0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

01:45:28 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:28 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

01:45:28 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1830.092246] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[ 1830.122207] ip_tables: iptables: counters copy to user failed while replacing table
01:45:28 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:28 executing program 2 (fault-call:9 fault-nth:0):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1830.566281] FAULT_INJECTION: forcing a failure.
[ 1830.566281] name failslab, interval 1, probability 0, space 0, times 0
[ 1830.593981] CPU: 0 PID: 3376 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1830.603138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1830.612522] Call Trace:
[ 1830.615152]  dump_stack+0x13e/0x194
[ 1830.618903]  should_fail.cold+0x10a/0x14b
[ 1830.623093]  should_failslab+0xd6/0x130
[ 1830.629269]  kmem_cache_alloc+0x2b5/0x770
[ 1830.633813]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1830.638947]  mmu_topup_memory_caches+0x83/0x300
[ 1830.643840]  kvm_mmu_load+0x1e/0xd00
[ 1830.647692]  ? vcpu_enter_guest+0x1c94/0x5240
[ 1830.652220]  ? __sanitizer_cov_trace_pc+0x23/0x50
[ 1830.659055]  vcpu_enter_guest+0x2eb9/0x5240
[ 1830.663419]  ? save_trace+0x290/0x290
[ 1830.667248]  ? check_preemption_disabled+0x35/0x240
[ 1830.672291]  ? emulator_read_emulated+0x40/0x40
[ 1830.677194]  ? lock_acquire+0x170/0x3f0
[ 1830.681285]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1830.686286]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1830.691237]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1830.696189]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1830.700974]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1830.705027]  ? kvm_vcpu_block+0xb70/0xb70
[ 1830.709205]  ? trace_hardirqs_on+0x10/0x10
[ 1830.713577]  ? retint_kernel+0x2d/0x2d
[ 1830.717494]  ? retint_kernel+0x2d/0x2d
[ 1830.721400]  ? save_trace+0x290/0x290
[ 1830.725320]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1830.730901]  ? retint_kernel+0x2d/0x2d
[ 1830.735097]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1830.740154]  ? kvm_vcpu_block+0xb70/0xb70
[ 1830.744345]  do_vfs_ioctl+0x75a/0xfe0
[ 1830.748167]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1830.752944]  ? check_preemption_disabled+0x35/0x240
[ 1830.757997]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1830.762446]  ? security_file_ioctl+0x76/0xb0
[ 1830.766905]  ? security_file_ioctl+0x83/0xb0
[ 1830.771349]  SyS_ioctl+0x7f/0xb0
[ 1830.774740]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1830.778749]  do_syscall_64+0x1d5/0x640
[ 1830.782665]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1830.787881] RIP: 0033:0x45c849
[ 1830.791640] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1830.799629] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1830.806921] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1830.814220] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1830.821509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1830.828832] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000000
[ 1830.863857] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1830.885265] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1830.938778] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1830.948304] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1830.967626] device bridge_slave_1 left promiscuous mode
[ 1830.977870] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1831.028716] device bridge_slave_0 left promiscuous mode
[ 1831.037883] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1831.094878] device veth1_macvtap left promiscuous mode
[ 1831.100318] device veth0_macvtap left promiscuous mode
[ 1831.105884] device veth1_vlan left promiscuous mode
[ 1831.111073] device veth0_vlan left promiscuous mode
[ 1831.258016] device hsr_slave_1 left promiscuous mode
[ 1831.318594] device hsr_slave_0 left promiscuous mode
[ 1831.376157] team0 (unregistering): Port device team_slave_1 removed
[ 1831.387967] team0 (unregistering): Port device team_slave_0 removed
[ 1831.401238] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1831.429131] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1831.496239] bond0 (unregistering): Released all slaves
[ 1833.331419] IPVS: ftp: loaded support on port[0] = 21
[ 1834.160573] chnl_net:caif_netlink_parms(): no params data found
[ 1834.236372] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1834.243580] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1834.254160] device bridge_slave_0 entered promiscuous mode
[ 1834.262159] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1834.269252] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1834.279454] device bridge_slave_1 entered promiscuous mode
[ 1834.304704] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1834.315493] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 1834.340190] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 1834.347933] team0: Port device team_slave_0 added
[ 1834.354681] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 1834.362858] team0: Port device team_slave_1 added
[ 1834.385877] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1834.392240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1834.418276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1834.430713] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1834.437581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1834.463381] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1834.477959] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 1834.486572] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 1834.555858] device hsr_slave_0 entered promiscuous mode
[ 1834.601533] device hsr_slave_1 entered promiscuous mode
[ 1834.642697] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 1834.650685] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 1834.751364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1834.758863] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1834.765607] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1834.772140] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1834.823976] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 1834.830116] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1834.840915] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 1834.852649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1834.860197] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1834.867572] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1834.880863] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 1834.887264] 8021q: adding VLAN 0 to HW filter on device team0
[ 1834.899112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1834.906933] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1834.913516] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1834.925727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1834.934651] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1834.941848] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1834.964688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1834.974421] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1834.986224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1835.006708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1835.015399] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1835.031871] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 1835.039141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1835.060652] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[ 1835.069203] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1835.077989] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1835.092798] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1835.156009] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1835.179774] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[ 1835.191413] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready
[ 1835.199139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1835.207802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1835.249371] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[ 1835.258484] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[ 1835.265618] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[ 1835.277751] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready
[ 1835.284683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1835.293134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1835.301966] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1835.309455] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1835.320290] device veth0_vlan entered promiscuous mode
[ 1835.333894] device veth1_vlan entered promiscuous mode
[ 1835.341963] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[ 1835.354032] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[ 1835.371481] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[ 1835.383509] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
[ 1835.392055] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1835.400196] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1835.407561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1835.415706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1835.427248] device veth0_macvtap entered promiscuous mode
[ 1835.434128] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[ 1835.445674] device veth1_macvtap entered promiscuous mode
[ 1835.452594] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
[ 1835.463857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[ 1835.474562] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[ 1835.486330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 1835.496664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.506197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 1835.516463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.525703] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 1835.535541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.544808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 1835.554929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.564279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 1835.574125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.583333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 1835.593266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.605034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 1835.615059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.626129] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[ 1835.633842] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1835.659049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 1835.669093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.678465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 1835.688349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.697797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 1835.707577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.716987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 1835.726985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.736402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 1835.746249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.755795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 1835.766034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.775939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 1835.785902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.795564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 1835.805838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1835.817796] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[ 1835.825367] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1835.832987] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1835.840525] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1835.848939] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1835.858239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1835.867484] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1835.876132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
01:45:35 executing program 0:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:45:35 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:35 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:35 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:35 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = getpid()
rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f00000000c0))
ptrace(0x10, r4)
ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000000))
ptrace$setregs(0xf, r4, 0x0, &(0x7f00000002c0)="6ffecad8b1")
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:35 executing program 2 (fault-call:9 fault-nth:1):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:35 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1837.403543] ip_tables: iptables: counters copy to user failed while replacing table
[ 1837.497597] FAULT_INJECTION: forcing a failure.
[ 1837.497597] name failslab, interval 1, probability 0, space 0, times 0
01:45:35 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1837.587514] CPU: 1 PID: 3445 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1837.595529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1837.605155] Call Trace:
[ 1837.607763]  dump_stack+0x13e/0x194
[ 1837.611418]  should_fail.cold+0x10a/0x14b
[ 1837.615784]  should_failslab+0xd6/0x130
[ 1837.619804]  kmem_cache_alloc+0x2b5/0x770
[ 1837.623990]  ? retint_kernel+0x2d/0x2d
[ 1837.628042]  mmu_topup_memory_caches+0x83/0x300
[ 1837.632745]  kvm_mmu_load+0x1e/0xd00
[ 1837.636631]  ? vmx_inject_nmi+0xb0/0x1e0
[ 1837.640876]  ? vmx_inject_nmi+0x125/0x1e0
[ 1837.645066]  vcpu_enter_guest+0x2eb9/0x5240
[ 1837.649594]  ? emulator_read_emulated+0x40/0x40
[ 1837.655716]  ? lock_acquire+0x170/0x3f0
[ 1837.659914]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1837.665680]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1837.670730]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1837.676224]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1837.681892]  kvm_vcpu_ioctl+0x3df/0xc70
01:45:35 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1837.686696]  ? kvm_vcpu_block+0xb70/0xb70
[ 1837.690869]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1837.695851]  ? check_preemption_disabled+0x35/0x240
[ 1837.700975]  ? retint_kernel+0x2d/0x2d
[ 1837.704983]  ? kvm_vcpu_block+0xb70/0xb70
[ 1837.709201]  ? kvm_vcpu_block+0xb70/0xb70
[ 1837.713346]  do_vfs_ioctl+0x75a/0xfe0
[ 1837.717145]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1837.721887]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1837.726292]  ? security_file_ioctl+0x76/0xb0
[ 1837.730895]  ? security_file_ioctl+0x83/0xb0
[ 1837.735484]  SyS_ioctl+0x7f/0xb0
[ 1837.738838]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1837.742823]  do_syscall_64+0x1d5/0x640
[ 1837.746898]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1837.753305] RIP: 0033:0x45c849
[ 1837.756631] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1837.764627] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1837.772683] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1837.779959] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
01:45:36 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:36 executing program 2 (fault-call:9 fault-nth:2):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1837.787365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1837.794629] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000001
01:45:36 executing program 0:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000002900)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40000103, 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00')
preadv(r4, &(0x7f00000017c0), 0x1a0, 0xf0ffff)

01:45:36 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1837.964991] FAULT_INJECTION: forcing a failure.
[ 1837.964991] name failslab, interval 1, probability 0, space 0, times 0
[ 1838.066255] CPU: 1 PID: 3461 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1838.074123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1838.083540] Call Trace:
[ 1838.086163]  dump_stack+0x13e/0x194
[ 1838.089832]  should_fail.cold+0x10a/0x14b
[ 1838.094016]  should_failslab+0xd6/0x130
[ 1838.098015]  kmem_cache_alloc+0x2b5/0x770
[ 1838.102556]  mmu_topup_memory_caches+0x83/0x300
[ 1838.109357]  kvm_mmu_load+0x1e/0xd00
[ 1838.113826]  ? vmx_inject_nmi+0xb0/0x1e0
[ 1838.117927]  ? vmx_inject_nmi+0x125/0x1e0
[ 1838.122559]  vcpu_enter_guest+0x2eb9/0x5240
[ 1838.128028]  ? save_trace+0x290/0x290
[ 1838.132044]  ? retint_kernel+0x2d/0x2d
[ 1838.135979]  ? emulator_read_emulated+0x40/0x40
[ 1838.140789]  ? lock_acquire+0x170/0x3f0
[ 1838.144826]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1838.149841]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1838.154965]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1838.160121]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1838.165946]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1838.170134]  ? retint_kernel+0x2d/0x2d
[ 1838.174145]  ? kvm_vcpu_block+0xb70/0xb70
[ 1838.178333]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1838.183399]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1838.188275]  ? check_preemption_disabled+0x35/0x240
[ 1838.193351]  ? retint_kernel+0x2d/0x2d
[ 1838.197276]  ? __fget+0x201/0x360
[ 1838.200764]  ? kvm_vcpu_block+0xb70/0xb70
[ 1838.205029]  do_vfs_ioctl+0x75a/0xfe0
[ 1838.208848]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1838.213626]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1838.218069]  ? security_file_ioctl+0x76/0xb0
[ 1838.222478]  ? security_file_ioctl+0x83/0xb0
[ 1838.226888]  SyS_ioctl+0x7f/0xb0
[ 1838.230257]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1838.234236]  do_syscall_64+0x1d5/0x640
[ 1838.238129]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1838.243487] RIP: 0033:0x45c849
[ 1838.246672] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1838.254381] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
01:45:36 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = getpid()
rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f00000000c0))
ptrace(0x10, r4)
ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000000))
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:36 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1838.261749] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1838.269291] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1838.277079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1838.284363] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000002
01:45:36 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:36 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
dup2(0xffffffffffffffff, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:36 executing program 2 (fault-call:9 fault-nth:3):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:36 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1838.601143] FAULT_INJECTION: forcing a failure.
[ 1838.601143] name failslab, interval 1, probability 0, space 0, times 0
[ 1838.603309] ip_tables: iptables: counters copy to user failed while replacing table
[ 1838.613945] CPU: 1 PID: 3482 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1838.629317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1838.638701] Call Trace:
[ 1838.641344]  dump_stack+0x13e/0x194
[ 1838.644994]  should_fail.cold+0x10a/0x14b
[ 1838.649155]  should_failslab+0xd6/0x130
[ 1838.653138]  kmem_cache_alloc+0x2b5/0x770
[ 1838.657317]  mmu_topup_memory_caches+0x83/0x300
[ 1838.662013]  kvm_mmu_load+0x1e/0xd00
[ 1838.665742]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1838.670604]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1838.675379]  ? vcpu_enter_guest+0x3813/0x5240
[ 1838.679912]  vcpu_enter_guest+0x2eb9/0x5240
[ 1838.684281]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1838.689327]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1838.694114]  ? emulator_read_emulated+0x40/0x40
[ 1838.698806]  ? lock_acquire+0x170/0x3f0
[ 1838.702816]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1838.707776]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1838.712733]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1838.717708]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1838.722854]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1838.726980]  ? kvm_vcpu_block+0xb70/0xb70
[ 1838.731166]  ? trace_hardirqs_on+0x10/0x10
[ 1838.735538]  ? mark_held_locks+0xa6/0xf0
[ 1838.739792]  ? save_trace+0x290/0x290
[ 1838.743614]  ? SyS_write+0x1b7/0x210
[ 1838.747490]  ? kvm_vcpu_block+0xb70/0xb70
[ 1838.752642]  do_vfs_ioctl+0x75a/0xfe0
[ 1838.756673]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1838.761453]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1838.765890]  ? security_file_ioctl+0x76/0xb0
[ 1838.770310]  ? security_file_ioctl+0x83/0xb0
[ 1838.774734]  SyS_ioctl+0x7f/0xb0
[ 1838.778090]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1838.782098]  do_syscall_64+0x1d5/0x640
[ 1838.785981]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1838.791853] RIP: 0033:0x45c849
01:45:37 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:37 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
dup2(0xffffffffffffffff, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1838.795033] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1838.802733] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1838.810079] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1838.817356] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1838.824615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1838.831875] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000003
01:45:37 executing program 2 (fault-call:9 fault-nth:4):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:37 executing program 0:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0)
getpid()
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002900)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40000103, 0x0)
pipe(&(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x41395527)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00')
preadv(r2, &(0x7f00000017c0), 0x1a0, 0xf0ffff)

