing program 2: 04:28:55 executing program 3: 04:28:55 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:55 executing program 1: 04:28:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f00000036c0)=[{{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000100)}, {&(0x7f0000000140)="9b83ef", 0x3}], 0x2}}], 0x500, 0x0) [ 1212.857532] IPVS: ftp: loaded support on port[0] = 21 [ 1213.002004] syz-executor.0: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1213.032388] syz-executor.0 cpuset=/ mems_allowed=0-1 [ 1213.058366] CPU: 0 PID: 7418 Comm: syz-executor.0 Not tainted 4.14.193-syzkaller #0 [ 1213.066211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1213.075569] Call Trace: [ 1213.078171] dump_stack+0x1b2/0x283 [ 1213.081805] warn_alloc.cold+0x96/0x1cc [ 1213.085787] ? check_preemption_disabled+0x35/0x240 [ 1213.090812] ? zone_watermark_ok_safe+0x220/0x220 [ 1213.095668] ? perf_trace_lock_acquire+0x510/0x510 [ 1213.100612] ? fs_reclaim_release+0xd0/0x110 [ 1213.105040] ? ip_set_alloc+0x47/0x60 [ 1213.108857] vzalloc+0x122/0x150 [ 1213.112230] ip_set_alloc+0x47/0x60 [ 1213.115871] hash_mac_create+0x36e/0x7c6 [ 1213.119946] ip_set_create+0x5f9/0xf30 [ 1213.123854] ? __find_set_type_get+0x360/0x360 [ 1213.128453] ? __mutex_lock+0x360/0x1310 [ 1213.132554] ? lock_downgrade+0x740/0x740 [ 1213.136712] ? __find_set_type_get+0x360/0x360 [ 1213.141306] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1213.145570] netlink_rcv_skb+0x125/0x390 [ 1213.149640] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1213.154661] ? netlink_ack+0x9a0/0x9a0 [ 1213.158557] ? ns_capable_common+0x127/0x150 [ 1213.162972] nfnetlink_rcv+0x1ab/0x1da0 [ 1213.166950] ? rcu_read_unlock_special+0x776/0xdd0 [ 1213.171884] ? check_preemption_disabled+0x35/0x240 [ 1213.176907] ? perf_trace_lock+0xf7/0x490 [ 1213.181059] ? perf_trace_lock_acquire+0x510/0x510 [ 1213.186113] ? nfnetlink_bind+0x240/0x240 [ 1213.190275] ? netlink_deliver_tap+0x90/0x7d0 [ 1213.194764] ? lock_downgrade+0x740/0x740 [ 1213.199001] netlink_unicast+0x437/0x610 [ 1213.203063] ? netlink_sendskb+0xd0/0xd0 [ 1213.207110] netlink_sendmsg+0x62e/0xb80 [ 1213.211226] ? nlmsg_notify+0x170/0x170 [ 1213.215252] ? kernel_recvmsg+0x210/0x210 [ 1213.219418] ? security_socket_sendmsg+0x83/0xb0 [ 1213.224163] ? nlmsg_notify+0x170/0x170 [ 1213.228135] sock_sendmsg+0xb5/0x100 [ 1213.231836] ___sys_sendmsg+0x6c8/0x800 [ 1213.235794] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1213.240541] ? __lock_acquire+0x5fc/0x3f20 [ 1213.244913] ? perf_trace_lock_acquire+0x510/0x510 [ 1213.250125] ? do_futex+0x12b/0x1930 [ 1213.253920] ? check_preemption_disabled+0x35/0x240 [ 1213.258989] ? __fget+0x1fe/0x360 [ 1213.262443] ? lock_acquire+0x170/0x3f0 [ 1213.266403] ? lock_downgrade+0x740/0x740 [ 1213.270535] ? __fget+0x225/0x360 [ 1213.273972] ? __fdget+0x196/0x1f0 [ 1213.277493] ? sockfd_lookup_light+0xb2/0x160 [ 1213.282493] __sys_sendmsg+0xa3/0x120 [ 1213.286289] ? SyS_shutdown+0x160/0x160 [ 1213.290250] ? SyS_clock_gettime+0xf5/0x180 [ 1213.294553] ? SyS_clock_settime+0x1a0/0x1a0 [ 1213.298942] SyS_sendmsg+0x27/0x40 [ 1213.302464] ? __sys_sendmsg+0x120/0x120 [ 1213.306506] do_syscall_64+0x1d5/0x640 [ 1213.310391] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1213.316113] RIP: 0033:0x45d249 [ 1213.319284] RSP: 002b:00007f1c6356dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1213.326978] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1213.334238] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000008 [ 1213.341519] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1213.348870] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1213.356136] R13: 00007ffd3fb1901f R14: 00007f1c6356e9c0 R15: 000000000118cf4c [ 1213.366622] Mem-Info: [ 1213.373629] active_anon:232420 inactive_anon:6091 isolated_anon:0 [ 1213.373629] active_file:7394 inactive_file:33055 isolated_file:0 [ 1213.373629] unevictable:0 dirty:150 writeback:0 unstable:0 [ 1213.373629] slab_reclaimable:18438 slab_unreclaimable:134378 [ 1213.373629] mapped:62844 shmem:6280 pagetables:5807 bounce:0 [ 1213.373629] free:1090285 free_pcp:274 free_cma:0 [ 1213.411462] Node 0 active_anon:929716kB inactive_anon:24364kB active_file:29432kB inactive_file:132220kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251400kB dirty:600kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 888832kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1213.440397] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1213.466754] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1213.493122] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1213.498252] Node 0 DMA32 free:561880kB min:36272kB low:45340kB high:54408kB active_anon:929716kB inactive_anon:24364kB active_file:29432kB inactive_file:132220kB unevictable:0kB writepending:600kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14176kB pagetables:23200kB bounce:0kB free_pcp:1072kB local_pcp:640kB free_cma:0kB [ 1213.530035] lowmem_reserve[]: 0 0 0 0 0 [ 1213.534085] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1213.560819] lowmem_reserve[]: 0 0 0 0 0 [ 1213.564847] Node 1 Normal free:3783628kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1213.593520] lowmem_reserve[]: 0 0 0 0 0 [ 1213.597598] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1213.611558] Node 0 DMA32: 612*4kB (UME) 208*8kB (UME) 428*16kB (UE) 269*32kB (UME) 96*64kB (UME) 33*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 561648kB [ 1213.629416] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1213.640260] Node 1 Normal: 51*4kB (UME) 342*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783628kB [ 1213.657135] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1213.666083] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1213.674768] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1213.683664] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1213.692334] 25685 total pagecache pages [ 1213.696317] 0 pages in swap cache [ 1213.699832] Swap cache stats: add 0, delete 0, find 0/0 [ 1213.705207] Free swap = 0kB [ 1213.708494] Total swap = 0kB [ 1213.711516] 1965979 pages RAM [ 1213.714606] 0 pages HighMem/MovableOnly [ 1213.718635] 339072 pages reserved [ 1213.722076] 0 pages cma reserved 04:28:58 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() syz_open_dev$vim2m(&(0x7f0000000100)='/dev/video#\x00', 0xbb95, 0x2) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1, 0x3}) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:28:58 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mount(0x0, 0x0, &(0x7f00005f7ffa)='ramfs\x00', 0x0, 0x0) mbind(&(0x7f000040a000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x2) 04:28:58 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:58 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f00000036c0)=[{{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000100)}, {&(0x7f0000000140)="9b83ef", 0x3}], 0x2}}], 0x500, 0x0) 04:28:58 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) 04:28:58 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x54}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0xb, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x80) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x20000, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180)='nl80211\x00') r5 = socket(0x11, 0x800000003, 0x0) bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000080), &(0x7f0000002000)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000380)={0xd46, 0x0, 0x8, 0x8000}, 0x10) r7 = socket(0x10, 0x3, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = dup2(r8, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_FORWARD(r9, 0x40084149, &(0x7f0000000100)=0x2) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x38, 0x2, {{}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x8}]}]}}}]}, 0x68}}, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r4, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x8, 0xbd, [0xda00, 0x3]}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, r6}, @NL80211_ATTR_MAC={0xa, 0x6, @local}]}, 0x30}}, 0x4008000) 04:28:58 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:28:58 executing program 3: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mount(0x0, 0x0, &(0x7f00005f7ffa)='ramfs\x00', 0x0, 0x0) mbind(&(0x7f000040a000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x2) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 1215.826828] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 04:28:58 executing program 2: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xa, 0x0, 0x0) r0 = socket(0x10, 0x80002, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x0, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x68000000, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb, 0x1, 'gretap\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r4}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}}, 0x0) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="480000001000050700"/18, @ANYRES32=r5, @ANYBLOB="00f0000000000000280012000c00010076657468"], 0x48}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)={0x20, r7, 0x4e559e2353b8c5d7, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x20}}, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)={0x290, r7, 0x8, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x110, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x48}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @remote}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x42}}}, {0x14, 0x2, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x40}}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xffffffc1}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x71}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc4e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x10000}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}]}, @TIPC_NLA_NET={0x28, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffffff01}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffffff9}]}, @TIPC_NLA_BEARER={0x38, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @rand_addr=0x64010102}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010101}}}}]}, @TIPC_NLA_NODE={0x10c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0xa9, 0x3, "7373af23c6a1c20d9d6288f80a0f2090f9460f0f242b46320b26b71bf98092db9cd45de9c800127f73797e14b2fd88fe1fead937bd4ebc8bea345d2a0e085247062141e72b064cbbd187cf395f1bbcee1187df9ad5cedfee1a52691b2327d54fcab06309e75d9fcdc53d1a9ba5c03937fd2b5a6ae3b2d295a2ba114537c02f1eb9014382101a8277ca9c94800d595792b8dd162228c1ba6bce863deac8071a3629162154b0"}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "0d264e92661bc8f6981369bf8d459f39908180c73e08f7619ff742a3aff88e6ae011b6"}}]}]}, 0x290}, 0x1, 0x0, 0x0, 0x4050}, 0x4000810) 04:28:58 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) [ 1215.887784] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. 04:28:58 executing program 3: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mount(0x0, 0x0, &(0x7f00005f7ffa)='ramfs\x00', 0x0, 0x0) mbind(&(0x7f000040a000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x2) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) 04:28:58 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:29:01 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x36a) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f815) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040), 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setopts(0x4206, r1, 0x0, 0x0) wait4(0xffffffffffffffff, 0x0, 0x0, 0x0) 04:29:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) 04:29:01 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) 04:29:01 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket(0x2a, 0x0, 0x0) r0 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x4924924924926d3, 0x0) socket(0x0, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) getsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, &(0x7f0000000340)) 04:29:01 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="74000000020601080000000000000000ffffffff11000300686173003a69702c6d61726b0000000005000400010000000900020073797a3135d06a000056be000010000300686173683a69702c6d61630005000400000800000900020073797a32000000000500050007000000090002007d797a3100000000"], 0x74}}, 0x0) 04:29:01 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() clone(0x8000, &(0x7f00000000c0)="1159", &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="51d6ffcd5d74df4530687fbbb7993d1cd8ffd4450ccdb84afa253d123763225e8ca4e9d80582f8d10dbc8e256f36b1ae0dc5dbb3d5fa27c7d94ba5cd3f8c3dc444c21cb7361bf258c7300d68c402125d454f08abfdfba31e1bb402451223ebf3b31360") r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:29:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:29:01 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81d36bb3019c13bd2321afe311ffea39604a5f9c9e0900000000000002fb0b71d0e6adfefcf1d8f7faf75e0f226bd917487960717142fa9ea4318123751c0a0e168c1886d0d4d94f2f4e345c652fbc16ee988e6e0dc8cedf3ceb9fd8e6a8714cde6ac310f6296b32a83438810720a159cda903634e369a9e152ddca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd963218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa0000000000000000000000000000000000000000ddffffff020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9de0300000000000000af9cb09c3bfd09000000b91ab219efdebb7b3de8f67581cf796a1d4223b90e407bff7ffcad3f6c962b9f03000000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43e153b3d34899fcf0a41470ea2474b540500a30b23bcee46762c2093bcc9eae5aa705989b8e673e3296e52d337c56abf112874ec309bae08fa5d99895f51885a1ad2c4bdec9abbd0495f06d058a73651d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d971f7a2591dbe4a912ffaf6f658f8cbc3e2886744f83a83f138f8f92efd92239eafcfa53f76dab0398e5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad380a447483cac394c7bbdcd0e3b1c39b6e0c410ade7a36b2635d60916de48a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73755539280b064bdaba71f897144910fe050038ecffff0000298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06dddeb61799257ab55ff413c86ba9affb12ec757c7234c270246c878d01160e6c07bf6c08329c3a0d062357ba2515567230ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972ea3b77641467c89fa0f82e8440105051e5510a33dcda5e143fbf221fff161c12ca389cbe4c51b3fa00675cc175067d2a214f8c9d9b2ecf63016c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f39113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad973347d0de7ba4754ff231a1b933d8f931ba3552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2af79b8d4c2bf0f7a2cb032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2b4dcb5dd9cba16b62040bf8702ae12c77ec938a7c17daa98166e34991af603e3856a346cf7f9fe0bc9f2a1a7506d35e5eb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c010000000000000048a9dea00000b91d2309dc7ae49e4d5f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca165cbbbaa2935f602327484386b"], &(0x7f0000000140)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000040)="8651d07fb041b7be8dbb735aadf0", 0x0, 0x0, 0x0, 0x0, 0xb8, 0x0, &(0x7f0000000180)="80"}, 0x40) [ 1218.950109] IPVS: ftp: loaded support on port[0] = 21 04:29:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:29:01 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:29:01 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) syz_init_net_socket$x25(0x9, 0x5, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000140)) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000000206010100000000000000000000000005000400000000cba3a4cf0073797a31000000ec70c993b0a609000000003e0000000005000500000000000c00078008000300686173683a"], 0x54}}, 0x0) [ 1219.217690] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 1219.395815] IPVS: ftp: loaded support on port[0] = 21 [ 1219.423056] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.0'. 04:29:04 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) 04:29:04 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:04 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:29:04 executing program 2: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, 0x0) 04:29:04 executing program 5: dup(0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) gettid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f00003fefff)=""/1, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r3, 0x89e2) 04:29:04 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000400000084) bind$inet6(r0, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="bd", 0x1, 0x0, &(0x7f0000bb6000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendto$inet6(r0, &(0x7f0000000080)='~', 0x1, 0x0, 0x0, 0x0) close(r0) 04:29:04 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:04 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1221.902923] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 1221.945851] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. 