01:45:37 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
dup2(0xffffffffffffffff, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1839.047181] FAULT_INJECTION: forcing a failure.
[ 1839.047181] name failslab, interval 1, probability 0, space 0, times 0
[ 1839.060621] CPU: 0 PID: 3496 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1839.068437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1839.077807] Call Trace:
[ 1839.080430]  dump_stack+0x13e/0x194
[ 1839.084099]  should_fail.cold+0x10a/0x14b
[ 1839.088286]  should_failslab+0xd6/0x130
[ 1839.092274]  kmem_cache_alloc+0x2b5/0x770
[ 1839.096460]  mmu_topup_memory_caches+0x83/0x300
[ 1839.101158]  kvm_mmu_load+0x1e/0xd00
[ 1839.105536]  ? vcpu_enter_guest+0x2eb1/0x5240
[ 1839.110075]  vcpu_enter_guest+0x2eb9/0x5240
[ 1839.114432]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1839.119228]  ? check_preemption_disabled+0x35/0x240
[ 1839.126706]  ? emulator_read_emulated+0x40/0x40
[ 1839.131400]  ? lock_acquire+0x170/0x3f0
[ 1839.135394]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1839.140352]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1839.145283]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1839.150214]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1839.154963]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1839.158937]  ? kvm_vcpu_block+0xb70/0xb70
[ 1839.163106]  ? trace_hardirqs_on+0x10/0x10
[ 1839.167358]  ? __lock_is_held+0xad/0x140
[ 1839.171439]  ? save_trace+0x290/0x290
[ 1839.175443]  ? SyS_write+0x1b7/0x210
[ 1839.179160]  ? retint_kernel+0x2d/0x2d
[ 1839.183055]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1839.188194]  ? kvm_vcpu_block+0xb70/0xb70
[ 1839.192462]  do_vfs_ioctl+0x75a/0xfe0
[ 1839.196289]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1839.201052]  ? check_preemption_disabled+0x35/0x240
[ 1839.206081]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1839.210533]  ? security_file_ioctl+0x76/0xb0
[ 1839.215553]  ? security_file_ioctl+0x83/0xb0
[ 1839.219971]  SyS_ioctl+0x7f/0xb0
[ 1839.223342]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1839.227372]  do_syscall_64+0x1d5/0x640
[ 1839.231284]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1839.236483] RIP: 0033:0x45c849
[ 1839.239670] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01:45:37 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1839.247417] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1839.254705] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1839.261987] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1839.269267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1839.277233] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000004
01:45:37 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = getpid()
rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f00000000c0))
ptrace(0x10, r4)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:37 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:37 executing program 2 (fault-call:9 fault-nth:5):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:37 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write$binfmt_misc(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0200ffff070000000000f28600cd1c32ffcd3b3342e0ca1692802ce39d7e98c9f17db7f95b52dcf519f0d879fec9e8db94bca06420804295f9e74e239d730473f47bfa47e1de324626b2ea6cdcda905e139435698a046109910d040000000000000062fd70a4d1e82df3c48aff8e7a898c24b4b83d89509453782d04c2c5161fd3a69dcfeb0e0000000000008fb8992446cf59137af5b43dce7b01d25c14cb61c43f8774b7b66006d0f9165fd232f177b7ecd6eab562a89cfff73acabbaf6d2ef9c49c7d6312b58ee691532cd8710cf727756fc4b4c298a3c929ca08b6786f92c2880961e52306b4073f265fca83a328dbb595bdfade394484c3c81c828fc8aa142fb65b063eb3d6c4b15a672e02000000dc2f095c63dfb8080000007af4425a68aa1bb58cf2645ff50932502b306d327c791ea26299cc0900f024c8e512ec26f9c7f6ea5783cc6698447a9c955f2f4fd4f7e5dbd355c057457ebcb4f8a2a0a838b4cba4d9d18a87f15d3c1c4e7e5c2b2fce99354eff944755c49d779f1151af00130f4107f4651632b5606399a576c16233f329a52edc65f5b92a98f799c209d3338a7ff56b080d4b5a49fc46b883d8b0ebf062fa6e360fb169e21c9ff5b651ca8d55ca1c541d80d093a3ba1259724e90e172441bc6729db05a68480c287df98713465e3618f51616f72c92bf5188ae67b88ea84bed0f853aef59211a086e9edcd7b16dece1a0ac5cd3c7cd12d30e2ecc53357d065221c7bb9a180a65004f26bd29f62217decbd63850c5bcd47f99cf8fe0"], 0xd)

[ 1839.580211] ip_tables: iptables: counters copy to user failed while replacing table
01:45:37 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
dup2(0xffffffffffffffff, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1839.638449] FAULT_INJECTION: forcing a failure.
[ 1839.638449] name failslab, interval 1, probability 0, space 0, times 0
01:45:37 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1839.693941] CPU: 0 PID: 3514 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1839.701925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1839.711302] Call Trace:
[ 1839.713936]  dump_stack+0x13e/0x194
[ 1839.717596]  should_fail.cold+0x10a/0x14b
[ 1839.721775]  should_failslab+0xd6/0x130
[ 1839.725780]  kmem_cache_alloc+0x2b5/0x770
[ 1839.729955]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1839.734769]  mmu_topup_memory_caches+0x83/0x300
[ 1839.739470]  kvm_mmu_load+0x1e/0xd00
01:45:38 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1839.743214]  ? vmx_inject_nmi+0xb0/0x1e0
[ 1839.747302]  ? vmx_inject_nmi+0x133/0x1e0
[ 1839.751473]  vcpu_enter_guest+0x2eb9/0x5240
[ 1839.755926]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1839.760940]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1839.765707]  ? emulator_read_emulated+0x40/0x40
[ 1839.770688]  ? lock_acquire+0x170/0x3f0
[ 1839.774706]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1839.779678]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1839.784624]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1839.789565]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1839.794449]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1839.798458]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1839.803526]  ? kvm_vcpu_block+0xb70/0xb70
[ 1839.807748]  ? check_preemption_disabled+0x35/0x240
[ 1839.812816]  ? retint_kernel+0x2d/0x2d
[ 1839.816749]  ? selinux_file_ioctl+0x19a/0x560
[ 1839.821267]  ? selinux_file_ioctl+0x1ca/0x560
[ 1839.825749]  ? kvm_vcpu_block+0xb70/0xb70
[ 1839.829901]  do_vfs_ioctl+0x75a/0xfe0
[ 1839.833711]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1839.838497]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1839.843056]  ? security_file_ioctl+0x76/0xb0
[ 1839.847480]  ? security_file_ioctl+0x83/0xb0
[ 1839.852015]  SyS_ioctl+0x7f/0xb0
[ 1839.855422]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1839.859620]  do_syscall_64+0x1d5/0x640
[ 1839.863666]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1839.868856] RIP: 0033:0x45c849
[ 1839.872031] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1839.880703] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1839.888088] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1839.895352] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1839.902609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1839.909875] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000005
01:45:38 executing program 2 (fault-call:9 fault-nth:6):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:38 executing program 0:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/nf_conntrack_expect\x00')
preadv(r0, &(0x7f00000017c0), 0x1b4, 0x0)

[ 1840.211892] FAULT_INJECTION: forcing a failure.
[ 1840.211892] name failslab, interval 1, probability 0, space 0, times 0
01:45:38 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:38 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = getpid()
rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f00000000c0))
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[ 1840.361513] CPU: 1 PID: 3537 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1840.369848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1840.379324] Call Trace:
[ 1840.381939]  dump_stack+0x13e/0x194
[ 1840.385832]  should_fail.cold+0x10a/0x14b
[ 1840.390030]  should_failslab+0xd6/0x130
[ 1840.394032]  kmem_cache_alloc+0x2b5/0x770
[ 1840.404385]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1840.409432]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1840.414324]  mmu_topup_memory_caches+0x83/0x300
[ 1840.419020]  ? retint_kernel+0x2d/0x2d
[ 1840.422940]  kvm_mmu_load+0x1e/0xd00
[ 1840.426688]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1840.431597]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1840.436397]  ? vcpu_enter_guest+0x422/0x5240
[ 1840.440970]  vcpu_enter_guest+0x2eb9/0x5240
[ 1840.445465]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1840.450527]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1840.455318]  ? emulator_read_emulated+0x40/0x40
[ 1840.460034]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1840.464995]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1840.469872]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1840.473867]  ? kvm_vcpu_block+0xb70/0xb70
[ 1840.478033]  ? trace_hardirqs_on+0x10/0x10
[ 1840.482424]  ? mark_held_locks+0xa6/0xf0
[ 1840.486534]  ? save_trace+0x290/0x290
[ 1840.490374]  ? SyS_write+0x1b7/0x210
[ 1840.494287]  ? kvm_vcpu_block+0xb70/0xb70
[ 1840.503936]  do_vfs_ioctl+0x75a/0xfe0
01:45:38 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1840.507786]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1840.512576]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1840.517033]  ? security_file_ioctl+0x76/0xb0
[ 1840.521492]  ? security_file_ioctl+0x83/0xb0
[ 1840.525926]  SyS_ioctl+0x7f/0xb0
[ 1840.529542]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1840.533703]  do_syscall_64+0x1d5/0x640
[ 1840.537612]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1840.542803] RIP: 0033:0x45c849
[ 1840.545981] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1840.554407] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
01:45:38 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
dup2(0xffffffffffffffff, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:38 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
dup2(0xffffffffffffffff, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:38 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x40000000011, r3, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1840.562028] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1840.569296] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1840.576596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1840.583866] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000006
[ 1840.591795] ip_tables: iptables: counters copy to user failed while replacing table
01:45:38 executing program 2 (fault-call:9 fault-nth:7):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:39 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
dup2(0xffffffffffffffff, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1840.967846] FAULT_INJECTION: forcing a failure.
[ 1840.967846] name failslab, interval 1, probability 0, space 0, times 0
[ 1841.016790] CPU: 0 PID: 3564 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1841.024763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1841.034150] Call Trace:
[ 1841.036776]  dump_stack+0x13e/0x194
[ 1841.040427]  should_fail.cold+0x10a/0x14b
[ 1841.044711]  should_failslab+0xd6/0x130
[ 1841.048712]  kmem_cache_alloc+0x2b5/0x770
[ 1841.052886]  ? check_preemption_disabled+0x35/0x240
[ 1841.057934]  mmu_topup_memory_caches+0x83/0x300
[ 1841.062647]  kvm_mmu_load+0x1e/0xd00
[ 1841.066389]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1841.071261]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1841.076161]  ? vmx_get_nmi_mask+0x29/0xa0
[ 1841.080323]  vcpu_enter_guest+0x2eb9/0x5240
[ 1841.084657]  ? retint_kernel+0x2d/0x2d
[ 1841.088574]  ? emulator_read_emulated+0x40/0x40
[ 1841.093276]  ? lock_acquire+0x1ec/0x3f0
[ 1841.097274]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1841.102223]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1841.107172]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1841.111944]  kvm_vcpu_ioctl+0x3df/0xc70
01:45:39 executing program 0:
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e0000001c008105e00f80ecdb4cb9f207a07e4f1e00000002006cfb0a000200b683d29fb4dc49e96c0742105032", 0x2e}], 0x1}, 0x0)

[ 1841.116659]  ? kvm_vcpu_block+0xb70/0xb70
[ 1841.120828]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1841.125608]  ? check_preemption_disabled+0x35/0x240
[ 1841.130628]  ? retint_kernel+0x2d/0x2d
[ 1841.134642]  ? do_vfs_ioctl+0x76/0xfe0
[ 1841.138567]  ? kvm_vcpu_block+0xb70/0xb70
[ 1841.142728]  do_vfs_ioctl+0x75a/0xfe0
[ 1841.146642]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1841.151414]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1841.155858]  ? security_file_ioctl+0x76/0xb0
[ 1841.160272]  ? security_file_ioctl+0x83/0xb0
[ 1841.164674]  SyS_ioctl+0x7f/0xb0
[ 1841.168044]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1841.172012]  do_syscall_64+0x1d5/0x640
[ 1841.175912]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1841.181255] RIP: 0033:0x45c849
[ 1841.184450] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1841.192261] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1841.199558] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1841.206844] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
01:45:39 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
dup2(0xffffffffffffffff, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:39 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r4, 0xffffffffffffffff)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1841.214407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1841.222073] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000007
01:45:39 executing program 2 (fault-call:9 fault-nth:8):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:39 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getpid()
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[ 1841.342112] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'.
01:45:39 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
socket$inet6(0xa, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0)
r1 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x1)
dup2(r1, r0)

01:45:39 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r4, 0xffffffffffffffff)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1841.597807] ip_tables: iptables: counters copy to user failed while replacing table
[ 1841.622315] FAULT_INJECTION: forcing a failure.
[ 1841.622315] name failslab, interval 1, probability 0, space 0, times 0
[ 1841.644404] CPU: 1 PID: 3584 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1841.652371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1841.661743] Call Trace:
[ 1841.664383]  dump_stack+0x13e/0x194
[ 1841.668060]  should_fail.cold+0x10a/0x14b
[ 1841.672271]  should_failslab+0xd6/0x130
[ 1841.676278]  kmem_cache_alloc+0x2b5/0x770
[ 1841.680456]  ? retint_kernel+0x2d/0x2d
[ 1841.684375]  mmu_topup_memory_caches+0x83/0x300
[ 1841.689082]  ? vmx_get_nmi_mask.part.0+0x6e/0xf0
[ 1841.694221]  kvm_mmu_load+0x1e/0xd00
[ 1841.697966]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1841.702836]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1841.707623]  ? vmx_get_nmi_mask+0x29/0xa0
[ 1841.711806]  vcpu_enter_guest+0x2eb9/0x5240
[ 1841.716173]  ? save_trace+0x290/0x290
[ 1841.719999]  ? check_preemption_disabled+0x35/0x240
[ 1841.725067]  ? emulator_read_emulated+0x40/0x40
[ 1841.729763]  ? lock_acquire+0x170/0x3f0
[ 1841.733818]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1841.738781]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1841.743736]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1841.748687]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1841.753484]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1841.757500]  ? kvm_vcpu_block+0xb70/0xb70
[ 1841.761781]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1841.766598]  ? check_preemption_disabled+0x35/0x240
[ 1841.771651]  ? retint_kernel+0x2d/0x2d
[ 1841.775587]  ? do_vfs_ioctl+0x76/0xfe0
[ 1841.779529]  ? kvm_vcpu_block+0xb70/0xb70
[ 1841.783687]  do_vfs_ioctl+0x75a/0xfe0
[ 1841.787499]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1841.792263]  ? ioctl_preallocate+0x1a0/0x1a0
01:45:39 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:39 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
dup2(0xffffffffffffffff, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:40 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r4, 0xffffffffffffffff)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1841.796707]  ? security_file_ioctl+0x76/0xb0
[ 1841.801129]  ? security_file_ioctl+0x83/0xb0
[ 1841.805704]  SyS_ioctl+0x7f/0xb0
[ 1841.809456]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1841.813466]  do_syscall_64+0x1d5/0x640
[ 1841.817379]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1841.822582] RIP: 0033:0x45c849
[ 1841.825924] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1841.833722] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1841.841441] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1841.848955] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1841.857116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1841.865449] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000008
01:45:40 executing program 2 (fault-call:9 fault-nth:9):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:40 executing program 0:
mmap(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x3, 0x8972, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
mremap(&(0x7f0000a94000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000a90000/0x4000)=nil)
ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, &(0x7f0000b1d000)={&(0x7f0000a92000/0x3000)=nil, 0x20000003, 0x0, 0x0, &(0x7f0000a90000/0x2000)=nil})
mprotect(&(0x7f0000b1d000/0x2000)=nil, 0x2000, 0x5)
vmsplice(r0, &(0x7f0000b1d000)=[{0x0}], 0x1, 0x0)

[ 1842.120527] FAULT_INJECTION: forcing a failure.
[ 1842.120527] name failslab, interval 1, probability 0, space 0, times 0
01:45:40 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:40 executing program 0:
getpid()
recvmmsg(0xffffffffffffffff, &(0x7f0000002900)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40000103, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00')
preadv(r0, &(0x7f00000017c0), 0x1a0, 0xf0ffff)

[ 1842.271176] CPU: 0 PID: 3608 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1842.279049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1842.288428] Call Trace:
[ 1842.291047]  dump_stack+0x13e/0x194
[ 1842.294703]  should_fail.cold+0x10a/0x14b
[ 1842.298880]  should_failslab+0xd6/0x130
[ 1842.302883]  kmem_cache_alloc+0x2b5/0x770
[ 1842.307068]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1842.311856]  mmu_topup_memory_caches+0x83/0x300
[ 1842.316589]  kvm_mmu_load+0x1e/0xd00
01:45:40 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1842.320364]  ? vmx_inject_nmi+0xc/0x1e0
[ 1842.324976]  ? vmx_inject_nmi+0x24/0x1e0
[ 1842.329064]  vcpu_enter_guest+0x2eb9/0x5240
[ 1842.333409]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1842.338242]  ? check_preemption_disabled+0x35/0x240
[ 1842.343907]  ? emulator_read_emulated+0x40/0x40
[ 1842.348614]  ? lock_acquire+0x170/0x3f0
[ 1842.352609]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1842.357601]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1842.363499]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1842.368449]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1842.373217]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1842.377192]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1842.382360]  ? kvm_vcpu_block+0xb70/0xb70
[ 1842.387207]  ? check_preemption_disabled+0x35/0x240
[ 1842.392239]  ? retint_kernel+0x2d/0x2d
[ 1842.396161]  ? selinux_file_ioctl+0x2b8/0x560
[ 1842.400739]  ? kvm_vcpu_block+0xb70/0xb70
[ 1842.405150]  do_vfs_ioctl+0x75a/0xfe0
[ 1842.409686]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1842.414461]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1842.418899]  ? check_preemption_disabled+0x35/0x240
[ 1842.424003]  ? swapgs_restore_regs_and_return_to_usermode+0x6/0x40
[ 1842.430904]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1842.435407]  ? security_file_ioctl+0x76/0xb0
[ 1842.440214]  ? security_file_ioctl+0x83/0xb0
[ 1842.444636]  SyS_ioctl+0x7f/0xb0
[ 1842.448001]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1842.452111]  do_syscall_64+0x1d5/0x640
[ 1842.456363]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1842.461578] RIP: 0033:0x45c849
[ 1842.464765] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01:45:40 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:40 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[ 1842.472668] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1842.479933] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1842.487702] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1842.495112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1842.502494] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000009
01:45:40 executing program 2 (fault-call:9 fault-nth:10):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:40 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1842.752683] FAULT_INJECTION: forcing a failure.
[ 1842.752683] name failslab, interval 1, probability 0, space 0, times 0
[ 1842.766865] ip_tables: iptables: counters copy to user failed while replacing table
[ 1842.775264] CPU: 1 PID: 3628 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1842.789529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1842.798995] Call Trace:
[ 1842.801622]  dump_stack+0x13e/0x194
[ 1842.805277]  should_fail.cold+0x10a/0x14b
[ 1842.809457]  should_failslab+0xd6/0x130
[ 1842.813456]  kmem_cache_alloc+0x2b5/0x770
[ 1842.817617]  ? retint_kernel+0x2d/0x2d
[ 1842.821513]  mmu_topup_memory_caches+0x83/0x300
[ 1842.826216]  kvm_mmu_load+0x1e/0xd00
[ 1842.829963]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1842.834995]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1842.841783]  ? vcpu_enter_guest+0x3c2/0x5240
[ 1842.846224]  vcpu_enter_guest+0x2eb9/0x5240
[ 1842.855112]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1842.860167]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1842.864945]  ? emulator_read_emulated+0x40/0x40
[ 1842.869634]  ? lock_acquire+0x170/0x3f0
[ 1842.873803]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1842.878779]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1842.883754]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1842.888703]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1842.893489]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1842.897604]  ? kvm_vcpu_block+0xb70/0xb70
01:45:41 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:41 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:41 executing program 0:
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/fib_trie\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f00000017c0), 0x3da, 0x0)

[ 1842.901764]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1842.906663]  ? check_preemption_disabled+0x35/0x240
[ 1842.911925]  ? retint_kernel+0x2d/0x2d
[ 1842.916555]  ? kvm_vcpu_block+0xb70/0xb70
[ 1842.920737]  ? kvm_vcpu_block+0xb70/0xb70
[ 1842.925693]  do_vfs_ioctl+0x75a/0xfe0
[ 1842.929514]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1842.934305]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1842.938839]  ? security_file_ioctl+0x76/0xb0
[ 1842.943394]  ? security_file_ioctl+0x83/0xb0
[ 1842.947831]  SyS_ioctl+0x7f/0xb0
[ 1842.951194]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1842.955349]  do_syscall_64+0x1d5/0x640
[ 1842.959242]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1842.964567] RIP: 0033:0x45c849
[ 1842.967748] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1842.976093] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1842.983362] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1842.990632] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1842.997918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1843.005184] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000a
01:45:41 executing program 2 (fault-call:9 fault-nth:11):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:41 executing program 0:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000002900)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40000103, 0x0)
pipe(&(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
bind(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00')
preadv(r4, &(0x7f00000017c0), 0x1a0, 0xf0ffff)