04:29:04 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:29:04 executing program 2: 04:29:04 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) [ 1221.990918] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING 04:29:04 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) [ 1222.113039] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING 04:29:04 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) 04:29:04 executing program 2: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps\x00') preadv(0xffffffffffffffff, &(0x7f0000001300)=[{&(0x7f0000000800)=""/142, 0xffffff07}], 0x1, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r3}, 0x14) 04:29:04 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) [ 1222.371093] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1222.415307] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 04:29:07 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003000000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c0003800800010002000000060007004e220000060007004e2000003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:29:07 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:29:07 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x64}, [@call={0x67}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0xc6, &(0x7f00000002c0)=""/166, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8}, 0x3f) 04:29:07 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:07 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) 04:29:07 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:07 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0) 04:29:07 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:07 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) [ 1225.001866] IPVS: ftp: loaded support on port[0] = 21 04:29:07 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:07 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) [ 1225.326340] IPVS: ftp: loaded support on port[0] = 21 04:29:10 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:29:10 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:10 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:10 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:10 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() ioctl$VIDIOC_STREAMON(r0, 0x40045612, &(0x7f00000000c0)) clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) r6 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r6, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r6, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="91e0676c", @ANYRES32=r6, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004204e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c00038008000100020000000600e9004e220000060007004e2000003c000280080008007da205da0a2777a24e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e014e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2088800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:29:10 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:10 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:10 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x4c}}, 0x0) 04:29:10 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:10 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) 04:29:10 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000640)='/dev/input/mice\x00', 0x80002) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r3, 0x23f, 0x70bd2c, 0x25dfdbfd, {{}, {0x0, 0xb, 0xf0}, {0xc, 0x14, 'syz1\x00'}}}, 0x28}, 0x1, 0xfffffff0}, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, r3, 0x0, 0x70bd26, 0x25dfdbfd, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x8080}, 0x40051) 04:29:10 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) 04:29:10 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1228.210946] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1228.232068] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1228.262796] CPU: 0 PID: 7776 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1228.270642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1228.280347] Call Trace: [ 1228.283043] dump_stack+0x1b2/0x283 [ 1228.286687] warn_alloc.cold+0x96/0x1cc [ 1228.290678] ? check_preemption_disabled+0x35/0x240 [ 1228.295709] ? zone_watermark_ok_safe+0x220/0x220 [ 1228.300562] ? perf_trace_lock_acquire+0x510/0x510 [ 1228.305507] ? fs_reclaim_release+0xd0/0x110 [ 1228.309950] ? ip_set_alloc+0x47/0x60 [ 1228.313742] vzalloc+0x122/0x150 [ 1228.317096] ip_set_alloc+0x47/0x60 [ 1228.320708] hash_mac_create+0x36e/0x7c6 [ 1228.324958] ip_set_create+0x5f9/0xf30 [ 1228.328839] ? __find_set_type_get+0x360/0x360 [ 1228.333578] ? __mutex_lock+0x360/0x1310 [ 1228.337650] ? lock_downgrade+0x740/0x740 [ 1228.341804] ? __find_set_type_get+0x360/0x360 [ 1228.346370] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1228.350713] netlink_rcv_skb+0x125/0x390 [ 1228.354760] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1228.359758] ? netlink_ack+0x9a0/0x9a0 [ 1228.363654] ? ns_capable_common+0x127/0x150 [ 1228.368147] nfnetlink_rcv+0x1ab/0x1da0 [ 1228.372173] ? __dev_queue_xmit+0xcd6/0x2480 [ 1228.376569] ? check_preemption_disabled+0x35/0x240 [ 1228.381800] ? perf_trace_lock+0xf7/0x490 [ 1228.385954] ? perf_trace_lock_acquire+0x510/0x510 [ 1228.390876] ? nfnetlink_bind+0x240/0x240 [ 1228.395019] ? netlink_deliver_tap+0x90/0x7d0 [ 1228.399506] ? lock_downgrade+0x740/0x740 [ 1228.403670] netlink_unicast+0x437/0x610 [ 1228.407723] ? netlink_sendskb+0xd0/0xd0 [ 1228.411791] netlink_sendmsg+0x62e/0xb80 [ 1228.416034] ? nlmsg_notify+0x170/0x170 [ 1228.419992] ? kernel_recvmsg+0x210/0x210 [ 1228.424147] ? security_socket_sendmsg+0x83/0xb0 [ 1228.428890] ? nlmsg_notify+0x170/0x170 [ 1228.432859] sock_sendmsg+0xb5/0x100 [ 1228.436577] ___sys_sendmsg+0x6c8/0x800 [ 1228.441159] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1228.445912] ? __lock_acquire+0x5fc/0x3f20 [ 1228.450129] ? perf_trace_lock_acquire+0x510/0x510 [ 1228.455045] ? do_futex+0x12b/0x1930 [ 1228.458743] ? check_preemption_disabled+0x35/0x240 [ 1228.463745] ? __fget+0x1fe/0x360 [ 1228.467199] ? lock_acquire+0x170/0x3f0 [ 1228.471166] ? lock_downgrade+0x740/0x740 [ 1228.475301] ? __fget+0x225/0x360 [ 1228.478747] ? __fdget+0x196/0x1f0 [ 1228.482282] ? sockfd_lookup_light+0xb2/0x160 [ 1228.486771] __sys_sendmsg+0xa3/0x120 [ 1228.490573] ? SyS_shutdown+0x160/0x160 [ 1228.494544] ? SyS_clock_gettime+0xf5/0x180 [ 1228.498850] ? SyS_clock_settime+0x1a0/0x1a0 [ 1228.503244] SyS_sendmsg+0x27/0x40 [ 1228.506763] ? __sys_sendmsg+0x120/0x120 [ 1228.510826] do_syscall_64+0x1d5/0x640 [ 1228.514714] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1228.519887] RIP: 0033:0x45d249 [ 1228.523071] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1228.530779] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1228.538085] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1228.545450] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1228.552792] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c 04:29:11 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) 04:29:11 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) [ 1228.560071] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1228.572366] Mem-Info: [ 1228.575073] active_anon:233017 inactive_anon:6091 isolated_anon:0 [ 1228.575073] active_file:7394 inactive_file:33064 isolated_file:0 [ 1228.575073] unevictable:0 dirty:226 writeback:0 unstable:0 [ 1228.575073] slab_reclaimable:18480 slab_unreclaimable:132320 [ 1228.575073] mapped:62855 shmem:6280 pagetables:5920 bounce:0 [ 1228.575073] free:1091582 free_pcp:236 free_cma:0 [ 1228.646020] Node 0 active_anon:929816kB inactive_anon:24364kB active_file:29432kB inactive_file:132256kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251420kB dirty:904kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 884736kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1228.714354] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 04:29:11 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1228.741920] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1228.769714] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1228.775517] Node 0 DMA32 free:573120kB min:36272kB low:45340kB high:54408kB active_anon:927872kB inactive_anon:24364kB active_file:29432kB inactive_file:132256kB unevictable:0kB writepending:904kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14432kB pagetables:23384kB bounce:0kB free_pcp:984kB local_pcp:736kB free_cma:0kB [ 1228.808623] lowmem_reserve[]: 0 0 0 0 0 [ 1228.812648] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1228.839770] lowmem_reserve[]: 0 0 0 0 0 [ 1228.843821] Node 1 Normal free:3783604kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1228.872722] lowmem_reserve[]: 0 0 0 0 0 [ 1228.876742] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1228.891772] Node 0 DMA32: 388*4kB (UME) 156*8kB (UME) 737*16kB (UME) 410*32kB (UME) 104*64kB (UME) 33*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 3*2048kB (UME) 124*4096kB (M) = 570304kB [ 1228.910544] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1228.922341] Node 1 Normal: 51*4kB (UME) 339*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783604kB [ 1228.940466] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1228.949469] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1228.958486] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1228.967677] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1228.976549] 25687 total pagecache pages [ 1228.980868] 0 pages in swap cache [ 1228.984314] Swap cache stats: add 0, delete 0, find 0/0 [ 1228.989730] Free swap = 0kB [ 1228.992743] Total swap = 0kB [ 1228.996010] 1965979 pages RAM [ 1228.999223] 0 pages HighMem/MovableOnly [ 1229.003193] 339072 pages reserved [ 1229.006643] 0 pages cma reserved 04:29:13 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r3, r3) openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000040)="66b8808b5ecb0f23d80f21f86635800000b00f23f80f01c5260f380020bad004ed660fc775030f01c465f20f2db79b3ce42236f3aeb8fd000f00d8", 0x3b}], 0x1, 0x0, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_NMI(r6, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4048ae9b, &(0x7f0000000100)={0x1a8003}) socket$inet_udplite(0x2, 0x2, 0x88) 04:29:13 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 04:29:13 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:13 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x450, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b0) 04:29:13 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 04:29:13 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000640)='/dev/input/mice\x00', 0x80002) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r3, 0x23f, 0x70bd2c, 0x25dfdbfd, {{}, {0x0, 0xb, 0xf0}, {0xc, 0x14, 'syz1\x00'}}}, 0x28}, 0x1, 0xfffffff0}, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, r3, 0x0, 0x70bd26, 0x25dfdbfd, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x8080}, 0x40051) 04:29:13 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 04:29:13 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x450, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b0) 04:29:13 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1231.017602] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1231.072624] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1231.092398] CPU: 0 PID: 7807 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1231.100249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1231.109718] Call Trace: [ 1231.112316] dump_stack+0x1b2/0x283 [ 1231.115958] warn_alloc.cold+0x96/0x1cc [ 1231.119947] ? check_preemption_disabled+0x35/0x240 [ 1231.124975] ? zone_watermark_ok_safe+0x220/0x220 [ 1231.129853] ? perf_trace_lock_acquire+0x510/0x510 [ 1231.134805] ? fs_reclaim_release+0xd0/0x110 [ 1231.139252] ? ip_set_alloc+0x47/0x60 [ 1231.143063] vzalloc+0x122/0x150 [ 1231.146437] ip_set_alloc+0x47/0x60 [ 1231.150073] hash_mac_create+0x36e/0x7c6 [ 1231.154148] ip_set_create+0x5f9/0xf30 [ 1231.158051] ? __find_set_type_get+0x360/0x360 [ 1231.162738] ? __mutex_lock+0x360/0x1310 [ 1231.166889] ? lock_downgrade+0x740/0x740 [ 1231.171050] ? __find_set_type_get+0x360/0x360 [ 1231.175642] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1231.179904] netlink_rcv_skb+0x125/0x390 [ 1231.183975] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1231.189003] ? netlink_ack+0x9a0/0x9a0 [ 1231.192905] ? ns_capable_common+0x127/0x150 [ 1231.197306] nfnetlink_rcv+0x1ab/0x1da0 [ 1231.201271] ? __dev_queue_xmit+0xcd6/0x2480 [ 1231.205667] ? check_preemption_disabled+0x35/0x240 [ 1231.210672] ? perf_trace_lock+0xf7/0x490 [ 1231.214803] ? perf_trace_lock_acquire+0x510/0x510 [ 1231.219732] ? nfnetlink_bind+0x240/0x240 [ 1231.223894] ? netlink_deliver_tap+0x90/0x7d0 [ 1231.228385] ? lock_downgrade+0x740/0x740 [ 1231.232543] netlink_unicast+0x437/0x610 [ 1231.236589] ? netlink_sendskb+0xd0/0xd0 [ 1231.240633] netlink_sendmsg+0x62e/0xb80 [ 1231.244677] ? nlmsg_notify+0x170/0x170 [ 1231.248718] ? kernel_recvmsg+0x210/0x210 [ 1231.252850] ? security_socket_sendmsg+0x83/0xb0 [ 1231.257600] ? nlmsg_notify+0x170/0x170 [ 1231.261565] sock_sendmsg+0xb5/0x100 [ 1231.265259] ___sys_sendmsg+0x6c8/0x800 [ 1231.269220] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1231.273953] ? __lock_acquire+0x5fc/0x3f20 [ 1231.278190] ? perf_trace_lock_acquire+0x510/0x510 [ 1231.283112] ? do_futex+0x12b/0x1930 [ 1231.286806] ? check_preemption_disabled+0x35/0x240 [ 1231.291805] ? __fget+0x1fe/0x360 [ 1231.295254] ? lock_acquire+0x170/0x3f0 [ 1231.299207] ? lock_downgrade+0x740/0x740 [ 1231.303335] ? __fget+0x225/0x360 [ 1231.306772] ? __fdget+0x196/0x1f0 [ 1231.310303] ? sockfd_lookup_light+0xb2/0x160 [ 1231.314791] __sys_sendmsg+0xa3/0x120 [ 1231.318581] ? SyS_shutdown+0x160/0x160 [ 1231.322541] ? SyS_clock_gettime+0xf5/0x180 [ 1231.326843] ? SyS_clock_settime+0x1a0/0x1a0 [ 1231.331246] SyS_sendmsg+0x27/0x40 [ 1231.334764] ? __sys_sendmsg+0x120/0x120 [ 1231.338807] do_syscall_64+0x1d5/0x640 [ 1231.342677] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1231.347846] RIP: 0033:0x45d249 [ 1231.351014] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1231.358702] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1231.365950] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 04:29:13 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1231.373200] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1231.380547] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1231.387806] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c 04:29:13 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:13 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x450, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b0) [ 1231.418138] IPVS: ftp: loaded support on port[0] = 21 [ 1231.530718] Mem-Info: [ 1231.533372] active_anon:232520 inactive_anon:6091 isolated_anon:0 [ 1231.533372] active_file:7395 inactive_file:33072 isolated_file:0 [ 1231.533372] unevictable:0 dirty:245 writeback:0 unstable:0 [ 1231.533372] slab_reclaimable:18478 slab_unreclaimable:132734 [ 1231.533372] mapped:62889 shmem:6280 pagetables:5891 bounce:0 [ 1231.533372] free:1091670 free_pcp:230 free_cma:0 [ 1231.620506] Node 0 active_anon:928088kB inactive_anon:24364kB active_file:29436kB inactive_file:132288kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:251556kB dirty:980kB writeback:0kB shmem:25120kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 882688kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1231.666060] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1231.700535] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1231.728932] lowmem_reserve[]: 0 2557 2557 2557 2557 [ 1231.734229] Node 0 DMA32 free:570952kB min:36272kB low:45340kB high:54408kB active_anon:927788kB inactive_anon:24364kB active_file:29436kB inactive_file:132288kB unevictable:0kB writepending:980kB present:3129332kB managed:2621196kB mlocked:0kB kernel_stack:14400kB pagetables:23268kB bounce:0kB free_pcp:1264kB local_pcp:648kB free_cma:0kB [ 1231.765235] lowmem_reserve[]: 0 0 0 0 0 [ 1231.770255] Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:332kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1231.796841] lowmem_reserve[]: 0 0 0 0 0 [ 1231.800973] Node 1 Normal free:3783604kB min:53612kB low:67012kB high:80412kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870192kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1231.829812] lowmem_reserve[]: 0 0 0 0 0 [ 1231.833930] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1231.848956] Node 0 DMA32: 426*4kB (UME) 378*8kB (UME) 481*16kB (UME) 433*32kB (UME) 106*64kB (UME) 31*128kB (UME) 13*256kB (UM) 14*512kB (UME) 7*1024kB (UME) 4*2048kB (UME) 124*4096kB (M) = 570792kB [ 1231.867551] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1231.878935] Node 1 Normal: 51*4kB (UME) 339*8kB (UE) 273*16kB (U) 50*32kB (UM) 20*64kB (UME) 10*128kB (UM) 5*256kB (UM) 3*512kB (U) 1*1024kB (M) 4*2048kB (ME) 918*4096kB (M) = 3783604kB [ 1231.896641] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1231.906139] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 04:29:14 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r6, r6) setsockopt$inet6_IPV6_DSTOPTS(r6, 0x29, 0x3b, &(0x7f00000000c0)={0x0, 0x2, [], [@pad1, @ra={0x5, 0x2, 0xc5}, @calipso={0x7, 0x8, {0x1, 0x0, 0x0, 0x9}}]}, 0x20) 04:29:14 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) 04:29:14 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:14 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:14 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:14 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x479e6139}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000640)='/dev/input/mice\x00', 0x80002) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r3, 0x23f, 0x70bd2c, 0x25dfdbfd, {{}, {0x0, 0xb, 0xf0}, {0xc, 0x14, 'syz1\x00'}}}, 0x28}, 0x1, 0xfffffff0}, 0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, r3, 0x0, 0x70bd26, 0x25dfdbfd, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x8080}, 0x40051) [ 1231.915541] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1231.924633] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1231.934190] 25696 total pagecache pages [ 1231.939132] 0 pages in swap cache [ 1231.943447] Swap cache stats: add 0, delete 0, find 0/0 [ 1231.949853] Free swap = 0kB [ 1231.952878] Total swap = 0kB [ 1231.955873] 1965979 pages RAM [ 1231.959806] 0 pages HighMem/MovableOnly [ 1231.964353] 339072 pages reserved [ 1231.972639] 0 pages cma reserved 04:29:14 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:14 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:14 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) [ 1232.047913] IPVS: ftp: loaded support on port[0] = 21 04:29:14 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1232.102379] syz-executor.4: vmalloc: allocation failure: 17179869200 bytes, mode:0x14080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1232.142972] syz-executor.4 cpuset=/ mems_allowed=0-1 [ 1232.173918] CPU: 0 PID: 7878 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1232.181768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1232.191139] Call Trace: [ 1232.193747] dump_stack+0x1b2/0x283 [ 1232.197396] warn_alloc.cold+0x96/0x1cc [ 1232.201380] ? check_preemption_disabled+0x35/0x240 [ 1232.206517] ? zone_watermark_ok_safe+0x220/0x220 [ 1232.211372] ? perf_trace_lock_acquire+0x510/0x510 [ 1232.216317] ? fs_reclaim_release+0xd0/0x110 [ 1232.221008] ? ip_set_alloc+0x47/0x60 [ 1232.224816] vzalloc+0x122/0x150 [ 1232.228197] ip_set_alloc+0x47/0x60 [ 1232.231833] hash_mac_create+0x36e/0x7c6 [ 1232.235944] ip_set_create+0x5f9/0xf30 [ 1232.240541] ? __find_set_type_get+0x360/0x360 [ 1232.245127] ? __mutex_lock+0x360/0x1310 [ 1232.249219] ? lock_downgrade+0x740/0x740 [ 1232.253384] ? __find_set_type_get+0x360/0x360 [ 1232.257977] nfnetlink_rcv_msg+0x9bb/0xc00 [ 1232.262247] netlink_rcv_skb+0x125/0x390 [ 1232.266322] ? nfnetlink_net_exit_batch+0x150/0x150 [ 1232.271350] ? netlink_ack+0x9a0/0x9a0 [ 1232.275434] ? ns_capable_common+0x127/0x150 [ 1232.280205] nfnetlink_rcv+0x1ab/0x1da0 [ 1232.284183] ? __dev_queue_xmit+0xcd6/0x2480 [ 1232.288611] ? check_preemption_disabled+0x35/0x240 [ 1232.293637] ? perf_trace_lock+0xf7/0x490 [ 1232.297797] ? perf_trace_lock_acquire+0x510/0x510 [ 1232.302735] ? nfnetlink_bind+0x240/0x240 [ 1232.306891] ? netlink_deliver_tap+0x90/0x7d0 [ 1232.311413] ? lock_downgrade+0x740/0x740 [ 1232.315575] netlink_unicast+0x437/0x610 [ 1232.319674] ? netlink_sendskb+0xd0/0xd0 [ 1232.324020] netlink_sendmsg+0x62e/0xb80 [ 1232.328094] ? nlmsg_notify+0x170/0x170 [ 1232.332843] ? kernel_recvmsg+0x210/0x210 [ 1232.337008] ? security_socket_sendmsg+0x83/0xb0 [ 1232.341773] ? nlmsg_notify+0x170/0x170 [ 1232.345751] sock_sendmsg+0xb5/0x100 [ 1232.349476] ___sys_sendmsg+0x6c8/0x800 [ 1232.353548] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 1232.358312] ? __lock_acquire+0x5fc/0x3f20 [ 1232.362559] ? perf_trace_lock_acquire+0x510/0x510 [ 1232.367581] ? do_futex+0x12b/0x1930 04:29:14 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:14 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) [ 1232.371302] ? check_preemption_disabled+0x35/0x240 [ 1232.376330] ? __fget+0x1fe/0x360 [ 1232.379798] ? lock_acquire+0x170/0x3f0 [ 1232.383784] ? lock_downgrade+0x740/0x740 [ 1232.387952] ? __fget+0x225/0x360 [ 1232.391428] ? __fdget+0x196/0x1f0 [ 1232.395011] ? sockfd_lookup_light+0xb2/0x160 [ 1232.399520] __sys_sendmsg+0xa3/0x120 [ 1232.403331] ? SyS_shutdown+0x160/0x160 [ 1232.407368] ? SyS_clock_gettime+0xf5/0x180 [ 1232.411721] ? SyS_clock_settime+0x1a0/0x1a0 [ 1232.416318] SyS_sendmsg+0x27/0x40 [ 1232.419865] ? __sys_sendmsg+0x120/0x120 [ 1232.423937] do_syscall_64+0x1d5/0x640 [ 1232.427854] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1232.433480] RIP: 0033:0x45d249 [ 1232.436662] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1232.444371] RAX: ffffffffffffffda RBX: 0000000000028840 RCX: 000000000045d249 [ 1232.451642] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1232.459438] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 1232.466719] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c [ 1232.474007] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c 04:29:17 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) 04:29:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:17 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:17 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:17 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:17 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f00000000c0)={0x3}) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:29:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:17 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:17 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:17 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:17 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:17 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:17 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:17 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:17 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:20 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:20 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:20 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:20 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x440, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a0) 04:29:20 executing program 5: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) gettid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f00003fefff)=""/1, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r4, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r3, 0x89e2) 04:29:20 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:20 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x440, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a0) 04:29:20 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:20 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1238.109194] IPVS: ftp: loaded support on port[0] = 21 04:29:20 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:20 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x440, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a0) 04:29:20 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:20 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:20 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:20 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:20 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1238.370959] xt_TPROXY: Can be used only in combination with either -p tcp or -p udp [ 1238.574744] IPVS: ftp: loaded support on port[0] = 21 04:29:23 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:23 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:23 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:23 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:23 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r5, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r5, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) ioctl$F2FS_IOC_MOVE_RANGE(r5, 0xc020f509, &(0x7f00000000c0)={r3, 0x4, 0x80, 0xf26f}) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r6, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd31, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@private2={0xfc, 0x2, [], 0x1}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e27}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:29:23 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:23 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:23 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:23 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:23 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1241.101678] xt_TPROXY: Can be used only in combination with either -p tcp or -p udp 04:29:23 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:23 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:23 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1241.202522] xt_TPROXY: Can be used only in combination with either -p tcp or -p udp 04:29:23 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:23 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:23 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) [ 1241.349418] xt_TPROXY: Can be used only in combination with either -p tcp or -p udp 04:29:24 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="f4000000", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c0003800800010002000000060007004e220000060007004e2000003c00028008000800025e0000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:29:24 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:24 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) socket$packet(0x11, 0x2, 0x300) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:24 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:24 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:24 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:24 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:24 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:24 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1242.009234] xt_TPROXY: Can be used only in combination with either -p tcp or -p udp 04:29:24 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:24 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:24 executing program 2: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1242.170983] xt_TPROXY: Can be used only in combination with either -p tcp or -p udp [ 1242.493418] IPVS: ftp: loaded support on port[0] = 21 [ 1242.603795] IPVS: ftp: loaded support on port[0] = 21 04:29:27 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsa\x00', 0x40100, 0x0) ioctl$SIOCNRDECOBS(r3, 0x89e2) read(r2, &(0x7f00003fefff)=""/1, 0x1) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$kcm(0xa, 0x2, 0x11) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r7, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="f401000028fce241652eddf1de2467d5910eae89b187b166f9de0c3ec269f0652561bc518ce5b57e29fa109d46bb6737b5723c67fb8c9bd0e3cd672154ab8ed77af1eaf45ccd0372b199363ee65e9db2db20003f11f002881db64407000000000000001c992ca7effa48e411dc6d7ed800ebd8d68de2ecb4dbcf8aa45aac63ec2fb38f695fa67a8e8da3e1ce53b194dfdf8b61bd68cb9f14eafbf751854b57265bfccfca8785ba", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c0003800800010002000000060007004e220000060007004e2000003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r6, 0x89e2) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000100)) 04:29:27 executing program 2: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:27 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:27 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:27 executing program 4: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:27 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) socket$packet(0x11, 0x2, 0x300) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:27 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:27 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:27 executing program 2: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:27 executing program 4: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:27 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:27 executing program 2: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:30 executing program 2: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:30 executing program 4: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:30 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:30 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:30 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) socket$packet(0x11, 0x2, 0x300) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:30 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x480, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e0) 04:29:30 executing program 4: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:30 executing program 2: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:30 executing program 4: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:30 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) 04:29:30 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:30 executing program 4: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:30 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) 04:29:30 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:30 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:30 executing program 0: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:31 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:31 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0) 04:29:31 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 0: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x450, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b0) 04:29:31 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:31 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x450, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b0) 04:29:31 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:31 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x450, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b0) 04:29:31 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:31 executing program 0: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:31 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:31 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:31 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:31 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:31 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:31 executing program 0: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:31 executing program 1: socket(0x10, 0x803, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:31 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:31 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:31 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:31 executing program 1: socket(0x10, 0x803, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:32 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 1: socket(0x10, 0x803, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 0: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:32 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:32 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 1: syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x458, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4b8) 04:29:32 executing program 1: syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x440, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a0) 04:29:32 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 1: syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 0: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:32 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x440, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a0) 04:29:32 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 1: socket(0x0, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x44, 0x6, 0x440, 0xa0, 0x238, 0x138, 0x320, 0xa0, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x3e8, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'macvtap0\x00', 'wg1\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00'}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @ECN={0x28, 'ECN\x00'}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'gretap0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@dccp={{0x30, 'dccp\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a0) 04:29:32 executing program 1: socket(0x0, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 1: socket(0x0, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:32 executing program 3: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) socket$packet(0x11, 0x2, 0x300) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:32 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 1: socket(0x10, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 1: socket(0x10, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 1: socket(0x10, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:32 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, 0x0, &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:32 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:33 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:33 executing program 3: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) socket$packet(0x11, 0x2, 0x300) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:33 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:33 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, 0x0, &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:33 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, 0x0, &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:33 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:33 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x351943, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x426040, 0x0) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0)='mptcp_pm\x00') sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f00000002c0)={&(0x7f0000000140), 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, r7, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}]}, 0x4c}}, 0x4008004) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="00b1ecefc359988f154cf655ea2376d23cbce57aa12e751df73ca4f4716d28aa3b1c66753d4f7737f0e0793ded7480c5b4f17ac6790f4d292897c12045580e16cbb95ea889b7b31d3e2e062ccc715d1a0fed43198804972b79aa6a577a76801cbd932118fa1543ab394f686001c2ddbd3c7a3e97a0dfcc8319b37f062f62ae389aa1", @ANYRES16=r7, @ANYBLOB="00012abd7000ffdbdf25060000000c000180060005004e2000000800020002000000"], 0x28}, 0x1, 0x0, 0x0, 0x4c014}, 