01:45:41 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:41 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1843.390558] FAULT_INJECTION: forcing a failure.
[ 1843.390558] name failslab, interval 1, probability 0, space 0, times 0
[ 1843.456386] CPU: 1 PID: 3644 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1843.465236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1843.474607] Call Trace:
[ 1843.477214]  dump_stack+0x13e/0x194
[ 1843.480867]  should_fail.cold+0x10a/0x14b
[ 1843.485050]  should_failslab+0xd6/0x130
[ 1843.489039]  kmem_cache_alloc+0x2b5/0x770
[ 1843.493194]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1843.497979]  mmu_topup_memory_caches+0x83/0x300
[ 1843.502686]  kvm_mmu_load+0x1e/0xd00
[ 1843.506452]  ? kvm_cpu_has_injectable_intr+0x113/0x180
[ 1843.511901]  ? __sanitizer_cov_trace_pc+0x4a/0x50
[ 1843.516771]  vcpu_enter_guest+0x2eb9/0x5240
[ 1843.522149]  ? save_trace+0x290/0x290
[ 1843.526396]  ? check_preemption_disabled+0x35/0x240
[ 1843.531625]  ? emulator_read_emulated+0x40/0x40
[ 1843.536320]  ? lock_acquire+0x170/0x3f0
[ 1843.540308]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1843.545250]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1843.550188]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1843.555135]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1843.559912]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1843.564678]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1843.569706]  ? kvm_vcpu_block+0xb70/0xb70
[ 1843.573872]  ? check_preemption_disabled+0x35/0x240
[ 1843.578926]  ? retint_kernel+0x2d/0x2d
[ 1843.582845]  ? selinux_file_ioctl+0x2d0/0x560
[ 1843.587364]  ? kvm_vcpu_block+0xb70/0xb70
[ 1843.591541]  do_vfs_ioctl+0x75a/0xfe0
[ 1843.595360]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1843.600141]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1843.605698]  ? security_file_ioctl+0x76/0xb0
[ 1843.610118]  ? security_file_ioctl+0x83/0xb0
[ 1843.614531]  SyS_ioctl+0x7f/0xb0
[ 1843.618288]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1843.622256]  do_syscall_64+0x1d5/0x640
[ 1843.626158]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1843.631444] RIP: 0033:0x45c849
[ 1843.634625] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1843.642468] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1843.649752] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1843.657151] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1843.664448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1843.671758] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000b
01:45:42 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r4, 0xffffffffffffffff)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:42 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r4, 0xffffffffffffffff)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:42 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:42 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:42 executing program 2 (fault-call:9 fault-nth:12):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1844.064319] ip_tables: iptables: counters copy to user failed while replacing table
01:45:42 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r4, 0xffffffffffffffff)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:42 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1844.164757] FAULT_INJECTION: forcing a failure.
[ 1844.164757] name failslab, interval 1, probability 0, space 0, times 0
01:45:42 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0)
pipe(&(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
getrlimit(0x1, &(0x7f0000000100))
mkdir(0x0, 0x0)
io_setup(0x2, 0x0)
creat(0x0, 0x0)
io_setup(0x8, &(0x7f0000000240)=<r4=>0x0)
io_submit(r4, 0x0, &(0x7f0000000100))
io_setup(0x0, &(0x7f00000004c0))
io_submit(0x0, 0x0, &(0x7f0000000440))
creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0x2, 0x0)
r5 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0)
r6 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x1)
r7 = dup2(r6, r5)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r7, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xfcc8)

01:45:42 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r4, 0xffffffffffffffff)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1844.210803] CPU: 1 PID: 3669 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1844.218658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1844.228133] Call Trace:
[ 1844.230745]  dump_stack+0x13e/0x194
[ 1844.234404]  should_fail.cold+0x10a/0x14b
[ 1844.238585]  should_failslab+0xd6/0x130
[ 1844.242588]  kmem_cache_alloc+0x2b5/0x770
[ 1844.246782]  mmu_topup_memory_caches+0x83/0x300
[ 1844.251588]  kvm_mmu_load+0x1e/0xd00
[ 1844.255346]  ? vcpu_enter_guest+0x1c94/0x5240
[ 1844.259889]  vcpu_enter_guest+0x2eb9/0x5240
[ 1844.264257]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1844.269046]  ? check_preemption_disabled+0x35/0x240
[ 1844.274108]  ? emulator_read_emulated+0x40/0x40
[ 1844.278821]  ? lock_acquire+0x170/0x3f0
[ 1844.282821]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1844.287786]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1844.292761]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1844.297741]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1844.302545]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1844.306547]  ? kvm_vcpu_block+0xb70/0xb70
[ 1844.310733]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1844.315523]  ? check_preemption_disabled+0x35/0x240
[ 1844.320571]  ? retint_kernel+0x2d/0x2d
[ 1844.324483]  ? kvm_vcpu_block+0xb70/0xb70
[ 1844.328666]  ? kvm_vcpu_block+0xb70/0xb70
[ 1844.332849]  do_vfs_ioctl+0x75a/0xfe0
[ 1844.336673]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1844.341453]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1844.345891]  ? security_file_ioctl+0x76/0xb0
[ 1844.350315]  ? security_file_ioctl+0x83/0xb0
[ 1844.354741]  SyS_ioctl+0x7f/0xb0
[ 1844.358118]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1844.362102]  do_syscall_64+0x1d5/0x640
[ 1844.366006]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1844.371202] RIP: 0033:0x45c849
[ 1844.374398] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1844.382128] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1844.389418] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1844.396717] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1844.404005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1844.411310] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000c
01:45:42 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r4, 0xffffffffffffffff)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:42 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:42 executing program 2 (fault-call:9 fault-nth:13):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1844.652944] FAULT_INJECTION: forcing a failure.
[ 1844.652944] name failslab, interval 1, probability 0, space 0, times 0
[ 1844.679571] CPU: 0 PID: 3692 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1844.687466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1844.696941] Call Trace:
[ 1844.699553]  dump_stack+0x13e/0x194
01:45:42 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r4, 0xffffffffffffffff)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1844.703203]  should_fail.cold+0x10a/0x14b
[ 1844.707375]  should_failslab+0xd6/0x130
[ 1844.711359]  kmem_cache_alloc+0x2b5/0x770
[ 1844.715524]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1844.720565]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1844.725359]  mmu_topup_memory_caches+0x83/0x300
[ 1844.730076]  kvm_mmu_load+0x1e/0xd00
[ 1844.733810]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1844.738670]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1844.743440]  ? vcpu_enter_guest+0x1807/0x5240
[ 1844.747958]  vcpu_enter_guest+0x2eb9/0x5240
[ 1844.752294]  ? check_preemption_disabled+0x35/0x240
[ 1844.757317]  ? retint_user+0x13/0x18
[ 1844.761040]  ? emulator_read_emulated+0x40/0x40
[ 1844.765721]  ? lock_acquire+0x170/0x3f0
[ 1844.769801]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1844.774753]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1844.779697]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1844.784641]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1844.789424]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1844.793423]  ? kvm_vcpu_block+0xb70/0xb70
[ 1844.797706]  ? trace_hardirqs_on+0x10/0x10
[ 1844.801980]  ? check_preemption_disabled+0x35/0x240
[ 1844.807191]  ? save_trace+0x290/0x290
[ 1844.811004]  ? SyS_write+0x1b7/0x210
[ 1844.814855]  ? retint_kernel+0x2d/0x2d
[ 1844.818789]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1844.823954]  ? kvm_vcpu_block+0xb70/0xb70
[ 1844.828134]  do_vfs_ioctl+0x75a/0xfe0
[ 1844.832147]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1844.837034]  ? check_preemption_disabled+0x35/0x240
[ 1844.842078]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1844.846492]  ? security_file_ioctl+0x76/0xb0
[ 1844.851041]  ? security_file_ioctl+0x83/0xb0
[ 1844.855488]  SyS_ioctl+0x7f/0xb0
[ 1844.858862]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1844.862933]  do_syscall_64+0x1d5/0x640
[ 1844.866825]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1844.872121] RIP: 0033:0x45c849
[ 1844.875419] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1844.883374] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1844.890645] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
01:45:43 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:43 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[ 1844.897970] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1844.905252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1844.912652] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000d
01:45:43 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:43 executing program 2 (fault-call:9 fault-nth:14):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1845.102971] ip_tables: iptables: counters copy to user failed while replacing table
01:45:43 executing program 0:
r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
lseek(r1, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(r0, r1, 0x0, 0x4000000000010046)

[ 1845.231423] FAULT_INJECTION: forcing a failure.
[ 1845.231423] name failslab, interval 1, probability 0, space 0, times 0
01:45:43 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:43 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1845.346176] CPU: 0 PID: 3706 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1845.354161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1845.364507] Call Trace:
[ 1845.367209]  dump_stack+0x13e/0x194
[ 1845.370863]  should_fail.cold+0x10a/0x14b
[ 1845.375024]  should_failslab+0xd6/0x130
[ 1845.379002]  kmem_cache_alloc+0x2b5/0x770
[ 1845.383164]  ? mmu_topup_memory_caches+0x1d/0x300
[ 1845.388017]  mmu_topup_memory_caches+0x83/0x300
[ 1845.392696]  kvm_mmu_load+0x1e/0xd00
[ 1845.396417]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1845.401264]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1845.406029]  ? vcpu_enter_guest+0x1807/0x5240
[ 1845.410552]  vcpu_enter_guest+0x2eb9/0x5240
[ 1845.414903]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1845.419919]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1845.424695]  ? emulator_read_emulated+0x40/0x40
[ 1845.429373]  ? lock_acquire+0x170/0x3f0
[ 1845.433346]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1845.438600]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1845.443563]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1845.448545]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1845.453305]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1845.457280]  ? kvm_vcpu_block+0xb70/0xb70
[ 1845.461443]  ? trace_hardirqs_on+0x10/0x10
[ 1845.465706]  ? retint_kernel+0x2d/0x2d
[ 1845.469609]  ? retint_kernel+0x2d/0x2d
[ 1845.473512]  ? save_trace+0x290/0x290
[ 1845.477302]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1845.482326]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1845.487112]  ? kvm_vcpu_block+0xb70/0xb70
[ 1845.491282]  do_vfs_ioctl+0x75a/0xfe0
[ 1845.495096]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1845.499867]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1845.504301]  ? security_file_ioctl+0x76/0xb0
[ 1845.508718]  ? security_file_ioctl+0x83/0xb0
[ 1845.513127]  SyS_ioctl+0x7f/0xb0
[ 1845.516488]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1845.521433]  do_syscall_64+0x1d5/0x640
[ 1845.525351]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1845.530555] RIP: 0033:0x45c849
[ 1845.533818] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01:45:43 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1845.541563] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1845.548837] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1845.556107] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1845.563387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1845.570673] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000e
01:45:43 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448f0, &(0x7f0000000080))

01:45:43 executing program 2 (fault-call:9 fault-nth:15):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:43 executing program 0:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f0000000480)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setreuid(0x0, r1)
listxattr(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)

[ 1845.808471] FAULT_INJECTION: forcing a failure.
[ 1845.808471] name failslab, interval 1, probability 0, space 0, times 0
01:45:44 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[ 1845.920944] CPU: 0 PID: 3732 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1845.929869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1845.939394] Call Trace:
[ 1845.942038]  dump_stack+0x13e/0x194
[ 1845.945852]  should_fail.cold+0x10a/0x14b
[ 1845.950148]  should_failslab+0xd6/0x130
[ 1845.954157]  kmem_cache_alloc+0x2b5/0x770
[ 1845.958342]  ? mmu_topup_memory_caches+0x94/0x300
[ 1845.963229]  mmu_topup_memory_caches+0x83/0x300
[ 1845.967934]  ? retint_kernel+0x2d/0x2d
[ 1845.971841]  kvm_mmu_load+0x1e/0xd00
[ 1845.975561]  ? vcpu_enter_guest+0x18c4/0x5240
[ 1845.980088]  vcpu_enter_guest+0x2eb9/0x5240
[ 1845.984422]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1845.989471]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1845.994248]  ? emulator_read_emulated+0x40/0x40
[ 1845.998956]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1846.003906]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1846.009428]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1846.013580]  ? kvm_vcpu_block+0xb70/0xb70
[ 1846.017794]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1846.022604]  ? check_preemption_disabled+0x35/0x240
[ 1846.027659]  ? retint_kernel+0x2d/0x2d
[ 1846.031624]  ? do_vfs_ioctl+0x76/0xfe0
[ 1846.035730]  ? kvm_vcpu_block+0xb70/0xb70
[ 1846.039910]  do_vfs_ioctl+0x75a/0xfe0
[ 1846.043841]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1846.048649]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1846.053110]  ? security_file_ioctl+0x76/0xb0
[ 1846.057540]  ? security_file_ioctl+0x83/0xb0
[ 1846.061969]  SyS_ioctl+0x7f/0xb0
[ 1846.065360]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1846.069379]  do_syscall_64+0x1d5/0x640
[ 1846.073729]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1846.079256] RIP: 0033:0x45c849
[ 1846.082455] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1846.090207] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1846.097498] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1846.104855] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1846.112222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
01:45:44 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:44 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:44 executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f00000002c0)={0x3d, 0x0, 0x1})
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f00000004c0)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x400000000000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x931]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1846.119909] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000f
01:45:44 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:44 executing program 2 (fault-call:9 fault-nth:16):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1846.250065] ip_tables: iptables: counters copy to user failed while replacing table
01:45:44 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:44 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:44 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1846.568533] FAULT_INJECTION: forcing a failure.
[ 1846.568533] name failslab, interval 1, probability 0, space 0, times 0
[ 1846.604826] CPU: 1 PID: 3754 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1846.612703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1846.622195] Call Trace:
[ 1846.624812]  dump_stack+0x13e/0x194
[ 1846.628469]  should_fail.cold+0x10a/0x14b
[ 1846.632656]  should_failslab+0xd6/0x130
[ 1846.636661]  kmem_cache_alloc+0x2b5/0x770
[ 1846.640856]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1846.645910]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1846.650697]  mmu_topup_memory_caches+0x83/0x300
[ 1846.655404]  kvm_mmu_load+0x1e/0xd00
[ 1846.659145]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1846.664201]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1846.669943]  ? vcpu_enter_guest+0x422/0x5240
[ 1846.674410]  vcpu_enter_guest+0x2eb9/0x5240
[ 1846.678749]  ? retint_kernel+0x2d/0x2d
[ 1846.682675]  ? emulator_read_emulated+0x40/0x40
[ 1846.687376]  ? lock_acquire+0x1ec/0x3f0
[ 1846.691383]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1846.697041]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1846.701990]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1846.706785]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1846.710785]  ? kvm_vcpu_block+0xb70/0xb70
[ 1846.714971]  ? trace_hardirqs_on+0x10/0x10
[ 1846.719227]  ? check_preemption_disabled+0x35/0x240
[ 1846.724281]  ? retint_kernel+0x2d/0x2d
[ 1846.728207]  ? save_trace+0x290/0x290
[ 1846.732021]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1846.737088]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1846.741890]  ? kvm_vcpu_block+0xb70/0xb70
[ 1846.746188]  do_vfs_ioctl+0x75a/0xfe0
[ 1846.750106]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1846.754884]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1846.759677]  ? security_file_ioctl+0x76/0xb0
[ 1846.765107]  ? security_file_ioctl+0x83/0xb0
[ 1846.769693]  SyS_ioctl+0x7f/0xb0
[ 1846.774502]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1846.778521]  do_syscall_64+0x1d5/0x640
[ 1846.782454]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1846.787710] RIP: 0033:0x45c849
[ 1846.790925] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1846.798677] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1846.806066] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
01:45:45 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x34, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9, 0x1, 'vcan\x00'}, {0x4}}}]}, 0x34}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@ipv4_newaddr={0x28, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IFA_BROADCAST={0x8, 0x4, @multicast2}]}, 0x28}, 0x1, 0xf0ffffff}, 0x0)

01:45:45 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:45 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1846.813460] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1846.821344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1846.829013] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000010
01:45:45 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:45 executing program 2 (fault-call:9 fault-nth:17):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:45 executing program 0:
r0 = open(&(0x7f0000000080)='./file0\x00', 0x80ff, 0x0)
fcntl$setlease(r0, 0x400, 0x0)

01:45:45 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:45 executing program 0:
r0 = gettid()
r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
write$binfmt_script(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="2321202e2f66696c653020f014d336b04b030400000000000092290a7e4555a763c15ceda085e276ed3ae7a290ab0e74467713328b5e4577124d1a2e21da765cd1ce2356a8f87e56f0bf8893cc7149595314f0771b65d33e129933dd93f99f03cd6b3e5903e1ddb592a67f706eb14c1d3d1a204fe2e9c50d7920f69e068d2c7faba4084e7a3b0c6c699890e19745ba9a37cfdd7ff58b659bbf65d6a2b2e441a0e0c44a3d9abeb7d90f0d01107d0e077d0d67096da85a6d22c36fac7585a35892211b5194d55e0ad396b242ac56b00fbd89c9"], 0xd2)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
setxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='security.capability\x00', &(0x7f0000000340)=@v2={0x2000000, [{0x0, 0xffffffc1}]}, 0x14, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x400000001ffffffd)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)

01:45:45 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1847.302142] FAULT_INJECTION: forcing a failure.
[ 1847.302142] name failslab, interval 1, probability 0, space 0, times 0
01:45:45 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1847.360416] ip_tables: iptables: counters copy to user failed while replacing table
[ 1847.361322] CPU: 1 PID: 3781 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1847.376259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1847.385805] Call Trace:
[ 1847.388463]  dump_stack+0x13e/0x194
[ 1847.392229]  should_fail.cold+0x10a/0x14b
[ 1847.397031]  should_failslab+0xd6/0x130
[ 1847.401710]  kmem_cache_alloc+0x2b5/0x770
[ 1847.405891]  ? mmu_topup_memory_caches+0x1d/0x300
[ 1847.411066]  mmu_topup_memory_caches+0x83/0x300
[ 1847.416200]  ? retint_kernel+0x2d/0x2d
[ 1847.420290]  kvm_mmu_load+0x1e/0xd00
[ 1847.424107]  ? vcpu_enter_guest+0x18c4/0x5240
[ 1847.429541]  vcpu_enter_guest+0x2eb9/0x5240
[ 1847.434019]  ? retint_kernel+0x2d/0x2d
[ 1847.437945]  ? emulator_read_emulated+0x40/0x40
[ 1847.442646]  ? lock_acquire+0x170/0x3f0
[ 1847.446656]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1847.452339]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1847.457587]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1847.463265]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1847.468051]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1847.472065]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1847.477117]  ? kvm_vcpu_block+0xb70/0xb70
[ 1847.481295]  ? check_preemption_disabled+0x35/0x240
[ 1847.486333]  ? retint_kernel+0x2d/0x2d
[ 1847.490349]  ? selinux_file_ioctl+0x30a/0x560
[ 1847.494984]  ? selinux_file_ioctl+0x323/0x560
[ 1847.500044]  ? kvm_vcpu_block+0xb70/0xb70
[ 1847.504483]  do_vfs_ioctl+0x75a/0xfe0
[ 1847.508312]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1847.513107]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1847.517552]  ? security_file_ioctl+0x76/0xb0
[ 1847.522011]  ? security_file_ioctl+0x83/0xb0
[ 1847.526465]  SyS_ioctl+0x7f/0xb0
[ 1847.529851]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1847.533847]  do_syscall_64+0x1d5/0x640
[ 1847.537755]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1847.543502] RIP: 0033:0x45c849
[ 1847.546969] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01:45:45 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:45 executing program 0:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = memfd_create(&(0x7f0000000140)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac', 0x3)
write$binfmt_misc(r1, &(0x7f0000000c40)=ANY=[@ANYRES32], 0xff67)
sendfile(r0, r1, &(0x7f0000000000), 0xffff)
fcntl$addseals(r1, 0x409, 0x8)

[ 1847.555748] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1847.563037] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1847.570523] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1847.577905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1847.585301] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000011
01:45:45 executing program 2 (fault-call:9 fault-nth:18):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1847.648117] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1847.691769] batman_adv: batadv0: Removing interface: batadv_slave_0
01:45:45 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1847.753147] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1847.807527] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1847.815768] FAULT_INJECTION: forcing a failure.
[ 1847.815768] name failslab, interval 1, probability 0, space 0, times 0
[ 1847.845258] CPU: 0 PID: 3806 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
01:45:46 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1847.853304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1847.862921] Call Trace:
[ 1847.865576]  dump_stack+0x13e/0x194
[ 1847.869249]  should_fail.cold+0x10a/0x14b
[ 1847.873426]  should_failslab+0xd6/0x130
[ 1847.877862]  kmem_cache_alloc+0x2b5/0x770
[ 1847.882033]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1847.886936]  mmu_topup_memory_caches+0x83/0x300
[ 1847.891720]  kvm_mmu_load+0x1e/0xd00
[ 1847.895466]  ? vmx_nmi_allowed+0xb/0x100
[ 1847.899543]  ? vmx_nmi_allowed+0x31/0x100
[ 1847.903749]  vcpu_enter_guest+0x2eb9/0x5240
[ 1847.908171]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1847.913189]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1847.917998]  ? emulator_read_emulated+0x40/0x40
[ 1847.922685]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1847.927645]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1847.933160]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1847.937175]  ? retint_kernel+0x2d/0x2d
[ 1847.941082]  ? kvm_vcpu_block+0xb70/0xb70
[ 1847.945746]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1847.950772]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1847.955543]  ? check_preemption_disabled+0x35/0x240
[ 1847.960578]  ? retint_kernel+0x2d/0x2d
[ 1847.964474]  ? __fget+0x201/0x360
[ 1847.968076]  ? kvm_vcpu_block+0xb70/0xb70
[ 1847.972319]  do_vfs_ioctl+0x75a/0xfe0
[ 1847.976374]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1847.981132]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1847.985543]  ? security_file_ioctl+0x76/0xb0
[ 1847.989953]  ? security_file_ioctl+0x83/0xb0
[ 1847.994380]  SyS_ioctl+0x7f/0xb0
[ 1847.999492]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1848.004258]  do_syscall_64+0x1d5/0x640
[ 1848.008155]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1848.013344] RIP: 0033:0x45c849
[ 1848.016690] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1848.024384] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1848.031861] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1848.039259] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1848.046657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
01:45:46 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:46 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1848.053967] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000012
[ 1848.063389] device bridge_slave_1 left promiscuous mode
[ 1848.068969] bridge0: port 2(bridge_slave_1) entered disabled state
01:45:46 executing program 2 (fault-call:9 fault-nth:19):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1848.130500] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1848.197698] device veth1_macvtap left promiscuous mode
[ 1848.212698] device veth0_macvtap left promiscuous mode
[ 1848.229946] device veth1_vlan left promiscuous mode
01:45:46 executing program 0:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[ 1848.245845] device veth0_vlan left promiscuous mode
[ 1848.308493] FAULT_INJECTION: forcing a failure.
[ 1848.308493] name failslab, interval 1, probability 0, space 0, times 0
[ 1848.360278] CPU: 1 PID: 3818 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1848.368136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1848.378325] Call Trace:
[ 1848.380936]  dump_stack+0x13e/0x194
[ 1848.384596]  should_fail.cold+0x10a/0x14b
[ 1848.388772]  should_failslab+0xd6/0x130
[ 1848.392784]  kmem_cache_alloc+0x2b5/0x770
[ 1848.396977]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1848.402562]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1848.407973]  mmu_topup_memory_caches+0x83/0x300
[ 1848.412675]  kvm_mmu_load+0x1e/0xd00
[ 1848.416516]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1848.421376]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1848.426274]  ? vcpu_enter_guest+0x1807/0x5240
[ 1848.431157]  vcpu_enter_guest+0x2eb9/0x5240
[ 1848.435514]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1848.440546]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1848.445305]  ? emulator_read_emulated+0x40/0x40
[ 1848.449985]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1848.454903]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1848.459668]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1848.463633]  ? kvm_vcpu_block+0xb70/0xb70
[ 1848.467798]  ? trace_hardirqs_on+0x10/0x10
[ 1848.472343]  ? mark_held_locks+0xa6/0xf0
[ 1848.476427]  ? save_trace+0x290/0x290
[ 1848.480232]  ? SyS_write+0x1b7/0x210
[ 1848.484025]  ? kvm_vcpu_block+0xb70/0xb70
[ 1848.488162]  do_vfs_ioctl+0x75a/0xfe0
[ 1848.492073]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1848.496843]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1848.501253]  ? security_file_ioctl+0x76/0xb0
[ 1848.506001]  ? security_file_ioctl+0x83/0xb0
[ 1848.510413]  SyS_ioctl+0x7f/0xb0
[ 1848.513792]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1848.517780]  do_syscall_64+0x1d5/0x640
[ 1848.521669]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1848.526851] RIP: 0033:0x45c849
[ 1848.534130] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1848.541828] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1848.549085] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1848.556369] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1848.563656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1848.570949] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000013
01:45:46 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:46 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:46 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1848.768214] ip_tables: iptables: counters copy to user failed while replacing table
01:45:47 executing program 2 (fault-call:9 fault-nth:20):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:47 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000240)={@multicast1, @local}, 0xc)
connect$inet(r0, &(0x7f0000000400)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)={@multicast1, @local}, 0x10)