0x40480d0) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:29:33 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:33 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, 0x0, &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:33 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, 0x0, &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1251.280202] IPVS: ftp: loaded support on port[0] = 21 04:29:33 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, 0x0, &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:33 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:33 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1251.623456] IPVS: ftp: loaded support on port[0] = 21 04:29:34 executing program 3: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:34 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:34 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:34 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:34 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:36 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:36 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:36 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:36 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:36 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:36 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) r3 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) gettid() read(0xffffffffffffffff, &(0x7f00003fefff)=""/1, 0x1) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000080), &(0x7f0000002000)=0xc) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x9}, &(0x7f0000000080)=0xc) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) ioctl$SIOCNRDECOBS(0xffffffffffffffff, 0x89e2) 04:29:36 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:36 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:36 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:36 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:36 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:36 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(0x0, &(0x7f0000000200)='./file0/../file0\x00') 04:29:36 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:36 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(0x0, &(0x7f0000000200)='./file0/../file0\x00') 04:29:36 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:36 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:36 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1255.272762] IPVS: ftp: loaded support on port[0] = 21 04:29:37 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0xf4, 0x0, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x9}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x87}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x31, 0x34}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x2f}}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff12bf}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffb}]}, 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:29:37 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:37 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(0x0, &(0x7f0000000200)='./file0/../file0\x00') 04:29:37 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:37 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:37 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:37 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:37 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:37 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:37 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1e, &(0x7f00000001c0)=0x3ffffe, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f00000068c0)=[{{0x0, 0x0, 0x0}}], 0x2, 0x122, 0x0) r4 = accept$unix(0xffffffffffffffff, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e) accept$unix(r4, 0x0, &(0x7f0000000180)) r5 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r6, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f400000071c7a6db481251e59d47f0b9d02fc234660e0430e08c56ef3bb59c", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c0003800800010002000000060007004e220000060007004e2000003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r5, 0x89e2) 04:29:37 executing program 4: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:38 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:38 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:38 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:38 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:38 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:38 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:38 executing program 4 (fault-call:4 fault-nth:0): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:38 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:38 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:38 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1256.225142] FAULT_INJECTION: forcing a failure. [ 1256.225142] name failslab, interval 1, probability 0, space 0, times 0 [ 1256.293551] CPU: 1 PID: 8689 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1256.301659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1256.311023] Call Trace: [ 1256.313624] dump_stack+0x1b2/0x283 [ 1256.317267] should_fail.cold+0x10a/0x154 [ 1256.321432] should_failslab+0xd6/0x130 [ 1256.325414] kmem_cache_alloc+0x28e/0x3c0 [ 1256.329566] getname_flags+0xc8/0x550 [ 1256.333376] user_path_at_empty+0x2a/0x50 [ 1256.337533] SyS_pivot_root+0x130/0x11b0 [ 1256.341601] ? lock_downgrade+0x740/0x740 [ 1256.345755] ? vfs_write+0x35d/0x4d0 [ 1256.349478] ? is_path_reachable+0x100/0x100 [ 1256.353897] ? wait_for_completion_io+0x10/0x10 [ 1256.358572] ? vfs_write+0x319/0x4d0 [ 1256.362293] ? fput+0xb/0x140 [ 1256.365401] ? SyS_write+0x14d/0x210 [ 1256.369114] ? SyS_read+0x210/0x210 [ 1256.372745] ? SyS_clock_settime+0x1a0/0x1a0 [ 1256.377162] ? do_syscall_64+0x4c/0x640 [ 1256.381142] ? is_path_reachable+0x100/0x100 [ 1256.385562] do_syscall_64+0x1d5/0x640 [ 1256.389467] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1256.394660] RIP: 0033:0x45d249 [ 1256.397842] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1256.405557] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 [ 1256.412834] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 1256.420109] RBP: 00007f4d2c05fca0 R08: 0000000000000000 R09: 0000000000000000 [ 1256.427644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1256.434917] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c 04:29:40 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000140)=0x3) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/stat\x00', 0x0, 0x0) ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000100)={0x4, 0x0, &(0x7f0000ffc000/0x1000)=nil}) r5 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r6, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="f469bfbd5b7425f5aba8fc41d0b9cd95f332a480243120fd7622433312b800edc181871d72621efba55a320327ad7a9b575faf453613dc972e083fb1bd9bea6f814956586f850100ddc82cfcdd32a8c9453bdef876e5547a150c05cbec791caae53bab13e214f88a", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c0003800800010002000000060007004e220000060007004e2000003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r5, 0x89e2) 04:29:40 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:40 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:40 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:40 executing program 4 (fault-call:4 fault-nth:1): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:40 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) 04:29:41 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:41 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:41 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(0x0, &(0x7f0000000200)='./file0/../file0\x00') [ 1258.611303] FAULT_INJECTION: forcing a failure. [ 1258.611303] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1258.623145] CPU: 0 PID: 8717 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1258.630942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1258.639279] IPVS: ftp: loaded support on port[0] = 21 [ 1258.640298] Call Trace: [ 1258.648084] dump_stack+0x1b2/0x283 [ 1258.651723] should_fail.cold+0x10a/0x154 [ 1258.655888] __alloc_pages_nodemask+0x22c/0x2720 [ 1258.660750] ? __lock_acquire+0x5fc/0x3f20 [ 1258.665530] ? avc_has_perm_noaudit+0x157/0x2a0 [ 1258.670216] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1258.675104] ? lock_downgrade+0x740/0x740 [ 1258.679260] ? check_preemption_disabled+0x35/0x240 [ 1258.684290] ? avc_has_perm_noaudit+0x17e/0x2a0 [ 1258.688978] ? perf_trace_lock_acquire+0x510/0x510 [ 1258.693920] ? get_pid_task+0x91/0x130 [ 1258.697837] cache_grow_begin+0x8f/0x420 [ 1258.701912] cache_alloc_refill+0x273/0x350 [ 1258.706252] kmem_cache_alloc+0x333/0x3c0 04:29:41 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:41 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:41 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1258.710412] getname_flags+0xc8/0x550 [ 1258.714227] user_path_at_empty+0x2a/0x50 [ 1258.718389] SyS_pivot_root+0x130/0x11b0 [ 1258.722464] ? lock_downgrade+0x740/0x740 [ 1258.726626] ? vfs_write+0x35d/0x4d0 [ 1258.730353] ? is_path_reachable+0x100/0x100 [ 1258.734801] ? wait_for_completion_io+0x10/0x10 [ 1258.739478] ? vfs_write+0x319/0x4d0 [ 1258.743207] ? fput+0xb/0x140 [ 1258.746848] ? SyS_write+0x14d/0x210 [ 1258.750565] ? SyS_read+0x210/0x210 [ 1258.754231] ? SyS_clock_settime+0x1a0/0x1a0 [ 1258.758650] ? do_syscall_64+0x4c/0x640 [ 1258.762640] ? is_path_reachable+0x100/0x100 [ 1258.767060] do_syscall_64+0x1d5/0x640 [ 1258.770974] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1258.776166] RIP: 0033:0x45d249 [ 1258.779360] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1258.787163] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 [ 1258.794439] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 1258.801712] RBP: 00007f4d2c05fca0 R08: 0000000000000000 R09: 0000000000000000 [ 1258.808992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1258.816268] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1259.081393] IPVS: ftp: loaded support on port[0] = 21 04:29:43 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f4000000a1747774c9a832cdd58b19d0086f8c4dc88b2d28c939bf8b8c2bf15e5b97a7d08b3048e63d144dbb59890a65e1", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c0003800800010002000000060007004e220000060007004e2000003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:29:43 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:43 executing program 4 (fault-call:4 fault-nth:2): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:43 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(0x0, &(0x7f0000000200)='./file0/../file0\x00') 04:29:43 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:43 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:44 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:44 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) [ 1261.608182] FAULT_INJECTION: forcing a failure. [ 1261.608182] name failslab, interval 1, probability 0, space 0, times 0 [ 1261.627145] CPU: 0 PID: 8796 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1261.635082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1261.644444] Call Trace: [ 1261.647037] dump_stack+0x1b2/0x283 [ 1261.650679] should_fail.cold+0x10a/0x154 [ 1261.654839] should_failslab+0xd6/0x130 [ 1261.658800] __kmalloc_track_caller+0x2bc/0x400 [ 1261.663454] ? security_context_to_sid_core+0x94/0x3d0 [ 1261.668717] kmemdup_nul+0x2d/0xa0 [ 1261.672249] security_context_to_sid_core+0x94/0x3d0 [ 1261.677339] ? string_to_context_struct+0x7f0/0x7f0 [ 1261.682375] ? kernfs_iop_permission+0x4e/0x90 [ 1261.687017] ? kernfs_iop_permission+0x4e/0x90 [ 1261.691586] ? __mutex_lock+0x360/0x1310 [ 1261.695642] selinux_inode_setsecurity+0x155/0x350 [ 1261.700624] ? selinux_secctx_to_secid+0x30/0x30 [ 1261.705364] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1261.710800] selinux_inode_notifysecctx+0x2b/0x50 [ 1261.715696] security_inode_notifysecctx+0x76/0xb0 [ 1261.720621] kernfs_refresh_inode+0x328/0x4a0 [ 1261.725106] ? kernfs_iop_getattr+0xd0/0xd0 [ 1261.729409] ? kernfs_iop_getattr+0xd0/0xd0 [ 1261.734088] kernfs_iop_permission+0x59/0x90 [ 1261.738584] __inode_permission+0x1f1/0x2f0 [ 1261.742890] link_path_walk+0x86a/0x10a0 [ 1261.746939] ? walk_component+0xbc0/0xbc0 [ 1261.751073] path_lookupat+0xcb/0x780 [ 1261.754860] ? lock_downgrade+0x740/0x740 [ 1261.758989] ? path_mountpoint+0x940/0x940 [ 1261.763216] ? avc_has_perm_noaudit+0x17e/0x2a0 [ 1261.767873] ? cache_alloc_refill+0x2fa/0x350 [ 1261.772353] filename_lookup+0x18a/0x510 [ 1261.776399] ? filename_parentat+0x520/0x520 [ 1261.780795] ? __check_object_size+0x179/0x22c [ 1261.785362] ? strncpy_from_user+0x210/0x2c0 [ 1261.789754] ? getname_flags+0x22e/0x550 [ 1261.793825] SyS_pivot_root+0x130/0x11b0 [ 1261.797871] ? lock_downgrade+0x740/0x740 [ 1261.802000] ? vfs_write+0x35d/0x4d0 [ 1261.805698] ? is_path_reachable+0x100/0x100 [ 1261.810088] ? wait_for_completion_io+0x10/0x10 [ 1261.814741] ? vfs_write+0x319/0x4d0 [ 1261.818448] ? fput+0xb/0x140 [ 1261.821558] ? SyS_write+0x14d/0x210 [ 1261.825260] ? SyS_read+0x210/0x210 [ 1261.828866] ? SyS_clock_settime+0x1a0/0x1a0 [ 1261.833258] ? do_syscall_64+0x4c/0x640 [ 1261.837229] ? is_path_reachable+0x100/0x100 [ 1261.841642] do_syscall_64+0x1d5/0x640 [ 1261.845529] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1261.850848] RIP: 0033:0x45d249 04:29:44 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:44 executing program 4 (fault-call:4 fault-nth:3): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) [ 1261.854023] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1261.861740] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 [ 1261.869081] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 1261.876416] RBP: 00007f4d2c05fca0 R08: 0000000000000000 R09: 0000000000000000 [ 1261.883676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1261.891027] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c 04:29:44 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(0x0, &(0x7f0000000200)='./file0/../file0\x00') 04:29:44 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f00000001c0)='./file0\x00') r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1262.008818] FAULT_INJECTION: forcing a failure. [ 1262.008818] name failslab, interval 1, probability 0, space 0, times 0 [ 1262.055339] CPU: 1 PID: 8811 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1262.063195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1262.072555] Call Trace: [ 1262.075156] dump_stack+0x1b2/0x283 [ 1262.078798] should_fail.cold+0x10a/0x154 [ 1262.082957] should_failslab+0xd6/0x130 [ 1262.086948] kmem_cache_alloc+0x28e/0x3c0 [ 1262.091116] getname_flags+0xc8/0x550 [ 1262.094927] user_path_at_empty+0x2a/0x50 [ 1262.099256] SyS_pivot_root+0x1a5/0x11b0 [ 1262.103333] ? lock_downgrade+0x740/0x740 [ 1262.107477] ? vfs_write+0x35d/0x4d0 [ 1262.111197] ? is_path_reachable+0x100/0x100 [ 1262.115622] ? wait_for_completion_io+0x10/0x10 [ 1262.120298] ? vfs_write+0x319/0x4d0 [ 1262.124104] ? fput+0xb/0x140 [ 1262.127207] ? SyS_write+0x14d/0x210 [ 1262.130923] ? SyS_read+0x210/0x210 [ 1262.134548] ? SyS_clock_settime+0x1a0/0x1a0 [ 1262.138958] ? do_syscall_64+0x4c/0x640 [ 1262.142936] ? is_path_reachable+0x100/0x100 [ 1262.147351] do_syscall_64+0x1d5/0x640 [ 1262.151254] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1262.156445] RIP: 0033:0x45d249 [ 1262.159641] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1262.167354] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 [ 1262.174627] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 1262.181910] RBP: 00007f4d2c05fca0 R08: 0000000000000000 R09: 0000000000000000 [ 1262.189188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1262.197507] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c 04:29:47 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$IPVS_CMD_ZERO(r6, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f4000000", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000080000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c000380080001000200000006000700b63baae6f4d36aa80a8dfde61e4e220000060007004e2000003c0002800800080002800000060002004e23000008000500bf12ffff0800030003000000080005000100000005000d000100000006000e004e21000008000600fbffffff"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2208480c) ioctl$SIOCNRDECOBS(r4, 0x89e2) 04:29:47 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:47 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:47 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:47 executing program 4 (fault-call:4 fault-nth:4): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:47 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x0, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) [ 1264.637159] FAULT_INJECTION: forcing a failure. [ 1264.637159] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1264.649006] CPU: 0 PID: 8840 Comm: syz-executor.4 Not tainted 4.14.193-syzkaller #0 [ 1264.656808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1264.666170] Call Trace: [ 1264.668773] dump_stack+0x1b2/0x283 [ 1264.672426] should_fail.cold+0x10a/0x154 [ 1264.677205] __alloc_pages_nodemask+0x22c/0x2720 [ 1264.681969] ? lock_acquire+0x170/0x3f0 04:29:47 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:47 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) [ 1264.685956] ? lock_downgrade+0x740/0x740 [ 1264.690118] ? __lock_acquire+0x5fc/0x3f20 [ 1264.694369] ? debug_check_no_obj_freed+0x2c0/0x674 [ 1264.699406] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1264.704263] ? lock_downgrade+0x740/0x740 [ 1264.708428] ? check_preemption_disabled+0x35/0x240 [ 1264.713458] ? putname+0xcd/0x110 [ 1264.716926] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1264.722044] ? perf_trace_lock_acquire+0x510/0x510 [ 1264.727002] ? putname+0xcd/0x110 [ 1264.730466] ? filename_lookup+0x380/0x510 04:29:47 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) [ 1264.734802] cache_grow_begin+0x8f/0x420 [ 1264.738880] cache_alloc_refill+0x273/0x350 [ 1264.743226] kmem_cache_alloc+0x333/0x3c0 [ 1264.747389] getname_flags+0xc8/0x550 [ 1264.751205] user_path_at_empty+0x2a/0x50 [ 1264.755798] SyS_pivot_root+0x1a5/0x11b0 [ 1264.759870] ? lock_downgrade+0x740/0x740 [ 1264.764119] ? vfs_write+0x35d/0x4d0 [ 1264.767852] ? is_path_reachable+0x100/0x100 [ 1264.772279] ? wait_for_completion_io+0x10/0x10 [ 1264.776958] ? vfs_write+0x319/0x4d0 [ 1264.780679] ? fput+0xb/0x140 [ 1264.783792] ? SyS_write+0x14d/0x210 [ 1264.787513] ? SyS_read+0x210/0x210 [ 1264.791142] ? SyS_clock_settime+0x1a0/0x1a0 [ 1264.795558] ? do_syscall_64+0x4c/0x640 [ 1264.799540] ? is_path_reachable+0x100/0x100 [ 1264.803961] do_syscall_64+0x1d5/0x640 [ 1264.807846] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1264.815019] RIP: 0033:0x45d249 [ 1264.818213] RSP: 002b:00007f4d2c05fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1264.825945] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 04:29:47 executing program 4 (fault-call:4 fault-nth:5): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:47 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x0, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) [ 1264.833206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 1264.840567] RBP: 00007f4d2c05fca0 R08: 0000000000000000 R09: 0000000000000000 [ 1264.847833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1264.855123] R13: 00007ffc41fe2acf R14: 00007f4d2c0609c0 R15: 000000000118cf4c [ 1264.906059] IPVS: ftp: loaded support on port[0] = 21 04:29:47 executing program 2: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:47 executing program 5: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() clone(0x6e20cf00, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) gettid() r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f00003fefff)=""/1, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f4000000", @ANYRES16=0x0, @ANYBLOB="02002dbd7000ffdbdf251000000008000400070000000c0002800800050009000000080005008700000018000180060004004e2000000c000700310000003400000008000400050000003c00028014000100fe880000000000000000000000000001080003000200000014000100fe80000000000000000000000000002f080005000600000008000500000200001c0003800800010002000000060007004e220000060007004e2000003c0002800800080002800000060002004e23000008000500bf12ffff080003000300000008000500010000000500fac070714d76fdeb730d000100000006000e004e21003d4a816c73b8bddc1ac011f2ac99365e40b6f7f0f3aa3a3a52aa1d51e1d94aef0460fd5a70d957351e6a831ea92914de825d5838bbb5f3aa89fea30c263d8e579421315e8a79"], 0xf4}, 0x1, 0x0, 0x0, 0x80}, 0x2080800) ioctl$SIOCNRDECOBS(r4, 0x89e2) setsockopt$netlink_NETLINK_CAP_ACK(r5, 0x10e, 0xa, &(0x7f00000000c0)=0x9, 0x4) 04:29:47 executing program 4: mkdir(&(0x7f0000000000)='.\x00', 0x20) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r1}, 0x8) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r2, 0xc0096616, &(0x7f00000000c0)={0x2, [0x0, 0x0]}) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:47 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:47 executing program 2: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x0, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:47 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:47 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x0, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:47 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:47 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:47 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:48 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, 0x0, &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:48 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:48 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:50 executing program 5 (fault-call:7 fault-nth:0): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:50 executing program 3: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:50 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, 0x0, &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:50 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00') sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="0903000000000000000001"], 0x14}}, 0x0) sendmsg$DEVLINK_CMD_PORT_SPLIT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)={0x154, r1, 0x10, 0x70bd2d, 0x25dfdbfb, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0x9, 0x7}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x2}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x8, 0x9, 0x8}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0x9, 0x8}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x7}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x3}}]}, 0x154}, 0x1, 0x0, 0x0, 0x4000}, 0x0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$IMDELTIMER(0xffffffffffffffff, 0x80044941, &(0x7f0000000340)) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SOUND_MIXER_READ_CAPS(r3, 0x80044dfc, &(0x7f0000000280)) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$netrom_NETROM_T1(r5, 0x103, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:50 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x0, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:50 executing program 2: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x0, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:50 executing program 3: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:50 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x3134c0) ioctl$SNDCTL_SEQ_PANIC(r0, 0x5111) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x241001, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0/file0\x00', &(0x7f0000000380)='bpf\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) [ 1268.540247] FAULT_INJECTION: forcing a failure. [ 1268.540247] name failslab, interval 1, probability 0, space 0, times 0 04:29:51 executing program 3: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1268.588320] CPU: 0 PID: 8942 Comm: syz-executor.5 Not tainted 4.14.193-syzkaller #0 [ 1268.596167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1268.605531] Call Trace: [ 1268.608124] dump_stack+0x1b2/0x283 [ 1268.611764] should_fail.cold+0x10a/0x154 [ 1268.615927] should_failslab+0xd6/0x130 [ 1268.619913] kmem_cache_alloc+0x28e/0x3c0 [ 1268.624075] getname_flags+0xc8/0x550 [ 1268.627876] user_path_at_empty+0x2a/0x50 [ 1268.632025] SyS_pivot_root+0x130/0x11b0 [ 1268.636098] ? lock_downgrade+0x740/0x740 [ 1268.640258] ? vfs_write+0x35d/0x4d0 [ 1268.643987] ? is_path_reachable+0x100/0x100 [ 1268.648406] ? wait_for_completion_io+0x10/0x10 [ 1268.653084] ? vfs_write+0x319/0x4d0 [ 1268.656808] ? fput+0xb/0x140 [ 1268.659910] ? SyS_write+0x14d/0x210 [ 1268.663692] ? SyS_read+0x210/0x210 [ 1268.667326] ? SyS_clock_settime+0x1a0/0x1a0 [ 1268.671745] ? do_syscall_64+0x4c/0x640 [ 1268.675724] ? is_path_reachable+0x100/0x100 [ 1268.680139] do_syscall_64+0x1d5/0x640 04:29:51 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="06cedb1a1f462a647d3fd01c0826eccb6ca8151393285ff9b23b165b8832b44ae269e0ba3d1d0c1dafa72d2c0ac6e5cc1962fb648bd3890ef104a523bf4f845354b212ce813253cd3f"], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f00000000c0)) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:51 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, 0x0, &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:51 executing program 3: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1268.684042] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1268.689318] RIP: 0033:0x45d249 [ 1268.692506] RSP: 002b:00007f0a9d256c78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1268.700219] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 [ 1268.707494] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000020000180 [ 1268.714779] RBP: 00007f0a9d256ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1268.722064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1268.729342] R13: 00007ffebf501eff R14: 00007f0a9d2579c0 R15: 000000000118cf4c 04:29:51 executing program 5 (fault-call:7 fault-nth:1): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:51 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000200)={'nat\x00', 0x0, 0x3, 0x1000, [], 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f00000003c0)=""/4096}, &(0x7f0000000040)=0x78) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000300)=0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000280)='overlay\x00', 0x40, &(0x7f00000013c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@index_on='index=on'}, {@xino_auto='xino=auto'}, {@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@xino_off='xino=off'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}], [{@smackfstransmute={'smackfstransmute'}}, {@fowner_lt={'fowner<', r4}}, {@fsmagic={'fsmagic', 0x3d, 0x3}}]}) 04:29:51 executing program 3: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1268.917441] overlayfs: unrecognized mount option "xino=auto" or missing value [ 1268.932023] FAULT_INJECTION: forcing a failure. [ 1268.932023] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1268.943857] CPU: 1 PID: 8970 Comm: syz-executor.5 Not tainted 4.14.193-syzkaller #0 [ 1268.951659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1268.961019] Call Trace: [ 1268.963617] dump_stack+0x1b2/0x283 04:29:51 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0) [ 1268.967264] should_fail.cold+0x10a/0x154 [ 1268.971430] __alloc_pages_nodemask+0x22c/0x2720 [ 1268.976199] ? __lock_acquire+0x5fc/0x3f20 [ 1268.980450] ? avc_has_perm_noaudit+0x157/0x2a0 [ 1268.985143] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1268.989992] ? lock_downgrade+0x740/0x740 [ 1268.994155] ? check_preemption_disabled+0x35/0x240 [ 1268.999185] ? avc_has_perm_noaudit+0x17e/0x2a0 [ 1269.003870] ? perf_trace_lock_acquire+0x510/0x510 [ 1269.008810] ? get_pid_task+0x91/0x130 [ 1269.012718] cache_grow_begin+0x8f/0x420 [ 1269.017769] cache_alloc_refill+0x273/0x350 [ 1269.022107] kmem_cache_alloc+0x333/0x3c0 [ 1269.026274] getname_flags+0xc8/0x550 [ 1269.030087] user_path_at_empty+0x2a/0x50 [ 1269.034240] SyS_pivot_root+0x130/0x11b0 [ 1269.038306] ? lock_downgrade+0x740/0x740 [ 1269.042457] ? vfs_write+0x35d/0x4d0 [ 1269.046184] ? is_path_reachable+0x100/0x100 [ 1269.050601] ? wait_for_completion_io+0x10/0x10 [ 1269.055393] ? vfs_write+0x319/0x4d0 [ 1269.059115] ? fput+0xb/0x140 [ 1269.062233] ? SyS_write+0x14d/0x210 [ 1269.066056] ? SyS_read+0x210/0x210 [ 1269.069680] ? SyS_clock_settime+0x1a0/0x1a0 [ 1269.074103] ? do_syscall_64+0x4c/0x640 [ 1269.078069] ? is_path_reachable+0x100/0x100 [ 1269.083429] do_syscall_64+0x1d5/0x640 [ 1269.087434] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1269.092673] RIP: 0033:0x45d249 [ 1269.095861] RSP: 002b:00007f0a9d256c78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1269.103586] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 [ 1269.110882] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000020000180 [ 1269.118161] RBP: 00007f0a9d256ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1269.125573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1269.132839] R13: 00007ffebf501eff R14: 00007f0a9d2579c0 R15: 000000000118cf4c 04:29:51 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x0, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:51 executing program 3: mkdir(0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:51 executing program 2: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x0, 0x6, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:51 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0) 04:29:51 executing program 5 (fault-call:7 fault-nth:2): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:51 executing program 4: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10) r3 = dup3(r2, r1, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x17) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x70, &(0x7f0000000080)=@sack_info={r4}, &(0x7f0000002000)=0xc) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={r4, 0x0, 0x6, [0x2, 0xf86b, 0x4, 0x1131, 0x5, 0x8001]}, &(0x7f0000000040)=0x14) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) read$fb(r6, &(0x7f00000003c0)=""/241, 0xf1) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:51 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1269.408791] FAULT_INJECTION: forcing a failure. [ 1269.408791] name failslab, interval 1, probability 0, space 0, times 0 [ 1269.450847] CPU: 1 PID: 8991 Comm: syz-executor.5 Not tainted 4.14.193-syzkaller #0 [ 1269.458714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1269.468113] Call Trace: [ 1269.470719] dump_stack+0x1b2/0x283 [ 1269.474461] should_fail.cold+0x10a/0x154 [ 1269.478628] should_failslab+0xd6/0x130 [ 1269.482618] __kmalloc_track_caller+0x2bc/0x400 [ 1269.487303] ? security_context_to_sid_core+0x94/0x3d0 [ 1269.492693] kmemdup_nul+0x2d/0xa0 [ 1269.496250] security_context_to_sid_core+0x94/0x3d0 04:29:51 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000280)={0x0, 0x0, r1}) ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000340)={r2}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00') sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r3, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES32, @ANYBLOB="09f4ffff00000001c26c191206623a333db87414f0b146e13969990dca7b46516d85c40fa3b4e3912f0702c21aa996e9aefbdb00000305ef987b79d35add3d97958512882ed2eccb3c6150b16a1a2168f4c67746b58b3e943dd4445ace440781d83d627a8d5c43c71b7fe488ebdff5a9cf93ab2ddfbc00000000000000ab4399e2a0ca5e738b0d5f95a717b0cbaff95b0222a7008321f723927171196678093485502ae0bd0e7df4c086e81ac47016cb53c0415e17c553029d2536b4d11d545d78e9d388cd85b8d9b666217e600daf20b87305e77307066745d3f97e9f9bdea59b5ae51084db5473f6c6da0b191625d1e7d681f099c4bbefa0eb4a527f20cb06b035ae2587651149532a001774"], 0x14}}, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_GET(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="78010000", @ANYRES16=r4, @ANYBLOB="000228bd7000fcdbdf250f000000080001007063690011000200303030303a30303a31302e300000000008000b00ff7f000006001100ff000000080001007063690011000200303030303a30303a31302e300000000008000b001c627454060011006e030000080001007063690011000200303030303a30303a31302ef900000000ff070000060000000600110055020000080001007063690011000200083030303a30303a31302e300000000008000b00bb0000000600110008000000f7ff0000f063690011000200303030303a30303a31302e300000000008000b00400000ddeeeb8e5bfdd00006001100a6000000080001007063690011000200303030303a30303a31302e3032833f222a5621b9a1f00000000008000b00ffffff7f06001100090000000e0001006e65746465767673696d30000008000b00010000d402f308440507a70002000100706342690011000200303030303a30303a31302e300000000008000b00fdffffff"], 0x178}, 0x1, 0x0, 0x0, 0x4010}, 0x4) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r5 = accept4$packet(0xffffffffffffffff, &(0x7f00000027c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000002800)=0x14, 0x80000) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000080), &(0x7f0000002000)=0xc) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000300)={0x0, 0x3}, 0x8) accept4(r5, &(0x7f0000002840)=@xdp, &(0x7f00000028c0)=0x80, 0x80000) r6 = socket$tipc(0x1e, 0x2, 0x0) getpeername$tipc(r6, &(0x7f0000000000), &(0x7f0000000040)=0x10) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) [ 1269.501373] ? string_to_context_struct+0x7f0/0x7f0 [ 1269.506406] ? kernfs_iop_permission+0x4e/0x90 [ 1269.511003] ? kernfs_iop_permission+0x4e/0x90 [ 1269.515598] ? __mutex_lock+0x360/0x1310 [ 1269.519682] selinux_inode_setsecurity+0x155/0x350 [ 1269.524714] ? selinux_secctx_to_secid+0x30/0x30 [ 1269.529492] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1269.534967] selinux_inode_notifysecctx+0x2b/0x50 [ 1269.539823] security_inode_notifysecctx+0x76/0xb0 [ 1269.544773] kernfs_refresh_inode+0x328/0x4a0 [ 1269.549283] ? kernfs_iop_getattr+0xd0/0xd0 [ 1269.554225] ? kernfs_iop_getattr+0xd0/0xd0 [ 1269.558650] kernfs_iop_permission+0x59/0x90 [ 1269.564191] __inode_permission+0x1f1/0x2f0 [ 1269.568656] link_path_walk+0x86a/0x10a0 [ 1269.572716] ? walk_component+0xbc0/0xbc0 [ 1269.576859] path_lookupat+0xcb/0x780 [ 1269.580648] ? lock_downgrade+0x740/0x740 [ 1269.584796] ? path_mountpoint+0x940/0x940 [ 1269.589185] ? avc_has_perm_noaudit+0x17e/0x2a0 [ 1269.593859] ? cache_alloc_refill+0x2fa/0x350 [ 1269.598445] filename_lookup+0x18a/0x510 [ 1269.602488] ? filename_parentat+0x520/0x520 [ 1269.606893] ? __check_object_size+0x179/0x22c [ 1269.611473] ? strncpy_from_user+0x210/0x2c0 [ 1269.615998] ? getname_flags+0x22e/0x550 [ 1269.620056] SyS_pivot_root+0x130/0x11b0 [ 1269.624210] ? lock_downgrade+0x740/0x740 [ 1269.628388] ? vfs_write+0x35d/0x4d0 [ 1269.632136] ? is_path_reachable+0x100/0x100 [ 1269.636584] ? wait_for_completion_io+0x10/0x10 [ 1269.641239] ? vfs_write+0x319/0x4d0 [ 1269.644947] ? fput+0xb/0x140 [ 1269.648074] ? SyS_write+0x14d/0x210 04:29:52 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0) [ 1269.651853] ? SyS_read+0x210/0x210 [ 1269.655470] ? SyS_clock_settime+0x1a0/0x1a0 [ 1269.659877] ? do_syscall_64+0x4c/0x640 [ 