01:45:47 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:47 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:47 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[ 1849.109184] FAULT_INJECTION: forcing a failure.
[ 1849.109184] name failslab, interval 1, probability 0, space 0, times 0
[ 1849.128063] bond3 (unregistering): Released all slaves
[ 1849.148444] bond2 (unregistering): Released all slaves
[ 1849.160207] CPU: 0 PID: 3839 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1849.168465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1849.177930] Call Trace:
[ 1849.180554]  dump_stack+0x13e/0x194
[ 1849.184192]  should_fail.cold+0x10a/0x14b
[ 1849.188480]  should_failslab+0xd6/0x130
[ 1849.192468]  kmem_cache_alloc+0x2b5/0x770
[ 1849.196747]  ? kmem_cache_alloc+0x10/0x770
[ 1849.200998]  mmu_topup_memory_caches+0x83/0x300
[ 1849.205666]  ? kvm_apic_accept_events+0x4f/0x3f0
[ 1849.210552]  kvm_mmu_load+0x1e/0xd00
[ 1849.214274]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1849.219127]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1849.223872]  ? vmx_get_nmi_mask+0x29/0xa0
[ 1849.228035]  vcpu_enter_guest+0x2eb9/0x5240
[ 1849.232374]  ? check_preemption_disabled+0x35/0x240
[ 1849.238347]  ? retint_user+0x13/0x18
[ 1849.242053]  ? emulator_read_emulated+0x40/0x40
[ 1849.246713]  ? lock_acquire+0x170/0x3f0
[ 1849.250677]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1849.255597]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1849.260513]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1849.265429]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1849.270175]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1849.274136]  ? kvm_vcpu_block+0xb70/0xb70
[ 1849.278285]  ? trace_hardirqs_on+0x10/0x10
[ 1849.282508]  ? retint_kernel+0x2d/0x2d
[ 1849.286415]  ? save_trace+0x290/0x290
[ 1849.290215]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1849.294961]  ? kvm_vcpu_block+0xb70/0xb70
[ 1849.299100]  do_vfs_ioctl+0x75a/0xfe0
[ 1849.302891]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1849.307673]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1849.312100]  ? security_file_ioctl+0x76/0xb0
[ 1849.316509]  ? security_file_ioctl+0x83/0xb0
[ 1849.320922]  SyS_ioctl+0x7f/0xb0
[ 1849.324308]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1849.328385]  do_syscall_64+0x1d5/0x640
[ 1849.332265]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1849.337446] RIP: 0033:0x45c849
[ 1849.340639] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1849.348348] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1849.355625] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1849.362899] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1849.370184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1849.377479] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000014
01:45:47 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1849.428045] bond1 (unregistering): Released all slaves
01:45:47 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:47 executing program 2 (fault-call:9 fault-nth:21):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:47 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:47 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[ 1849.617041] ip_tables: iptables: counters copy to user failed while replacing table
[ 1849.652303] device hsr_slave_1 left promiscuous mode
[ 1849.723459] device hsr_slave_0 left promiscuous mode
01:45:47 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1849.793843] FAULT_INJECTION: forcing a failure.
[ 1849.793843] name failslab, interval 1, probability 0, space 0, times 0
[ 1849.892145] CPU: 1 PID: 3856 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1849.900024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1849.909526] Call Trace:
[ 1849.912508]  dump_stack+0x13e/0x194
[ 1849.916173]  should_fail.cold+0x10a/0x14b
[ 1849.920504]  should_failslab+0xd6/0x130
[ 1849.924636]  kmem_cache_alloc+0x2b5/0x770
[ 1849.928816]  ? mmu_topup_memory_caches+0x94/0x300
[ 1849.933694]  mmu_topup_memory_caches+0x83/0x300
[ 1849.938404]  kvm_mmu_load+0x1e/0xd00
[ 1849.942141]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1849.947017]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1849.951813]  ? vcpu_enter_guest+0x3813/0x5240
[ 1849.956357]  vcpu_enter_guest+0x2eb9/0x5240
[ 1849.960718]  ? retint_kernel+0x2d/0x2d
[ 1849.964669]  ? emulator_read_emulated+0x40/0x40
[ 1849.969373]  ? lock_acquire+0x1ec/0x3f0
[ 1849.973480]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1849.978434]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1849.983397]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1849.988182]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1849.992169]  ? kvm_vcpu_block+0xb70/0xb70
[ 1849.996328]  ? trace_hardirqs_on+0x10/0x10
[ 1850.000599]  ? save_trace+0x290/0x290
[ 1850.004430]  ? lock_release+0x435/0x7f0
[ 1850.008426]  ? kvm_vcpu_block+0xb70/0xb70
[ 1850.012587]  do_vfs_ioctl+0x75a/0xfe0
[ 1850.016424]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1850.021204]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1850.025987]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1850.030443]  ? check_preemption_disabled+0x35/0x240
[ 1850.035488]  ? retint_kernel+0x2d/0x2d
[ 1850.039394]  ? security_file_ioctl+0x76/0xb0
[ 1850.043825]  ? security_file_ioctl+0x83/0xb0
[ 1850.048258]  SyS_ioctl+0x7f/0xb0
[ 1850.051642]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1850.055640]  do_syscall_64+0x1d5/0x640
[ 1850.059569]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1850.064771] RIP: 0033:0x45c849
[ 1850.067961] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1850.075669] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1850.082939] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
01:45:48 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:48 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1850.090219] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1850.097487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1850.104745] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000015
[ 1850.113852] team0 (unregistering): Port device team_slave_1 removed
[ 1850.198913] team0 (unregistering): Port device team_slave_0 removed
[ 1850.209495] ip_tables: iptables: counters copy to user failed while replacing table
[ 1850.236973] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1850.340827] bond0 (unregistering): Releasing backup interface bond_slave_0
01:45:48 executing program 0:
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
accept4(0xffffffffffffffff, 0x0, &(0x7f0000000580), 0x80000)
sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x38, 0x1, 0x10, 0x0, 0x10000005, 0x0, 0x0, 0x1000, 0x0, 0x401}, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x3, 0x3, 0x6}, 0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
getpeername(0xffffffffffffffff, &(0x7f00000005c0)=@x25, 0x0)
pipe(&(0x7f0000000840)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0)
getxattr(0x0, 0x0, 0x0, 0x0)
r4 = gettid()
r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
prctl$PR_SET_PTRACER(0x59616d61, r4)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xa}}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
close(r5)
sync_file_range(0xffffffffffffffff, 0x7, 0x0, 0x2)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r4, 0x0, 0x0)

01:45:48 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:48 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:48 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:48 executing program 2 (fault-call:9 fault-nth:22):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1850.437818] bond0 (unregistering): Released all slaves
01:45:48 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1850.558093] FAULT_INJECTION: forcing a failure.
[ 1850.558093] name failslab, interval 1, probability 0, space 0, times 0
[ 1850.645332] CPU: 1 PID: 3878 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1850.653311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1850.662711] Call Trace:
[ 1850.665332]  dump_stack+0x13e/0x194
[ 1850.668980]  should_fail.cold+0x10a/0x14b
[ 1850.673179]  should_failslab+0xd6/0x130
[ 1850.683791]  kmem_cache_alloc+0x2b5/0x770
[ 1850.688031]  mmu_topup_memory_caches+0x83/0x300
[ 1850.692736]  kvm_mmu_load+0x1e/0xd00
[ 1850.696474]  ? vcpu_enter_guest+0x2eb1/0x5240
[ 1850.701130]  vcpu_enter_guest+0x2eb9/0x5240
[ 1850.705523]  ? check_preemption_disabled+0x35/0x240
[ 1850.710566]  ? retint_user+0x13/0x18
[ 1850.714413]  ? emulator_read_emulated+0x40/0x40
[ 1850.719208]  ? lock_acquire+0x170/0x3f0
[ 1850.723223]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1850.728197]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1850.733416]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1850.738434]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1850.743242]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1850.747258]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1850.752033]  ? kvm_vcpu_block+0xb70/0xb70
[ 1850.756458]  ? trace_hardirqs_on+0x10/0x10
[ 1850.760720]  ? save_trace+0x290/0x290
[ 1850.764538]  ? SyS_write+0x1b7/0x210
[ 1850.768312]  ? kvm_vcpu_block+0xb70/0xb70
[ 1850.772484]  do_vfs_ioctl+0x75a/0xfe0
[ 1850.776436]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1850.781220]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1850.785656]  ? security_file_ioctl+0x76/0xb0
[ 1850.790082]  ? security_file_ioctl+0x83/0xb0
[ 1850.794519]  SyS_ioctl+0x7f/0xb0
[ 1850.797908]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1850.801897]  do_syscall_64+0x1d5/0x640
[ 1850.805820]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1850.811036] RIP: 0033:0x45c849
[ 1850.814232] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1850.821948] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1850.829222] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1850.836514] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
01:45:49 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:49 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:49 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

[ 1850.843884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1850.851164] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000016
01:45:49 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:49 executing program 2 (fault-call:9 fault-nth:23):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:49 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1851.108211] ip_tables: iptables: counters copy to user failed while replacing table
[ 1851.195895] FAULT_INJECTION: forcing a failure.
[ 1851.195895] name failslab, interval 1, probability 0, space 0, times 0
[ 1851.257974] CPU: 1 PID: 3902 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1851.265826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1851.275208] Call Trace:
[ 1851.277825]  dump_stack+0x13e/0x194
[ 1851.281481]  should_fail.cold+0x10a/0x14b
[ 1851.285767]  should_failslab+0xd6/0x130
[ 1851.289818]  kmem_cache_alloc+0x2b5/0x770
[ 1851.294003]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1851.299062]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1851.303867]  mmu_topup_memory_caches+0x83/0x300
[ 1851.308582]  kvm_mmu_load+0x1e/0xd00
[ 1851.312337]  ? vcpu_enter_guest+0x2eb1/0x5240
[ 1851.316867]  vcpu_enter_guest+0x2eb9/0x5240
[ 1851.321236]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1851.326275]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1851.331050]  ? emulator_read_emulated+0x40/0x40
[ 1851.335740]  ? lock_acquire+0x170/0x3f0
[ 1851.339736]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1851.344684]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1851.349791]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1851.355619]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1851.360515]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1851.364510]  ? kvm_vcpu_block+0xb70/0xb70
[ 1851.368669]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1851.373438]  ? check_preemption_disabled+0x35/0x240
[ 1851.378466]  ? retint_kernel+0x2d/0x2d
[ 1851.382376]  ? do_vfs_ioctl+0xcc8/0xfe0
[ 1851.386361]  ? kvm_vcpu_block+0xb70/0xb70
[ 1851.391484]  do_vfs_ioctl+0x75a/0xfe0
[ 1851.395313]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1851.400109]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1851.404554]  ? security_file_ioctl+0x76/0xb0
[ 1851.408961]  ? security_file_ioctl+0x83/0xb0
[ 1851.413366]  SyS_ioctl+0x7f/0xb0
[ 1851.416720]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1851.420848]  do_syscall_64+0x1d5/0x640
[ 1851.425520]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1851.430715] RIP: 0033:0x45c849
[ 1851.433925] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1851.441779] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1851.449206] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
01:45:49 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast1, 0x91})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0, 0xfffffffffffffd71}, {0x0, 0x1e1}, {&(0x7f00000002c0)=""/66, 0x9}], 0x3, 0x0, 0xb9, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