1269.663832] ? is_path_reachable+0x100/0x100 [ 1269.668226] do_syscall_64+0x1d5/0x640 [ 1269.672447] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1269.677620] RIP: 0033:0x45d249 [ 1269.680802] RSP: 002b:00007f0a9d256c78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1269.688516] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 [ 1269.695771] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000020000180 [ 1269.703026] RBP: 00007f0a9d256ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1269.710286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1269.717558] R13: 00007ffebf501eff R14: 00007f0a9d2579c0 R15: 000000000118cf4c 04:29:52 executing program 4: mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="d96bb6d0f773f078479bdbe3fda108c43e"], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) recvfrom$unix(0xffffffffffffffff, &(0x7f0000000000)=""/97, 0x61, 0x40002000, &(0x7f0000000200)=@abs={0x0, 0x0, 0x4e23}, 0x6e) 04:29:52 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:52 executing program 5 (fault-call:7 fault-nth:3): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1269.846532] FAULT_INJECTION: forcing a failure. [ 1269.846532] name failslab, interval 1, probability 0, space 0, times 0 [ 1269.893225] CPU: 1 PID: 9008 Comm: syz-executor.5 Not tainted 4.14.193-syzkaller #0 [ 1269.901072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1269.910441] Call Trace: [ 1269.913038] dump_stack+0x1b2/0x283 [ 1269.916684] should_fail.cold+0x10a/0x154 [ 1269.920849] should_failslab+0xd6/0x130 [ 1269.924833] kmem_cache_alloc+0x28e/0x3c0 [ 1269.928996] getname_flags+0xc8/0x550 [ 1269.932809] user_path_at_empty+0x2a/0x50 [ 1269.936969] SyS_pivot_root+0x1a5/0x11b0 [ 1269.941302] ? lock_downgrade+0x740/0x740 [ 1269.945454] ? vfs_write+0x35d/0x4d0 [ 1269.949189] ? is_path_reachable+0x100/0x100 [ 1269.953610] ? wait_for_completion_io+0x10/0x10 [ 1269.958297] ? vfs_write+0x319/0x4d0 [ 1269.962026] ? fput+0xb/0x140 [ 1269.965137] ? SyS_write+0x14d/0x210 [ 1269.968858] ? SyS_read+0x210/0x210 [ 1269.972495] ? SyS_clock_settime+0x1a0/0x1a0 [ 1269.976913] ? do_syscall_64+0x4c/0x640 [ 1269.980897] ? is_path_reachable+0x100/0x100 [ 1269.985324] do_syscall_64+0x1d5/0x640 [ 1269.989228] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1269.994426] RIP: 0033:0x45d249 [ 1269.997624] RSP: 002b:00007f0a9d256c78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1270.005802] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 [ 1270.013068] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000020000180 [ 1270.020382] RBP: 00007f0a9d256ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1270.027640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1270.034899] R13: 00007ffebf501eff R14: 00007f0a9d2579c0 R15: 000000000118cf4c 04:29:52 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x0, 0x8000, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:52 executing program 2 (fault-call:3 fault-nth:0): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:52 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:52 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r2 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r2, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x10000, 0x0) r4 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r4, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r4, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r5 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$unix(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000200)=@file={0x1, './file0/../file0\x00'}, 0x6e, &(0x7f00000000c0)=[{&(0x7f0000000300)="a5488638f14176b5808b9a89d91542197922baf3ec68801c90f72da62f8498907d4ce972e1d4f3468d76a3efc3f040d57057fbfcaa0ca99f162f41f1115378f38128720485595512a1c45ac9784e314c0eb7b23e830b406337653c2e649e170284ccbc66ae7c83b714da90a88128b247", 0x70}, {&(0x7f00000003c0)="07bde87acddc129a3634c2888e2a0e55d609dcab2e44d9f95de3167aceea28976185cc4a1ac750ed45169d6e3a6c6144ef7d08b5c294a4e7fa279c8a9ff00bf9f82ec04aa804226cdbba716250f5f8abd208b59278308a2fd21b64829d7aab7f6adedb61a33d6a0b0deaab90d523a708f93353939e5ef70031d2e311e4d0d3776e621f3052136664b33b618e5a4dac19371f72f48811a00f5086d65f7d49843262ae3af8", 0xa4}, {&(0x7f0000000480)="67441470cb83dd402f663564934e90f24329e8a58f1fc4d0511feeb8aa0db27df742131c4370a1b85c55e1dcf264f746432dfc8c274582f96b87eea54fc31004935965d01247c410bf5834da2a27d5603e35381fa237c5eb1b0c9744d3815da82ccaca1e3c63d322cfd24a2059cd6afa413fc04bb4d2576c4c5257d66882c6fc169ca39915946d78cbdf5b65e3771b42e3b40b3710e85cfc689a54a398d33a878fbc20315e57defb4dabf48207b838124c6009eaaf4eb45ac97a6afe167f8910deeeb32bf2512b791dc09034c207679d2dc943bb4396b9a55f1d92c5f4fe6c9032f8258b5666dd2f74bc0eeba5a3705e3b28d906fb98", 0xf6}, {&(0x7f0000000580)="c6f18a20908eae82ed7cd11fd2d45eca08bfe990c286afb4c5e161744adcffd07862182281ae61d45ef90debe848310c4751aa0ec2b80725a7aa0d182d6a3ad08ba3b4c615a0b7d81b0b96fdcc8e09315cc9655acf4eaa8d6c6fa7ea8b6a7f03acc1b5f7ba1f03076db9d0af1f84af5dfce08b8a60f80097f0ba0a", 0x7b}], 0x4, &(0x7f0000000600)=[@rights={{0x1c, 0x1, 0x1, [r1, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2]}}, @rights={{0x28, 0x1, 0x1, [r1, r0, r3, r1, r1, r0]}}, @rights={{0x1c, 0x1, 0x1, [r0, r4, r5]}}], 0x88, 0x4844}, 0x5ca976ced0026c07) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000), 0x4) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:52 executing program 5 (fault-call:7 fault-nth:4): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:52 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000200)={'nat\x00', 0x0, 0x3, 0x1000, [], 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f00000003c0)=""/4096}, &(0x7f0000000040)=0x78) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000300)=0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000280)='overlay\x00', 0x40, &(0x7f00000013c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@index_on='index=on'}, {@xino_auto='xino=auto'}, {@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@xino_off='xino=off'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}], [{@smackfstransmute={'smackfstransmute'}}, {@fowner_lt={'fowner<', r4}}, {@fsmagic={'fsmagic', 0x3d, 0x3}}]}) 04:29:52 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1270.218384] FAULT_INJECTION: forcing a failure. [ 1270.218384] name failslab, interval 1, probability 0, space 0, times 0 [ 1270.251755] FAULT_INJECTION: forcing a failure. [ 1270.251755] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1270.263601] CPU: 1 PID: 9028 Comm: syz-executor.5 Not tainted 4.14.193-syzkaller #0 [ 1270.271402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1270.280772] Call Trace: [ 1270.283374] dump_stack+0x1b2/0x283 [ 1270.287018] should_fail.cold+0x10a/0x154 [ 1270.291184] __alloc_pages_nodemask+0x22c/0x2720 [ 1270.295944] ? lock_acquire+0x170/0x3f0 [ 1270.299932] ? lock_downgrade+0x740/0x740 [ 1270.304091] ? __lock_acquire+0x5fc/0x3f20 [ 1270.308343] ? debug_check_no_obj_freed+0x2c0/0x674 [ 1270.313380] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1270.318239] ? lock_downgrade+0x740/0x740 [ 1270.322403] ? check_preemption_disabled+0x35/0x240 [ 1270.327535] ? putname+0xcd/0x110 [ 1270.331019] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1270.336047] ? perf_trace_lock_acquire+0x510/0x510 [ 1270.341072] ? putname+0xcd/0x110 [ 1270.344539] ? filename_lookup+0x380/0x510 [ 1270.348803] cache_grow_begin+0x8f/0x420 [ 1270.352879] cache_alloc_refill+0x273/0x350 [ 1270.357219] kmem_cache_alloc+0x333/0x3c0 [ 1270.361386] getname_flags+0xc8/0x550 [ 1270.365204] user_path_at_empty+0x2a/0x50 [ 1270.369354] SyS_pivot_root+0x1a5/0x11b0 [ 1270.373411] ? lock_downgrade+0x740/0x740 [ 1270.377547] ? vfs_write+0x35d/0x4d0 [ 1270.381254] ? is_path_reachable+0x100/0x100 [ 1270.385649] ? wait_for_completion_io+0x10/0x10 [ 1270.390319] ? vfs_write+0x319/0x4d0 [ 1270.394026] ? fput+0xb/0x140 [ 1270.397124] ? SyS_write+0x14d/0x210 [ 1270.400843] ? SyS_read+0x210/0x210 [ 1270.404471] ? SyS_clock_settime+0x1a0/0x1a0 [ 1270.408882] ? do_syscall_64+0x4c/0x640 [ 1270.413035] ? is_path_reachable+0x100/0x100 [ 1270.417445] do_syscall_64+0x1d5/0x640 [ 1270.421324] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1270.426496] RIP: 0033:0x45d249 [ 1270.429667] RSP: 002b:00007f0a9d256c78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1270.437359] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 [ 1270.444617] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000020000180 [ 1270.451912] RBP: 00007f0a9d256ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1270.459171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1270.466426] R13: 00007ffebf501eff R14: 00007f0a9d2579c0 R15: 000000000118cf4c [ 1270.473801] CPU: 0 PID: 9027 Comm: syz-executor.2 Not tainted 4.14.193-syzkaller #0 [ 1270.481625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1270.491084] Call Trace: [ 1270.493683] dump_stack+0x1b2/0x283 [ 1270.497327] should_fail.cold+0x10a/0x154 [ 1270.501490] should_failslab+0xd6/0x130 [ 1270.505481] __kmalloc_track_caller+0x2bc/0x400 [ 1270.510158] ? strndup_user+0x5b/0xf0 [ 1270.513980] memdup_user+0x22/0xa0 04:29:52 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0xad16f390f451ed91) signalfd(r0, &(0x7f0000000040)={[0x6]}, 0x8) syz_mount_image$ocfs2(&(0x7f00000000c0)='ocfs2\x00', &(0x7f0000000200)='./file0\x00', 0x8, 0x8, &(0x7f0000000840)=[{&(0x7f0000000240)="1005685cb6ca6edf6def12777639fe5cbd9b32d10c399bed76d53321cfbd198e64140f5b182297337dbd1b4556a15af6a9de3b2fe7334c56a513", 0x3a, 0x100000000}, {&(0x7f00000003c0)="d33b12fa8be3473bd1d64727c23ba4e161053bdc86c58d921a4f26ebbee3ae0e1d5a99799915aeadd9548e7ae37499f14e0f87c0c43f578a1885df540e390ace32feba46c2ff510a49f9fcab2bdbf4a207e2460b297d1748916ccf3bc7121d3e5dcda60cd273342fbf5e91eb364827babdd1a341427d7bb701c56b6efed84772feb27300bcaf9bfdacbde0e8887f36e2c395f8cd8d6055a7818ea24c80ced2558b4dc92ce447d83b6e8b4ac9504fff94d02bbbcca9ed4e977910e468c3b1be3e1344b389af902d31720d278e52fda1a4058cf070f5ceb7cd0768f06f52b69ee7a885616ed3ec", 0xe6, 0x10001}, {&(0x7f0000000300)="ee4f02cfec3c5a4c437e877f692ea73ab07f0e28f1955307e0a4c02ff0ec8e1ff7715f71962e8142da8546a20046fb8d9d57563edc26a3d03038a5965be21465557821631917957f92fd6e9e4f8a3159b56291c1622c971d8ccaa4f6e423410cd19e1e2662d4d0cb4b74ba6edb24fc97c849f7afa39780baa44d5c04d24e9fb3", 0x80, 0x8}, {&(0x7f00000004c0)="6d638f0cc89a24042b3e55ff4b41377412080d94f0c107e13ca48a50266caf23f0adce2bff077af6cf1846b73268ffa0209b4657e2ad8f1ca878ca2b726f7b0ef13f9a674831300adc2c24022e27b4f854e7ac147fbeec9291399a36c035c42437c8967db795f8011c837805b7d3073bfa9a4b1d1620d1766db279dc42f58c44c1575fbeeaff437a8f3fc62fa65fc357163b5281a4f8b84128977a6f74b11bb748032855fa6901f2f67bae3ccd51031e94b951bf44ffbee22e5ea990f22c52fcd6f200f6bf24c0f724c06d9ab99696d4b1c4e99fc994f9696c889c95", 0xdc, 0xcb}, {&(0x7f00000005c0)="885c6828df0cb019b1461c0b9c22bce13016c9def9ce84d436692412d5f47448c2b5fdadd1aff54528c4e68a46b81d86ab0ebdf67a4ddcbf0f818ffe2b8eede9fffa12af6fa24496e96b002d3aa7cbd72ae26e99d6fa", 0x56, 0x8}, {&(0x7f0000000640)="081692a9c0ad5a0546703844e2af3db09d2c537f7957c499fec74470a530af55ac17837e9734048feb0e367ce45f21e48676653f152fe3df1970d345335ce37c29ee6a97eea4cbf9ff4209263d65802fe2a9873b4e430f5f6a81fb504d11ee8f4c37ea68aa767f3cdb2df8234249e8ba104fe44d67a296fb089facc320bbeb9b21412f96b55dcad7e30bfec518f383f0c28055d70d40e573c33c87f5f1e318304c6908f73b3319ec96c587746b0f20cbb7", 0xb1, 0x3906704}, {&(0x7f0000000700)="3388f691e3c5bc282ca466354f0c61fbd939544a7b8acf2bd71b5226f2130e5dbe447887b4566c10dc6772580c0e3feba79e1bc9d085d10d4106e34e8dc8a76ab9364ca1f515a6", 0x47, 0x1}, {&(0x7f0000000780)="3059dca0bb370d0ce8e0497301b6d2d41f70204f13ccbc65c67783a59619984a097be5b838bdea9dd98b60d3d88fdf127be59fd40df00f857edf36e4472a974bd8d2e553f72ad30b9bfab3971d952471b285352ea41a972adab8452a70336298a9b048a1f99ba4ccf5d6fa3bb01a739c62bc4879117f37c7e5dc4e84260e01c072b3ff1b5637b93862000d220f44b426018b09d94be2aeac7f99529d80aca36a9c4b4c081f6bb2f061c1", 0xaa, 0xb51}], 0x3010, &(0x7f0000000280)='/dev/input/mice\x00') mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) membarrier(0x20, 0x0) 04:29:52 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:52 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1270.517534] strndup_user+0x5b/0xf0 [ 1270.521171] ? copy_mnt_ns+0xa30/0xa30 [ 1270.525065] SyS_mount+0x39/0x120 [ 1270.528527] ? copy_mnt_ns+0xa30/0xa30 [ 1270.532438] do_syscall_64+0x1d5/0x640 [ 1270.536348] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1270.541550] RIP: 0033:0x45d249 [ 1270.544771] RSP: 002b:00007fe4ec0a8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1270.552637] RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045d249 [ 1270.559920] RDX: 0000000020000380 RSI: 0000000020000080 RDI: 0000000000000000 04:29:53 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:53 executing program 5 (fault-call:7 fault-nth:5): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1270.567202] RBP: 00007fe4ec0a8ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1270.574586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1270.581896] R13: 00007ffc71a8c0bf R14: 00007fe4ec0a99c0 R15: 000000000118cf4c [ 1270.663596] FAULT_INJECTION: forcing a failure. [ 1270.663596] name failslab, interval 1, probability 0, space 0, times 0 [ 1270.675219] CPU: 0 PID: 9048 Comm: syz-executor.5 Not tainted 4.14.193-syzkaller #0 [ 1270.683032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1270.692738] Call Trace: [ 1270.695321] dump_stack+0x1b2/0x283 [ 1270.698941] should_fail.cold+0x10a/0x154 [ 1270.703079] should_failslab+0xd6/0x130 [ 1270.708345] __kmalloc_track_caller+0x2bc/0x400 [ 1270.713006] ? security_context_to_sid_core+0x94/0x3d0 [ 1270.718273] kmemdup_nul+0x2d/0xa0 [ 1270.721919] security_context_to_sid_core+0x94/0x3d0 [ 1270.727026] ? string_to_context_struct+0x7f0/0x7f0 [ 1270.732204] ? kernfs_iop_permission+0x4e/0x90 [ 1270.736792] ? kernfs_iop_permission+0x4e/0x90 [ 1270.741368] ? __mutex_lock+0x360/0x1310 [ 1270.745438] selinux_inode_setsecurity+0x155/0x350 [ 1270.750396] ? selinux_secctx_to_secid+0x30/0x30 [ 1270.755486] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1270.761055] selinux_inode_notifysecctx+0x2b/0x50 [ 1270.765896] security_inode_notifysecctx+0x76/0xb0 [ 1270.770829] kernfs_refresh_inode+0x328/0x4a0 [ 1270.775320] ? kernfs_iop_getattr+0xd0/0xd0 [ 1270.779636] ? kernfs_iop_getattr+0xd0/0xd0 [ 1270.783968] kernfs_iop_permission+0x59/0x90 [ 1270.788455] __inode_permission+0x1f1/0x2f0 [ 1270.792856] link_path_walk+0x86a/0x10a0 [ 1270.796962] ? walk_component+0xbc0/0xbc0 [ 1270.801120] path_lookupat+0xcb/0x780 [ 1270.804917] ? lock_downgrade+0x740/0x740 [ 1270.809058] ? path_mountpoint+0x940/0x940 [ 1270.813292] ? cache_alloc_refill+0x2fa/0x350 [ 1270.817804] filename_lookup+0x18a/0x510 [ 1270.821854] ? filename_parentat+0x520/0x520 [ 1270.826264] ? __check_object_size+0x179/0x22c [ 1270.830841] ? strncpy_from_user+0x210/0x2c0 [ 1270.835235] ? getname_flags+0x22e/0x550 [ 1270.839283] SyS_pivot_root+0x1a5/0x11b0 [ 1270.843334] ? lock_downgrade+0x740/0x740 [ 1270.847478] ? vfs_write+0x35d/0x4d0 [ 1270.851203] ? is_path_reachable+0x100/0x100 [ 1270.855604] ? wait_for_completion_io+0x10/0x10 [ 1270.860259] ? vfs_write+0x319/0x4d0 [ 1270.863966] ? fput+0xb/0x140 [ 1270.867066] ? SyS_write+0x14d/0x210 [ 1270.870772] ? SyS_read+0x210/0x210 [ 1270.874384] ? SyS_clock_settime+0x1a0/0x1a0 [ 1270.878803] ? do_syscall_64+0x4c/0x640 [ 1270.882775] ? is_path_reachable+0x100/0x100 [ 1270.887196] do_syscall_64+0x1d5/0x640 [ 1270.891109] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1270.896286] RIP: 0033:0x45d249 [ 1270.899466] RSP: 002b:00007f0a9d256c78 EFLAGS: 00000246 ORIG_RAX: 000000000000009b [ 1270.907165] RAX: ffffffffffffffda RBX: 0000000000023c00 RCX: 000000000045d249 [ 1270.915627] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000020000180 [ 1270.923096] RBP: 00007f0a9d256ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1270.930366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 1270.937646] R13: 00007ffebf501eff R14: 00007f0a9d2579c0 R15: 000000000118cf4c 04:29:53 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x0, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:53 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:53 executing program 2 (fault-call:3 fault-nth:1): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:53 executing program 5 (fault-call:7 fault-nth:6): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1270.969606] overlayfs: unrecognized mount option "xino=auto" or missing value 04:29:53 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) mount(&(0x7f00000000c0)=ANY=[@ANYRES64=r0], &(0x7f0000000200)='./file0/file0\x00', 0x0, 0x201000, 0x0) syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x1, 0x20201) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x200, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r4) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:53 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000200)={'nat\x00', 0x0, 0x3, 0x1000, [], 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f00000003c0)=""/4096}, &(0x7f0000000040)=0x78) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000300)=0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000280)='overlay\x00', 0x40, &(0x7f00000013c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@index_on='index=on'}, {@xino_auto='xino=auto'}, {@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@xino_off='xino=off'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}], [{@smackfstransmute={'smackfstransmute'}}, {@fowner_lt={'fowner<', r4}}, {@fsmagic={'fsmagic', 0x3d, 0x3}}]}) 04:29:53 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:53 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB="02"], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r4) mount$overlay(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='overlay\x00', 0x2000000, &(0x7f00000003c0)={[{@default_permissions='default_permissions'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '\xf4@'}}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@uid_gt={'uid>', r0}}, {@fowner_eq={'fowner', 0x3d, r2}}, {@fowner_lt={'fowner<', r4}}]}) chdir(&(0x7f00000001c0)='./file0\x00') open(&(0x7f0000000000)='./file0\x00', 0x1, 0x142) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1271.077346] FAULT_INJECTION: forcing a failure. [ 1271.077346] name failslab, interval 1, probability 0, space 0, times 0 [ 1271.139988] CPU: 0 PID: 9062 Comm: syz-executor.2 Not tainted 4.14.193-syzkaller #0 [ 1271.147834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1271.157291] Call Trace: [ 1271.159902] dump_stack+0x1b2/0x283 [ 1271.163557] should_fail.cold+0x10a/0x154 [ 1271.167722] should_failslab+0xd6/0x130 [ 1271.171885] kmem_cache_alloc+0x28e/0x3c0 [ 1271.176051] getname_flags+0xc8/0x550 [ 1271.179861] ? perf_trace_lock_acquire+0x510/0x510 [ 1271.184809] user_path_at_empty+0x2a/0x50 [ 1271.188978] do_mount+0x118/0x2a00 [ 1271.192536] ? lock_acquire+0x170/0x3f0 [ 1271.196531] ? lock_downgrade+0x740/0x740 [ 1271.200693] ? copy_mount_string+0x40/0x40 [ 1271.204939] ? __might_fault+0x177/0x1b0 [ 1271.209013] ? _copy_from_user+0x96/0x100 [ 1271.213166] ? copy_mount_options+0x1fa/0x2f0 [ 1271.217671] ? copy_mnt_ns+0xa30/0xa30 [ 1271.221669] SyS_mount+0xa8/0x120 [ 1271.225130] ? copy_mnt_ns+0xa30/0xa30 [ 1271.229034] do_syscall_64+0x1d5/0x640 [ 1271.232993] entry_SYSCALL_64_after_hwframe+0x46/0xbb 04:29:53 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000200)='fou\x00') mount(&(0x7f0000000080)=ANY=[@ANYBLOB="2ed1fcc63df803829fbf468277eec31f142941ae2d8fd8f713b83a8e85b3b4622e439ff9d600000000fcec8d48a5d95eb5ca54451f81127c0d9d1ba50fc0ad38878f06a611e0ee212b0fe1d5ce2a894e82070f8b3cd3ee7f9fd87b"], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0\x00', 0x0) [ 1271.238212] RIP: 0033:0x45d249 [ 1271.241404] RSP: 002b:00007fe4ec0a8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1271.249122] RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045d249 [ 1271.256404] RDX: 0000000020000380 RSI: 0000000020000080 RDI: 0000000000000000 [ 1271.263685] RBP: 00007fe4ec0a8ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1271.270968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1271.278281] R13: 00007ffc71a8c0bf R14: 00007fe4ec0a99c0 R15: 000000000118cf4c 04:29:53 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:53 executing program 2 (fault-call:3 fault-nth:2): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:53 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r4) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000080), &(0x7f0000002000)=0xc) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x2}, 0x8) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r6) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x800000, &(0x7f0000000480)={[{@redirect_dir={'redirect_dir', 0x3d, './file0/../file0'}}], [{@dont_hash='dont_hash'}, {@smackfshat={'smackfshat', 0x3d, 'sysfs\x00'}}, {@fowner_eq={'fowner', 0x3d, r2}}, {@obj_role={'obj_role', 0x3d, '-:&@(&'}}, {@fsname={'fsname', 0x3d, '\xcf1(\xadD\x002\x00\x00EA\xf3\x87e-\x06'}}, {@measure='measure'}, {@euid_gt={'euid>', r6}}, {@dont_appraise='dont_appraise'}]}) r7 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1271.415715] FAULT_INJECTION: forcing a failure. [ 1271.415715] name failslab, interval 1, probability 0, space 0, times 0 [ 1271.474416] CPU: 1 PID: 9081 Comm: syz-executor.2 Not tainted 4.14.193-syzkaller #0 [ 1271.482258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1271.491622] Call Trace: [ 1271.494225] dump_stack+0x1b2/0x283 [ 1271.497872] should_fail.cold+0x10a/0x154 [ 1271.502045] should_failslab+0xd6/0x130 [ 1271.506042] kmem_cache_alloc+0x28e/0x3c0 [ 1271.510202] alloc_vfsmnt+0x23/0x7f0 [ 1271.513925] ? _raw_read_unlock+0x29/0x40 [ 1271.518095] vfs_kern_mount.part.0+0x27/0x470 [ 1271.522609] do_mount+0xe53/0x2a00 [ 1271.526164] ? lock_acquire+0x170/0x3f0 [ 1271.530151] ? lock_downgrade+0x740/0x740 [ 1271.534312] ? copy_mount_string+0x40/0x40 [ 1271.538558] ? __might_fault+0x177/0x1b0 [ 1271.542642] ? _copy_from_user+0x96/0x100 [ 1271.546811] ? copy_mount_options+0x1fa/0x2f0 [ 1271.552024] ? copy_mnt_ns+0xa30/0xa30 [ 1271.556016] SyS_mount+0xa8/0x120 [ 1271.559484] ? copy_mnt_ns+0xa30/0xa30 [ 1271.563386] do_syscall_64+0x1d5/0x640 [ 1271.567288] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1271.572487] RIP: 0033:0x45d249 [ 1271.575695] RSP: 002b:00007fe4ec0a8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1271.583761] RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045d249 [ 1271.591038] RDX: 0000000020000380 RSI: 0000000020000080 RDI: 0000000000000000 [ 1271.598321] RBP: 00007fe4ec0a8ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1271.605600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1271.612920] R13: 00007ffc71a8c0bf R14: 00007fe4ec0a99c0 R15: 000000000118cf4c [ 1271.646247] overlayfs: unrecognized mount option "xino=auto" or missing value 04:29:54 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x0, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:54 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000540)=0x400002, 0x4) recvmmsg(r0, &(0x7f00000068c0)=[{{0x0, 0x0, 0x0}}], 0x2, 0x122, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x20280, 0x0) bind$unix(r0, &(0x7f0000000000)=@file={0x0, './file0/../file0\x00'}, 0x6e) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:54 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x40247007, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, 0x0) ioctl$TIOCGETD(r1, 0x5424, &(0x7f00000002c0)) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000480)={0x29, 0x4, 0x0, {0x1, 0xbe, 0x1, 0x0, [0x0]}}, 0x29) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:54 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000200)={'nat\x00', 0x0, 0x3, 0x1000, [], 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f00000003c0)=""/4096}, &(0x7f0000000040)=0x78) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000300)=0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000280)='overlay\x00', 0x40, &(0x7f00000013c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@index_on='index=on'}, {@xino_auto='xino=auto'}, {@metacopy_on='metacopy=on'}, {@nfs_export_off='nfs_export=off'}, {@xino_off='xino=off'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}], [{@smackfstransmute={'smackfstransmute'}}, {@fowner_lt={'fowner<', r4}}, {@fsmagic={'fsmagic', 0x3d, 0x3}}]}) 04:29:54 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:54 executing program 2 (fault-call:3 fault-nth:3): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:54 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], 0x0, 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1271.818052] FAULT_INJECTION: forcing a failure. [ 1271.818052] name failslab, interval 1, probability 0, space 0, times 0 [ 1271.875057] CPU: 1 PID: 9100 Comm: syz-executor.2 Not tainted 4.14.193-syzkaller #0 [ 1271.882997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1271.896093] Call Trace: [ 1271.898697] dump_stack+0x1b2/0x283 [ 1271.902961] should_fail.cold+0x10a/0x154 [ 1271.907126] should_failslab+0xd6/0x130 [ 1271.911113] kmem_cache_alloc+0x28e/0x3c0 [ 1271.915276] alloc_vfsmnt+0x23/0x7f0 [ 1271.919002] ? _raw_read_unlock+0x29/0x40 [ 1271.923161] vfs_kern_mount.part.0+0x27/0x470 [ 1271.927671] do_mount+0xe53/0x2a00 [ 1271.931235] ? lock_acquire+0x170/0x3f0 [ 1271.935492] ? lock_downgrade+0x740/0x740 [ 1271.939651] ? copy_mount_string+0x40/0x40 [ 1271.943900] ? __might_fault+0x177/0x1b0 [ 1271.948011] ? _copy_from_user+0x96/0x100 [ 1271.952440] ? copy_mount_options+0x1fa/0x2f0 [ 1271.956949] ? copy_mnt_ns+0xa30/0xa30 [ 1271.960852] SyS_mount+0xa8/0x120 [ 1271.964318] ? copy_mnt_ns+0xa30/0xa30 [ 1271.968228] do_syscall_64+0x1d5/0x640 04:29:54 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1271.972137] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1271.977348] RIP: 0033:0x45d249 [ 1271.981500] RSP: 002b:00007fe4ec0a8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1271.989219] RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045d249 [ 1271.996496] RDX: 0000000020000380 RSI: 0000000020000080 RDI: 0000000000000000 [ 1272.003781] RBP: 00007fe4ec0a8ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1272.011060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1272.018348] R13: 00007ffc71a8c0bf R14: 00007fe4ec0a99c0 R15: 000000000118cf4c 04:29:54 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x0, 0x6}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:54 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:54 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000240)=ANY=[@ANYBLOB="b88d4b960dd33d529dac2fd6b986d40a79eba03cc3ceae4564130b02ff16489fe19fdd0900000000000000d6141e2b5c8a8dfb7151f1ed81d93753769f8ad8a20592d500"/87], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1000000, 0x7, 0x40}, 0x0) sched_getscheduler(r0) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) prctl$PR_SET_PDEATHSIG(0x1, 0x2) io_getevents(0x0, 0x4, 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f00000000c0)={0x0, 0x3938700}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1272.149314] overlayfs: unrecognized mount option "xino=auto" or missing value 04:29:54 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:54 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:55 executing program 5: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='./file0\x00', 0x0, 0x1203c40, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xfffffffffffffbce, 0x400401) mkdirat(r2, &(0x7f00000000c0)='./file0/../file0\x00', 0x180) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:55 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:55 executing program 2 (fault-call:3 fault-nth:4): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:55 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0\x00', 0x0) 04:29:55 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000200)={'nat\x00', 0x0, 0x3, 0x1000, [], 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f00000003c0)=""/4096}, &(0x7f0000000040)=0x78) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000300)) [ 1272.662059] FAULT_INJECTION: forcing a failure. [ 1272.662059] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1272.673924] CPU: 0 PID: 9139 Comm: syz-executor.2 Not tainted 4.14.193-syzkaller #0 [ 1272.681740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1272.691102] Call Trace: [ 1272.693706] dump_stack+0x1b2/0x283 [ 1272.697353] should_fail.cold+0x10a/0x154 [ 1272.701515] __alloc_pages_nodemask+0x22c/0x2720 [ 1272.706285] ? __lock_acquire+0x5fc/0x3f20 [ 1272.710540] ? __lock_acquire+0x5fc/0x3f20 [ 1272.714796] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1272.719653] ? check_preemption_disabled+0x35/0x240 [ 1272.724694] ? check_preemption_disabled+0x35/0x240 [ 1272.729817] ? perf_trace_lock_acquire+0x510/0x510 [ 1272.734765] ? putname+0xcd/0x110 [ 1272.738239] ? perf_trace_lock_acquire+0x510/0x510 [ 1272.743186] cache_grow_begin+0x8f/0x420 [ 1272.747283] cache_alloc_refill+0x273/0x350 [ 1272.751623] kmem_cache_alloc+0x333/0x3c0 [ 1272.755785] alloc_vfsmnt+0x23/0x7f0 04:29:55 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000240)=ANY=[@ANYBLOB="f8e3b9328147c22e1ee916479a20dd5db8dd221a6ffa84c410606d56c64688af555e03ef503b7b8e328f1e02b9d5bc5d82e69bcf411f68401a324d1b2ae607f5b0755649aa0ee4a598b13803537c22b1d50c2e7960cec204d7a8e85664ebb5f67774607e33b62dbc9422030030adc5c4cbd79487a5569b9fadfed401"], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_TTY_SET(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x18, 0x3f9, 0x300, 0x70bd2a, 0x25dfdbff, {}, ["", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x48000) 04:29:55 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1272.759508] ? _raw_read_unlock+0x29/0x40 [ 1272.763664] vfs_kern_mount.part.0+0x27/0x470 [ 1272.768521] do_mount+0xe53/0x2a00 [ 1272.772079] ? lock_acquire+0x170/0x3f0 [ 1272.776071] ? lock_downgrade+0x740/0x740 [ 1272.780235] ? copy_mount_string+0x40/0x40 [ 1272.784485] ? __might_fault+0x177/0x1b0 [ 1272.788558] ? _copy_from_user+0x96/0x100 [ 1272.792729] ? copy_mount_options+0x1fa/0x2f0 [ 1272.797233] ? copy_mnt_ns+0xa30/0xa30 [ 1272.801140] SyS_mount+0xa8/0x120 [ 1272.804602] ? copy_mnt_ns+0xa30/0xa30 [ 1272.808701] do_syscall_64+0x1d5/0x640 [ 1272.812615] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1272.817814] RIP: 0033:0x45d249 [ 1272.821005] RSP: 002b:00007fe4ec0a8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1272.828723] RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045d249 [ 1272.836004] RDX: 0000000020000380 RSI: 0000000020000080 RDI: 0000000000000000 [ 1272.843284] RBP: 00007fe4ec0a8ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1272.850561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 04:29:55 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:55 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000200)={'nat\x00', 0x0, 0x3, 0x1000, [], 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f00000003c0)=""/4096}, &(0x7f0000000040)=0x78) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 04:29:55 executing program 2 (fault-call:3 fault-nth:5): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:55 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x81) mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2aa8cd477906437d5181535ec92947448d72b057b90a0f44e88823f6396a9b9f0601849428548a9fd0d47677ef485d97d1c551f9b4ace5001c8c0e2a5b33d7342efb345c6e3ff65d2f8a8da28d30bf70333ad9be0c90f39d523e788668117f14778ff2566d442a55e0dfcf7d5cc3126c10b442992a35516835e5a239609ffeeeab3b34564eab2da6d05a4de01e894774782278f195db90b5c2837b1f307f522b9f4a9b3a"], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r2, 0xc02c564a, &(0x7f00000000c0)={0xc4f, 0x30314442, 0x1, @discrete={0x3}}) r3 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) pivot_root(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000000)='./file1\x00') [ 1272.857923] R13: 00007ffc71a8c0bf R14: 00007fe4ec0a99c0 R15: 000000000118cf4c 04:29:55 executing program 4: mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:55 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:55 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000080), 0x301) setxattr$security_evm(&(0x7f0000000240)='./file0/../file0\x00', &(0x7f0000000280)='security.evm\x00', &(0x7f00000003c0)=@v2={0x5, 0x0, 0x6, 0x6, 0xcb, "7fbc8a27f08ca6438abcc30f3d84ac38a39a02cc0e1f325c4b49178ae1e38eb29f9a598f908b0fd48132b1041827e24bbc4906c8dece9492736a23857bb948e74679512347a90c3f73653bde6612274653f919351524dc855631c731452e94d1b726c4cf04debf6a1970c36c5f8be68eb398f39832a79693b2f45aeec24bc52b4cf5bf4578371c6e9d5856b20c78a9338b0e6839dea7c213e086ca5b11f5a5f80f768611ca6efa0b6d3af5a672502c62ce4e96897f30396725c71c97637ef24580dcd974bab8cde2fd9493"}, 0xd4, 0x2) setsockopt$sock_attach_bpf(r0, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpuacct.usage_percpu\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0xa85, &(0x7f0000000500)={0xffffffffffffffff}, 0x2, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f0000000580)={0x1, 0x10, 0xfa00, {&(0x7f00000004c0), r4}}, 0x18) r5 = accept4(r0, &(0x7f0000000000)=@phonet, &(0x7f00000000c0)=0x80, 0x400) connect$vsock_stream(r5, &(0x7f0000000200)={0x28, 0x0, 0x0, @hyper}, 0x10) open$dir(&(0x7f0000000300)='./file0/../file0\x00', 0x16400, 0x2) [ 1273.009015] FAULT_INJECTION: forcing a failure. [ 1273.009015] name failslab, interval 1, probability 0, space 0, times 0 04:29:55 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000040)=ANY=[@ANYBLOB="e9bded9deb3fdd0271f73ec7ca0e"], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r1) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_S390_INTERRUPT_CPU(r4, 0x4010ae94, &(0x7f00000000c0)={0x2e, 0x10001, 0x1}) setgroups(0x1, &(0x7f0000000780)=[r2]) chown(&(0x7f0000000000)='./file0\x00', r1, r2) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1273.080287] CPU: 0 PID: 9159 Comm: syz-executor.2 Not tainted 4.14.193-syzkaller #0 [ 1273.088130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1273.097495] Call Trace: [ 1273.100185] dump_stack+0x1b2/0x283 [ 1273.103829] should_fail.cold+0x10a/0x154 [ 1273.107995] should_failslab+0xd6/0x130 [ 1273.111986] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1273.116676] sget_userns+0x102/0xc10 [ 1273.120405] ? kernfs_sop_show_options+0x170/0x170 [ 1273.125345] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1273.130807] ? kernfs_sop_show_path+0x190/0x190 [ 1273.135498] kernfs_mount_ns+0xd5/0x770 [ 1273.139581] sysfs_mount+0xa1/0x160 [ 1273.143220] ? sysfs_kill_sb+0x30/0x30 [ 1273.147287] ? __lockdep_init_map+0x100/0x560 [ 1273.151795] mount_fs+0x92/0x2a0 [ 1273.155180] vfs_kern_mount.part.0+0x5b/0x470 [ 1273.159691] do_mount+0xe53/0x2a00 [ 1273.163256] ? lock_acquire+0x170/0x3f0 [ 1273.167244] ? lock_downgrade+0x740/0x740 [ 1273.171403] ? copy_mount_string+0x40/0x40 [ 1273.175658] ? __might_fault+0x177/0x1b0 04:29:55 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="2e7b9a07afb01400"], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) [ 1273.179734] ? _copy_from_user+0x96/0x100 [ 1273.183893] ? copy_mount_options+0x1fa/0x2f0 [ 1273.188436] ? copy_mnt_ns+0xa30/0xa30 [ 1273.192422] SyS_mount+0xa8/0x120 [ 1273.195884] ? copy_mnt_ns+0xa30/0xa30 [ 1273.199785] do_syscall_64+0x1d5/0x640 [ 1273.203694] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1273.208897] RIP: 0033:0x45d249 [ 1273.212092] RSP: 002b:00007fe4ec0a8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1273.219812] RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045d249 04:29:55 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000003c0)=ANY=[@ANYBLOB="2e257d60d3f53ce7cf034d172fa359a2ba964f7530f7710188c7aa2db249a689de6f6c251f4287312b68933b1e0000000000000007c79a2e9609c3a10800000000000000e941a5f0fb333c00000000fa6c2c7f0bc5c0e907ce8887aa607eb440ab088e2ead38edfd422f0d1939b8e0259ea4d45b2904460636e7e027b008a447eed3b366d93d6516c6587bfc8619b19d20c570c2383da52769bb28a08fa6fedf6e1508b5b1899d214ef38409718e6f20edfee04db4cf7c789d79cf6dba5921e6bac669e947204177b8636bbf12283eac6fe2ef6572f36ea74018075aff662181876b677505780688fb99866d51bd487c04b7820500000047128f3a76864a2c34603e53faa94185a6cc423cafa7cf947c078e96c469265eb9a1643acb356bc202116ba91116d02fccbf7bc5b0adf1e33faabc3279f92ae60659c73dce6514d9098a41c1498f0edfba855ac70df474819fcaf8bdbec8c2a44cb7a841028ec446fe5c"], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x1}, &(0x7f0000000040)=0x8) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup2(r5, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000280)={r4, 0x20000007, 0x20, 0x4}, &(0x7f0000000240)=0x10) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) 04:29:55 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:55 executing program 2 (fault-call:3 fault-nth:6): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) [ 1273.227096] RDX: 0000000020000380 RSI: 0000000020000080 RDI: 0000000000000000 [ 1273.234641] RBP: 00007fe4ec0a8ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1273.241922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 1273.249204] R13: 00007ffc71a8c0bf R14: 00007fe4ec0a99c0 R15: 000000000118cf4c [ 1273.391889] FAULT_INJECTION: forcing a failure. [ 1273.391889] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1273.403743] CPU: 1 PID: 9189 Comm: syz-executor.2 Not tainted 4.14.193-syzkaller #0 [ 1273.411550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1273.420913] Call Trace: [ 1273.423515] dump_stack+0x1b2/0x283 [ 1273.427177] should_fail.cold+0x10a/0x154 [ 1273.431350] __alloc_pages_nodemask+0x22c/0x2720 [ 1273.436232] ? check_preemption_disabled+0x35/0x240 [ 1273.441261] ? __kernel_text_address+0x9/0x30 [ 1273.445774] ? __lock_acquire+0x5fc/0x3f20 [ 1273.450025] ? __lock_acquire+0x5fc/0x3f20 [ 1273.454287] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1273.459137] ? kasan_kmalloc+0xeb/0x160 [ 1273.463126] ? check_preemption_disabled+0x35/0x240 [ 1273.468167] ? perf_trace_lock_acquire+0x510/0x510 [ 1273.473109] ? perf_trace_lock_acquire+0x510/0x510 [ 1273.478043] ? perf_trace_lock+0xf7/0x490 [ 1273.482207] cache_grow_begin+0x8f/0x420 [ 1273.486287] cache_alloc_refill+0x273/0x350 [ 1273.490633] kmem_cache_alloc_trace+0x340/0x3d0 [ 1273.495321] sget_userns+0x102/0xc10 [ 1273.499044] ? kernfs_sop_show_options+0x170/0x170 [ 1273.504072] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1273.509539] ? kernfs_sop_show_path+0x190/0x190 [ 1273.514224] kernfs_mount_ns+0xd5/0x770 [ 1273.518222] sysfs_mount+0xa1/0x160 [ 1273.521861] ? sysfs_kill_sb+0x30/0x30 [ 1273.525754] ? __lockdep_init_map+0x100/0x560 [ 1273.530259] mount_fs+0x92/0x2a0 [ 1273.533634] vfs_kern_mount.part.0+0x5b/0x470 [ 1273.538135] do_mount+0xe53/0x2a00 [ 1273.541687] ? lock_acquire+0x170/0x3f0 [ 1273.545675] ? lock_downgrade+0x740/0x740 [ 1273.549957] ? copy_mount_string+0x40/0x40 [ 1273.554201] ? __might_fault+0x177/0x1b0 [ 1273.558258] ? _copy_from_user+0x96/0x100 [ 1273.562553] ? copy_mount_options+0x1fa/0x2f0 [ 1273.567034] ? copy_mnt_ns+0xa30/0xa30 [ 1273.570924] SyS_mount+0xa8/0x120 [ 1273.574367] ? copy_mnt_ns+0xa30/0xa30 [ 1273.578247] do_syscall_64+0x1d5/0x640 [ 1273.582120] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1273.587290] RIP: 0033:0x45d249 04:29:56 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:56 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x38, 0x2, {{}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x8}]}]}}}]}, 0x68}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket(0x11, 0x800000003, 0x0) bind(r5, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r5, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x68, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x38, 0x2, {{}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x8}]}]}}}]}, 0x68}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r4, 0x89f5, &(0x7f0000000040)={'syztnl1\x00', &(0x7f0000000200)={'syztnl1\x00', r6, 0x29, 0x0, 0x3, 0x68, 0x21, @private0={0xfc, 0x0, [], 0x1}, @private2={0xfc, 0x2, [], 0x1}, 0xf, 0x8, 0xff, 0x2}}) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f00000003c0)={0x90, 0x0, 0x700, 0x70bd2d, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r1}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}]}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r8}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x12d5e08e23471082}, 0x20000800) 04:29:56 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') 04:29:56 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000200)={'nat\x00', 0x0, 0x3, 0x1000, [], 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f00000003c0)=""/4096}, &(0x7f0000000040)=0x78) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r2, r2) [ 1273.590476] RSP: 002b:00007fe4ec0a8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1273.598400] RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045d249 [ 1273.605787] RDX: 0000000020000380 RSI: 0000000020000080 RDI: 0000000000000000 [ 1273.613049] RBP: 00007fe4ec0a8ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1273.620437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1273.627714] R13: 00007ffc71a8c0bf R14: 00007fe4ec0a99c0 R15: 000000000118cf4c 04:29:56 executing program 2 (fault-call:3 fault-nth:7): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:56 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB="a980c21e870900000000001e39136a2ed0dd02e759c0b25f7b8d7c4b1d5481a45fcdbf9ac1e07ffc0163d378bb828baa5861f3fb1f9f6d85b48c4a0fed9325c62cd38949ad5bfdac5ecbf40500"/94], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x484081, 0x0) bind$ax25(r0, &(0x7f0000000240)={{0x3, @bcast, 0x8}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default]}, 0x48) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10) r4 = dup3(r3, r2, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x17) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000400)=@sack_info={0x0, 0x4, 0x88}, &(0x7f0000002000)=0xc) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000040)=@sack_info={r5, 0x9, 0x2005}, 0xc) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0\x00') 04:29:56 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1273.712854] netem: unknown loss type 8 [ 1273.726489] netem: change failed [ 1273.750219] netem: unknown loss type 8 [ 1273.758176] FAULT_INJECTION: forcing a failure. [ 1273.758176] name failslab, interval 1, probability 0, space 0, times 0 [ 1273.762497] netem: change failed [ 1273.800422] CPU: 1 PID: 9201 Comm: syz-executor.2 Not tainted 4.14.193-syzkaller #0 [ 1273.808266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1273.817629] Call Trace: [ 1273.820231] dump_stack+0x1b2/0x283 [ 1273.823880] should_fail.cold+0x10a/0x154 [ 1273.828050] should_failslab+0xd6/0x130 [ 1273.832040] __kmalloc+0x2c1/0x400 [ 1273.835590] ? __list_lru_init+0x67/0x710 [ 1273.839761] __list_lru_init+0x67/0x710 [ 1273.843765] sget_userns+0x4e4/0xc10 [ 1273.847576] ? kernfs_sop_show_options+0x170/0x170 [ 1273.852523] ? kernfs_sop_show_path+0x190/0x190 [ 1273.857213] kernfs_mount_ns+0xd5/0x770 [ 1273.861203] sysfs_mount+0xa1/0x160 [ 1273.864840] ? sysfs_kill_sb+0x30/0x30 [ 1273.868738] ? __lockdep_init_map+0x100/0x560 [ 1273.873247] mount_fs+0x92/0x2a0 [ 1273.876632] vfs_kern_mount.part.0+0x5b/0x470 [ 1273.881138] do_mount+0xe53/0x2a00 [ 1273.884691] ? lock_acquire+0x170/0x3f0 [ 1273.888675] ? lock_downgrade+0x740/0x740 [ 1273.892837] ? copy_mount_string+0x40/0x40 [ 1273.897079] ? __might_fault+0x177/0x1b0 [ 1273.901156] ? _copy_from_user+0x96/0x100 [ 1273.905324] ? copy_mount_options+0x1fa/0x2f0 [ 1273.909829] ? copy_mnt_ns+0xa30/0xa30 04:29:56 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1273.913728] SyS_mount+0xa8/0x120 [ 1273.917190] ? copy_mnt_ns+0xa30/0xa30 [ 1273.921094] do_syscall_64+0x1d5/0x640 [ 1273.925011] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1273.930219] RIP: 0033:0x45d249 [ 1273.933413] RSP: 002b:00007fe4ec0a8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1273.941131] RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045d249 [ 1273.948405] RDX: 0000000020000380 RSI: 0000000020000080 RDI: 0000000000000000 [ 1273.955684] RBP: 00007fe4ec0a8ca0 R08: 0000000000000000 R09: 0000000000000000 04:29:56 executing program 1: socket(0x10, 0x803, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 04:29:56 executing program 2 (fault-call:3 fault-nth:8): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) 04:29:56 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000240)=ANY=[@ANYBLOB="2efd863b8cad1eef582ec9c9650873cb10f4d981c7e90b5635cd0cceaf9667aa284a81bf70b07173b13a810d6b824339c2ec24f0b46d240e963ae6d906eefcaf80a1e8c004ba3b8edf64a19bb98c64c9e730eb681f2109f5dc1dc08a5d24d6c4bbd0025cc1d175fe3e99"], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = msgget$private(0x0, 0xb0) msgctl$IPC_STAT(r0, 0x2, &(0x7f00000003c0)=""/234) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r1, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) recvfrom(r1, &(0x7f00000004c0)=""/149, 0x95, 0x40000142, &(0x7f0000000000)=@caif=@dgm={0x25, 0x7, 0x8}, 0x80) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1273.962963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1273.970243] R13: 00007ffc71a8c0bf R14: 00007fe4ec0a99c0 R15: 000000000118cf4c [ 1274.068434] netem: unknown loss type 8 [ 1274.072408] netem: change failed [ 1274.080502] netem: unknown loss type 8 [ 1274.085026] netem: change failed 04:29:56 executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x800, 0x100) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) 04:29:56 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1274.110176] FAULT_INJECTION: forcing a failure. [ 1274.110176] name failslab, interval 1, probability 0, space 0, times 0 04:29:56 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000300)='/dev/video1\x00', 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) accept4$bt_l2cap(r1, &(0x7f0000000000), &(0x7f0000000040)=0xe, 0x800) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000240)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff6000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f00000003c0)="5d03ea6d880a0329e4af81ad90c7be2a932a6adb00ee4a01fed080a6e1477168e3c3544ab8e897744f649239a7d826e93a698c9273e9a1ecd721ec45e99a9f6c4130da9ad73b06d6e63a7db302f7663c236e2b62b44261505bcca93ae69e7309fb110f49c2af265de16eecc2b3f5311bf53f3cd86d185a02505e332432a92ebaffdaf570c2b76ece25b74546ee76e476aa65fa549fb1d6c6c1e1134935529dbf03380b0070e4bc844d1acf19d9f81a55cd6b9e47133915c5d4cd42a7d63923a7f10337f4bbe3deeaadd7affcc9", 0xcd, r0}, 0x68) getsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000000c0), 0x10) [ 1274.165477] CPU: 1 PID: 9222 Comm: syz-executor.2 Not tainted 4.14.193-syzkaller #0 [ 1274.173326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1274.182689] Call Trace: [ 1274.185302] dump_stack+0x1b2/0x283 [ 1274.188950] should_fail.cold+0x10a/0x154 [ 1274.193117] should_failslab+0xd6/0x130 [ 1274.197102] __kmalloc+0x2c1/0x400 [ 1274.200649] ? register_shrinker+0x1ab/0x220 [ 1274.205070] register_shrinker+0x1ab/0x220 [ 1274.209315] sget_userns+0x9aa/0xc10 [ 1274.213037] ? kernfs_sop_show_options+0x170/0x170 [ 1274.217985] ? kernfs_sop_show_path+0x190/0x190 [ 1274.222672] kernfs_mount_ns+0xd5/0x770 [ 1274.226664] sysfs_mount+0xa1/0x160 [ 1274.230303] ? sysfs_kill_sb+0x30/0x30 [ 1274.234201] ? __lockdep_init_map+0x100/0x560 [ 1274.238711] mount_fs+0x92/0x2a0 [ 1274.242094] vfs_kern_mount.part.0+0x5b/0x470 [ 1274.246645] do_mount+0xe53/0x2a00 [ 1274.250197] ? lock_acquire+0x170/0x3f0 [ 1274.254183] ? lock_downgrade+0x740/0x740 [ 1274.258343] ? copy_mount_string+0x40/0x40 04:29:56 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1274.262589] ? __might_fault+0x177/0x1b0 [ 1274.266658] ? _copy_from_user+0x96/0x100 [ 1274.270816] ? copy_mount_options+0x1fa/0x2f0 [ 1274.275927] ? copy_mnt_ns+0xa30/0xa30 [ 1274.279843] SyS_mount+0xa8/0x120 [ 1274.283304] ? copy_mnt_ns+0xa30/0xa30 [ 1274.287202] do_syscall_64+0x1d5/0x640 [ 1274.291110] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1274.296306] RIP: 0033:0x45d249 [ 1274.299504] RSP: 002b:00007fe4ec0a8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1274.307224] RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045d249 04:29:56 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x14, &(0x7f0000000080), 0x301) setsockopt$sock_attach_bpf(r2, 0x29, 0x15, &(0x7f0000000000), 0x70db2da734432a8e) ioctl$sock_ifreq(r2, 0x8925, &(0x7f0000000000)={'team0\x00', @ifru_map={0x5, 0x0, 0x2, 0x1, 0x6}}) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') r3 = openat$cgroup_ro(r1, &(0x7f0000000040)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl$TIOCGDEV(r3, 0x80045432, &(0x7f00000000c0)) 04:29:56 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000200)={'nat\x00', 0x0, 0x3, 0x1000, [], 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f00000003c0)=""/4096}, &(0x7f0000000040)=0x78) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 1274.315112] RDX: 0000000020000380 RSI: 0000000020000080 RDI: 0000000000000000 [ 1274.322398] RBP: 00007fe4ec0a8ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1274.329678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 1274.336956] R13: 00007ffc71a8c0bf R14: 00007fe4ec0a99c0 R15: 000000000118cf4c 04:29:56 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='.'], &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00') [ 1274.369032] kasan: CONFIG_KASAN_INLINE enabled [ 1274.378932] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 1274.390271] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 1274.396532] Modules linked in: [ 1274.399733] CPU: 1 PID: 9222 Comm: syz-executor.2 Not tainted 4.14.193-syzkaller #0 [ 1274.407530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1274.417151] task: ffff888094a86300 task.stack: ffff8880293e8000 [ 1274.423320] RIP: 0010:__list_del_entry_valid+0x81/0xef [ 1274.428574] RSP: 0018:ffff8880293efb48 EFLAGS: 00010246 [ 1274.433984] RAX: dffffc0000000000 RBX: 00000000fffffff4 RCX: 0000000000000000 [ 1274.442409] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888096678da0 [ 1274.449666] RBP: ffff888096678d98 R08: 0000000000000000 R09: 0000000000040056 [ 1274.456917] R10: ffff888094a86bb0 R11: ffff888094a86300 R12: 0000000000000000 [ 1274.464172] R13: 0000000000000000 R14: ffff888096678da0 R15: dffffc0000000000 [ 1274.471423] FS: 00007fe4ec0a9700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 [ 1274.480065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1274.485938] CR2: 000000000052a838 CR3: 000000004c602000 CR4: 00000000001406e0 [ 1274.493220] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1274.500494] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1274.507764] Call Trace: [ 1274.510338] kernfs_kill_sb+0x5b/0x1b0 [ 1274.514212] sysfs_kill_sb+0x1e/0x30 [ 1274.517913] deactivate_locked_super+0x6c/0xd0 [ 1274.522476] sget_userns+0x9c4/0xc10 [ 1274.526171] ? kernfs_sop_show_options+0x170/0x170 [ 1274.531107] ? kernfs_sop_show_path+0x190/0x190 [ 1274.535772] kernfs_mount_ns+0xd5/0x770 [ 1274.539737] sysfs_mount+0xa1/0x160 [ 1274.543371] ? sysfs_kill_sb+0x30/0x30 [ 1274.547246] ? __lockdep_init_map+0x100/0x560 [ 1274.552165] mount_fs+0x92/0x2a0 [ 1274.555527] vfs_kern_mount.part.0+0x5b/0x470 [ 1274.560026] do_mount+0xe53/0x2a00 [ 1274.563570] ? lock_acquire+0x170/0x3f0 [ 1274.567554] ? lock_downgrade+0x740/0x740 [ 1274.571712] ? copy_mount_string+0x40/0x40 [ 1274.575947] ? __might_fault+0x177/0x1b0 [ 1274.580007] ? _copy_from_user+0x96/0x100 [ 1274.584148] ? copy_mount_options+0x1fa/0x2f0 [ 1274.588728] ? copy_mnt_ns+0xa30/0xa30 [ 1274.592627] SyS_mount+0xa8/0x120 [ 1274.596102] ? copy_mnt_ns+0xa30/0xa30 [ 1274.599976] do_syscall_64+0x1d5/0x640 [ 1274.603855] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1274.609024] RIP: 0033:0x45d249 [ 1274.612228] RSP: 002b:00007fe4ec0a8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1274.619919] RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045d249 [ 1274.627333] RDX: 0000000020000380 RSI: 0000000020000080 RDI: 0000000000000000 [ 1274.634621] RBP: 00007fe4ec0a8ca0 R08: 0000000000000000 R09: 0000000000000000 [ 1274.641903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 1274.649176] R13: 00007ffc71a8c0bf R14: 00007fe4ec0a99c0 R15: 000000000118cf4c [ 1274.656564] Code: c5 0f 84 df 00 00 00 48 b8 00 02 00 00 00 00 ad de 49 39 c4 0f 84 e0 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 51 49 8b 14 24 48 39 ea 0f 85 97 00 00 00 49 8d [ 1274.675775] RIP: __list_del_entry_valid+0x81/0xef RSP: ffff8880293efb48 [ 1274.683375] ---[ end trace 0f0499b046231472 ]--- [ 1274.688291] Kernel panic - not syncing: Fatal exception [ 1274.695149] Kernel Offset: disabled [ 1274.698769] Rebooting in 86400 seconds..