01:45:49 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:49 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:49 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:49 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1851.456481] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1851.463833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1851.471107] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000017
01:45:49 executing program 2 (fault-call:9 fault-nth:24):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1851.635121] ip_tables: iptables: counters copy to user failed while replacing table
01:45:49 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1851.742811] FAULT_INJECTION: forcing a failure.
[ 1851.742811] name failslab, interval 1, probability 0, space 0, times 0
[ 1851.762711] CPU: 1 PID: 3927 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1851.770561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1851.779935] Call Trace:
[ 1851.782552]  dump_stack+0x13e/0x194
[ 1851.786391]  should_fail.cold+0x10a/0x14b
[ 1851.790572]  should_failslab+0xd6/0x130
[ 1851.794559]  kmem_cache_alloc+0x2b5/0x770
[ 1851.798736]  ? mmu_topup_memory_caches+0x94/0x300
[ 1851.804538]  mmu_topup_memory_caches+0x83/0x300
[ 1851.809261]  ? retint_kernel+0x2d/0x2d
[ 1851.813162]  kvm_mmu_load+0x1e/0xd00
[ 1851.816886]  ? vcpu_enter_guest+0x56a/0x5240
[ 1851.821301]  vcpu_enter_guest+0x2eb9/0x5240
[ 1851.825628]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1851.830649]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1851.835446]  ? emulator_read_emulated+0x40/0x40
[ 1851.840325]  ? lock_acquire+0x170/0x3f0
[ 1851.845023]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1851.849964]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1851.854920]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1851.859876]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1851.864687]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1851.869981]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1851.876007]  ? kvm_vcpu_block+0xb70/0xb70
[ 1851.880220]  ? retint_kernel+0x2d/0x2d
[ 1851.884143]  ? selinux_file_ioctl+0x83/0x560
[ 1851.888571]  ? selinux_file_ioctl+0x42b/0x560
[ 1851.893088]  ? kvm_vcpu_block+0xb70/0xb70
[ 1851.897261]  do_vfs_ioctl+0x75a/0xfe0
[ 1851.901082]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1851.905872]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1851.910314]  ? security_file_ioctl+0x76/0xb0
[ 1851.914746]  ? security_file_ioctl+0x83/0xb0
[ 1851.919530]  SyS_ioctl+0x7f/0xb0
[ 1851.922931]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1851.927277]  do_syscall_64+0x1d5/0x640
[ 1851.931196]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1851.936409] RIP: 0033:0x45c849
01:45:50 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:50 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1851.939614] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1851.947349] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1851.954729] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1851.962153] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1851.969547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1851.978131] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000018
01:45:50 executing program 2 (fault-call:9 fault-nth:25):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:50 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1852.180850] FAULT_INJECTION: forcing a failure.
[ 1852.180850] name failslab, interval 1, probability 0, space 0, times 0
[ 1852.224479] CPU: 1 PID: 3935 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1852.232716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1852.242313] Call Trace:
[ 1852.244948]  dump_stack+0x13e/0x194
[ 1852.248647]  should_fail.cold+0x10a/0x14b
[ 1852.252864]  ? should_failslab+0x9c/0x130
[ 1852.257078]  should_failslab+0xd6/0x130
[ 1852.261096]  kmem_cache_alloc+0x2b5/0x770
[ 1852.265762]  ? mmu_topup_memory_caches+0x94/0x300
[ 1852.270992]  mmu_topup_memory_caches+0x83/0x300
[ 1852.275868]  kvm_mmu_load+0x1e/0xd00
[ 1852.279600]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1852.284458]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1852.289437]  ? process_nmi+0xcf/0xf0
[ 1852.293454]  vcpu_enter_guest+0x2eb9/0x5240
[ 1852.297893]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1852.302663]  ? check_preemption_disabled+0x35/0x240
[ 1852.307689]  ? emulator_read_emulated+0x40/0x40
[ 1852.312367]  ? lock_acquire+0x170/0x3f0
[ 1852.316374]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1852.321506]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1852.326535]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1852.331575]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1852.336364]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1852.340357]  ? kvm_vcpu_block+0xb70/0xb70
[ 1852.344551]  ? trace_hardirqs_on+0x10/0x10
[ 1852.348823]  ? save_trace+0x290/0x290
[ 1852.352635]  ? SyS_write+0x1b7/0x210
[ 1852.356458]  ? kvm_vcpu_block+0xb70/0xb70
[ 1852.360637]  do_vfs_ioctl+0x75a/0xfe0
[ 1852.364464]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1852.369392]  ? ioctl_preallocate+0x1a0/0x1a0
01:45:50 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1852.373829]  ? security_file_ioctl+0x76/0xb0
[ 1852.378378]  ? security_file_ioctl+0x83/0xb0
[ 1852.382813]  SyS_ioctl+0x7f/0xb0
[ 1852.386756]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1852.391286]  do_syscall_64+0x1d5/0x640
[ 1852.395482]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1852.401006] RIP: 0033:0x45c849
[ 1852.404206] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1852.412172] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1852.419454] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1852.426724] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1852.434390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1852.441752] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000019
01:45:52 executing program 0:
r0 = syz_open_dev$sndtimer(&(0x7f0000000440)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000000)=0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x100000001}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x0, 0xb9e, 0x20})

01:45:52 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:52 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:52 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:52 executing program 2 (fault-call:9 fault-nth:26):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:52 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:52 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(0xffffffffffffffff)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1854.820685] ip_tables: iptables: counters copy to user failed while replacing table
[ 1854.861807] FAULT_INJECTION: forcing a failure.
[ 1854.861807] name failslab, interval 1, probability 0, space 0, times 0
[ 1854.878100] CPU: 1 PID: 3957 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1854.886097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1854.895505] Call Trace:
[ 1854.898129]  dump_stack+0x13e/0x194
[ 1854.901793]  should_fail.cold+0x10a/0x14b
[ 1854.906173]  should_failslab+0xd6/0x130
01:45:53 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1854.910195]  kmem_cache_alloc+0x2b5/0x770
[ 1854.914458]  mmu_topup_memory_caches+0x83/0x300
[ 1854.919138]  kvm_mmu_load+0x1e/0xd00
[ 1854.922975]  ? vcpu_enter_guest+0x56a/0x5240
[ 1854.927496]  vcpu_enter_guest+0x2eb9/0x5240
[ 1854.931924]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1854.938094]  ? emulator_read_emulated+0x40/0x40
[ 1854.943268]  ? lock_acquire+0x170/0x3f0
[ 1854.947272]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1854.952224]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1854.957286]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1854.962564]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1854.967349]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1854.971332]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1854.976677]  ? kvm_vcpu_block+0xb70/0xb70
[ 1854.980909]  ? check_preemption_disabled+0x35/0x240
[ 1854.986730]  ? retint_kernel+0x2d/0x2d
[ 1854.990790]  ? selinux_file_ioctl+0x83/0x560
[ 1854.995217]  ? selinux_file_ioctl+0x42b/0x560
[ 1854.999935]  ? kvm_vcpu_block+0xb70/0xb70
[ 1855.004755]  do_vfs_ioctl+0x75a/0xfe0
[ 1855.010830]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1855.016341]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1855.020905]  ? security_file_ioctl+0x76/0xb0
[ 1855.025706]  ? security_file_ioctl+0x83/0xb0
[ 1855.030177]  SyS_ioctl+0x7f/0xb0
[ 1855.033676]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1855.037650]  do_syscall_64+0x1d5/0x640
[ 1855.041536]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1855.046860] RIP: 0033:0x45c849
[ 1855.050181] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01:45:53 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:53 executing program 2 (fault-call:9 fault-nth:27):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:53 executing program 0:
r0 = gettid()
r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1)
prctl$PR_SET_PTRACER(0x59616d61, r0)
write$binfmt_script(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="2321202e2f66696c653020f014d336b04b030400000000000092290a7e4555a763c15ceda085e276ed3ae7a290ab0e74467713328b5e4577124d1a2e21da765cd1ce2356a8f87e56f0bf8893cc7149595314f0771b65d33e129933dd93f99f03cd6b3e5903e1ddb592a67f706eb14c1d3d1a204fe2e9c50d7920f69e068d2c7faba4084e7a3b0c6c699890e19745ba9a37cfdd7ff58b659bbf65d6a2b2e441a0e0c44a3d9abeb7d90f0d01107d0e077d0d67096da85a6d22c36fac7585a35892211b5194d55e0ad396b242ac56b00fbd89c9ff98e0fb30333b4e890581b21245b36f9ab48e8f83bfcc455d81d7aff06587ca3d455f61f4258a09db4a85d59af344928e136cf95a1898f97d5031c56550cfb29d367f2fb2674b"], 0x24)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r1)
setxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='security.capability\x00', &(0x7f0000000340)=@v2={0x2000000, [{0x0, 0xffffffc1}]}, 0x14, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x100000001)
listen(0xffffffffffffffff, 0x400000001ffffffd)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)

[ 1855.057896] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1855.065333] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1855.074260] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1855.081547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1855.088824] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000001a
[ 1855.251111] FAULT_INJECTION: forcing a failure.
[ 1855.251111] name failslab, interval 1, probability 0, space 0, times 0
[ 1855.309371] CPU: 0 PID: 3970 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1855.317249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1855.326629] Call Trace:
[ 1855.329251]  dump_stack+0x13e/0x194
[ 1855.332902]  should_fail.cold+0x10a/0x14b
[ 1855.337115]  should_failslab+0xd6/0x130
[ 1855.341127]  kmem_cache_alloc+0x2b5/0x770
[ 1855.345321]  ? mmu_topup_memory_caches+0x94/0x300
[ 1855.350212]  mmu_topup_memory_caches+0x83/0x300
[ 1855.354909]  ? retint_kernel+0x2d/0x2d
[ 1855.358825]  kvm_mmu_load+0x1e/0xd00
[ 1855.363264]  ? vcpu_enter_guest+0x1d1d/0x5240
[ 1855.374955]  vcpu_enter_guest+0x2eb9/0x5240
[ 1855.380257]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1855.385309]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1855.390109]  ? emulator_read_emulated+0x40/0x40
[ 1855.394826]  ? lock_acquire+0x170/0x3f0
[ 1855.398832]  ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0
[ 1855.403790]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1855.418566]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1855.423533]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1855.428310]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1855.432305]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1855.437344]  ? kvm_vcpu_block+0xb70/0xb70
[ 1855.441504]  ? check_preemption_disabled+0x35/0x240
[ 1855.446547]  ? retint_kernel+0x2d/0x2d
[ 1855.450479]  ? selinux_file_ioctl+0x19a/0x560
[ 1855.454983]  ? selinux_file_ioctl+0x1b7/0x560
[ 1855.459700]  ? kvm_vcpu_block+0xb70/0xb70
[ 1855.464068]  do_vfs_ioctl+0x75a/0xfe0
[ 1855.467983]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1855.472756]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1855.477308]  ? security_file_ioctl+0x76/0xb0
[ 1855.481809]  ? security_file_ioctl+0x83/0xb0
[ 1855.486484]  SyS_ioctl+0x7f/0xb0
[ 1855.489876]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1855.495725]  do_syscall_64+0x1d5/0x640
[ 1855.499631]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1855.504837] RIP: 0033:0x45c849
01:45:53 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:53 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(0xffffffffffffffff)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:53 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:53 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:53 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='attr\x00')
fchdir(r0)
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f00000000c0)='.\x00', 0x1)
getdents64(r0, &(0x7f00000003c0)=""/4096, 0x1000)
getdents64(r0, 0x0, 0x0)

[ 1855.508019] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1855.515718] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1855.523104] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1855.530517] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1855.537791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1855.545074] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000001b
01:45:53 executing program 2 (fault-call:9 fault-nth:28):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:53 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(0xffffffffffffffff)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:53 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/ptype\x00')
preadv(r0, &(0x7f00000014c0)=[{&(0x7f0000000100)=""/51, 0x33}], 0x1, 0x33)
io_setup(0x100000000000c333, &(0x7f0000000180)=<r1=>0x0)
r2 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100902)
io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}])

[ 1855.819124] FAULT_INJECTION: forcing a failure.
[ 1855.819124] name failslab, interval 1, probability 0, space 0, times 0
[ 1855.836152] ip_tables: iptables: counters copy to user failed while replacing table
[ 1855.872427] CPU: 1 PID: 3998 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
[ 1855.880409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1855.890644] Call Trace:
[ 1855.893256]  dump_stack+0x13e/0x194
[ 1855.896913]  should_fail.cold+0x10a/0x14b
[ 1855.901118]  should_failslab+0xd6/0x130
[ 1855.905122]  kmem_cache_alloc+0x2b5/0x770
[ 1855.909300]  ? mmu_topup_memory_caches+0x94/0x300
[ 1855.914240]  mmu_topup_memory_caches+0x83/0x300
[ 1855.918936]  kvm_mmu_load+0x1e/0xd00
[ 1855.922685]  ? kvm_apic_accept_events+0x16f/0x3f0
[ 1855.927546]  ? kvm_lapic_enable_pv_eoi+0xc0/0xc0
[ 1855.932336]  ? vcpu_enter_guest+0x482/0x5240
[ 1855.937859]  vcpu_enter_guest+0x2eb9/0x5240
[ 1855.942205]  ? retint_kernel+0x2d/0x2d
[ 1855.946120]  ? emulator_read_emulated+0x40/0x40
[ 1855.950810]  ? lock_acquire+0x1ec/0x3f0
[ 1855.954815]  ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1855.959768]  ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0
[ 1855.965426]  kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0
[ 1855.970940]  kvm_vcpu_ioctl+0x3df/0xc70
[ 1855.974980]  ? kvm_vcpu_block+0xb70/0xb70
[ 1855.979168]  ? trace_hardirqs_on+0x10/0x10
[ 1855.983433]  ? retint_kernel+0x2d/0x2d
[ 1855.987452]  ? save_trace+0x290/0x290
[ 1855.991283]  ? trace_hardirqs_on_caller+0x3f6/0x590
[ 1855.996422]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1856.001210]  ? kvm_vcpu_block+0xb70/0xb70
[ 1856.005519]  do_vfs_ioctl+0x75a/0xfe0
[ 1856.009343]  ? selinux_file_mprotect+0x5c0/0x5c0
[ 1856.014129]  ? ioctl_preallocate+0x1a0/0x1a0
[ 1856.018566]  ? security_file_ioctl+0x76/0xb0
[ 1856.022994]  ? security_file_ioctl+0x83/0xb0
[ 1856.027428]  SyS_ioctl+0x7f/0xb0
[ 1856.030808]  ? do_vfs_ioctl+0xfe0/0xfe0
[ 1856.034844]  do_syscall_64+0x1d5/0x640
[ 1856.038751]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1856.043952] RIP: 0033:0x45c849
[ 1856.047152] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1856.054971] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849
[ 1856.062543] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
01:45:54 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:54 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:54 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:54 executing program 2 (fault-call:9 fault-nth:29):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1856.069837] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1856.077472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[ 1856.085746] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000001c
01:45:54 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:54 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)=ANY=[@ANYBLOB="bc2d367f001bd3d4adb38f9b5ab64de42bb4f0f4d15d2f8c35d27c24bbe3b89468a721a285a8ead33c448c8a0d26fc1f3ba2b4c9f5a9d68e97e509dcf98465bb46eb78c93507ba6f0900c4803b75534f27d07a1d7066807ddc57b73ab809c73b65ce435f5205261f29254ed2ec8e75590481a9736c7ed0f49da28fb6"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
r3 = fanotify_init(0x0, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000100)={0x18}, 0x18)
fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'L-', 0x1}, 0x16, 0x0)
ioctl$VFIO_SET_IOMMU(r4, 0x3b66, 0x3)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:54 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:54 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:54 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:54 executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b0b, &(0x7f0000000000)='wlan0\x00')

01:45:54 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:54 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="974b"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = fanotify_init(0x0, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000180)={[0x6, 0x8, 0x1, 0x2d83aca2, 0x1ff, 0x8, 0x1, 0x5, 0x9f, 0x1f, 0x3, 0x0, 0x0, 0x1, 0x3, 0x5da], 0x5000, 0x10})
syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
r5 = fanotify_init(0x0, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
write$FUSE_NOTIFY_POLL(r6, &(0x7f0000000100)={0x18}, 0x18)
r7 = fanotify_init(0x0, 0x0)
r8 = fcntl$dupfd(r7, 0x0, r7)
write$FUSE_NOTIFY_POLL(r8, &(0x7f0000000100)={0x18}, 0x18)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r8, 0xc034564b, &(0x7f0000000040)={0x401, 0x1500, 0x8, 0x101, 0x0, @discrete={0x937}})
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, r6, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:54 executing program 0:

[ 1856.760439] ip_tables: iptables: counters copy to user failed while replacing table
01:45:55 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:55 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:55 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:55 executing program 0:

01:45:55 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:55 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)=ANY=[@ANYBLOB="97cb4b5f4083f75b660a19cfdc9e8b175cf89cd7a445e0dbd5e7d805fc4a5b98481d6ae97c6a743d9cc8f6581366d5aa3a9a2c2cf75cec8a8a"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = fanotify_init(0x0, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000100)={0x18}, 0x18)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:55 executing program 0:

[ 1857.133429] ip_tables: iptables: counters copy to user failed while replacing table
01:45:55 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:55 executing program 0:

01:45:55 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:55 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:55 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(0xffffffffffffffff)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:55 executing program 0:

01:45:55 executing program 2:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x8200, 0x0)
sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="5000000005060101000000000000fed98c61b625b51bdda3eb843202e2b200000c0000000900020073797a32000000000900030073797a32000000000900030073797a30000000000900030073797a32000000000900030073797a3200000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x4010)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)=ANY=[@ANYBLOB="97cb42a0ae7396f54fd414d18685c56e73b61c471b29b02a6df897b1baabc6fd505d210372cf90998b271c06daabc4810c421850ebb7c8914605c055fc3db5cb6d9acf0874533f6dfab7f816c61217782e583b07238f571d0d40d3b678de326d6604cf9901b0717422f22d4e535a"])
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r3, 0xae9a)
r4 = fanotify_init(0x0, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000100)={0x18}, 0x18)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
ioctl$KVM_S390_UCAS_UNMAP(r0, 0x4018ae51, &(0x7f00000003c0)={0x1100000, 0x0, 0x200})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BLKSECTGET(r5, 0x1267, &(0x7f00000000c0))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 1857.471377] ip_tables: iptables: counters copy to user failed while replacing table
01:45:55 executing program 0:

01:45:55 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:55 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:55 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = fanotify_init(0x0, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000100)={0x18}, 0x18)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000280)={{0x3, 0x3, 0x3, 0x1, 0x2}})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)=ANY=[@ANYBLOB="657e00000000466bc3ae3bb36ffc791c1c92e662b4454d32028d444e8873e0af90f97fb8c1638e970426c7216f6350c802d4f90289a0314a9761e332dc8b6d0d7452ac4eb572ed0ece96ab9a9b4bd3d3ca7460b1432aecf69f1e441913d388e797bc000000000000800000000000d4697e541b2f4535e5b0e4132da21ba18fb12a24f1398230b2c295afb260bf989026c44d7b024e176680a05d90b1947ad25c9d1b4f83f87f163cf485ceee3197c8e4b2ae82009504433999c00d78c75a751a5e3005500427b5"])
r4 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x145080, 0x0)
ioctl$BLKFRASET(r4, 0x1264, &(0x7f0000000100)=0xa4d3)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x88}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/mls\x00', 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r6, 0x0, 0x1, &(0x7f0000000340), &(0x7f0000000380)=0x4)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

01:45:55 executing program 0:

01:45:55 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:55 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(0xffffffffffffffff)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:56 executing program 0:

[ 1857.862011] ip_tables: iptables: counters copy to user failed while replacing table
01:45:56 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:56 executing program 0:

01:45:56 executing program 0:

01:45:56 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = fanotify_init(0x0, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000100)={0x18}, 0x18)
setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x2, &(0x7f00000000c0)=0x5, 0x4)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:56 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:56 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:56 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(0xffffffffffffffff)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:56 executing program 0:

01:45:56 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(0xffffffffffffffff)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:56 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:56 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
io_getevents(0x0, 0x8, 0x80000000000024d, &(0x7f0000000400)=[{}, {}], 0x0)
r2 = memfd_create(&(0x7f0000000000)='-se~g\x00\x00\x00\x00o\xb5z\xff\xeazF\xfb\xcer\x00\x00\x00\x00\x00\x00\x00\x1e\x9d\x17\xc9\xc9\x87 \xb0Z7\a\xac\xe8\vb.T\x9b\xc4\xa6\x04\xb4\xee;\x86\x05\x83U\x11\xf9', 0x0)
io_submit(0x0, 0x1, &(0x7f0000001280)=[&(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}])
io_getevents(0x0, 0xbc, 0xa, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000000))
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = fanotify_init(0x0, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000100)={0x18}, 0x18)
r6 = fanotify_init(0x0, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
write$FUSE_NOTIFY_POLL(r7, &(0x7f0000000100)={0x18}, 0x18)
ioctl$USBDEVFS_RESETEP(r7, 0x80045503, &(0x7f00000000c0)={0x1, 0x1})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

01:45:56 executing program 0:

[ 1858.818121] ip_tables: iptables: counters copy to user failed while replacing table
01:45:57 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(0xffffffffffffffff)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:57 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:57 executing program 0:

01:45:57 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:57 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
rt_sigpending(&(0x7f00000000c0), 0x8)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:57 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)

01:45:57 executing program 0:

01:45:57 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:57 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(0xffffffffffffffff)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:57 executing program 2:
r0 = fanotify_init(0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000100)={0x18}, 0x18)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x13f}}, 0xffaf)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x3, 0xfa00, @id_resuseaddr={&(0x7f0000000480)=0x1, r3, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x0, 0x0, @mcast2}, r3}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000300)={0x15, 0x110, 0xfa00, {r3, 0x3, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @local}, @ib={0x1b, 0x8467, 0x7ff, {"f955ba289d65932235ffdf27f7ef6473"}, 0x3, 0x3, 0x5}}}, 0x118)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f00000000c0)=ANY=[@ANYBLOB="92c8cc3f28156578e1c87fc3562b5d97cb"])
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r6, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
syz_kvm_setup_cpu$x86(r7, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000180)="b94f0b00000f32c4e17f2c0e460f22012e0f78b33419000066b8fc000f00d0c4e1fa7edd45780b450f3accec010f01cbf3e193", 0x33}], 0x1, 0x38, &(0x7f0000000200), 0x0)

01:45:57 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:57 executing program 0:

01:45:57 executing program 0:

[ 1859.726018] ip_tables: iptables: counters copy to user failed while replacing table
01:45:57 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:57 executing program 0:

01:45:57 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:58 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:58 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(0xffffffffffffffff)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0)

01:45:58 executing program 0:

01:45:58 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = fanotify_init(0x0, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000100)={0x18}, 0x18)
r4 = fanotify_init(0x0, 0x0)
fcntl$dupfd(r4, 0x0, r4)
r5 = fanotify_init(0x0, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
write$FUSE_NOTIFY_POLL(r6, &(0x7f0000000100)={0x18}, 0x18)
r7 = fanotify_init(0x0, 0x0)
fcntl$dupfd(r7, 0x0, r7)
ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, &(0x7f00000001c0)=ANY=[@ANYRES16, @ANYPTR64=&(0x7f0000000540)=ANY=[@ANYPTR64, @ANYPTR64=&(0x7f0000000500)=ANY=[@ANYPTR64=&(0x7f00000004c0)=ANY=[@ANYRES16, @ANYRES32=r4, @ANYRES64=r6, @ANYPTR64=&(0x7f0000000200)=ANY=[@ANYBLOB="85be198b99e3d9c3aa1d3ddd42d2c50403c7e848a13f1ba6dea166b54aee57e633b8f169a8c0140202c932f57daf5868f6ed234308551c86c4819d50e84b8d03793ba717567138e7f728579f24081ac26255d2f7220b7a3e6579f9bacfc118d87f5bb00a9dae991a9a6abc", @ANYRES16, @ANYRESHEX, @ANYPTR64, @ANYRES64=0x0], @ANYRES64, @ANYRESDEC, @ANYPTR64], @ANYRES64=r5], @ANYBLOB="ff9195b948adb2d8f77ceb47ee112c01ce88a17bcb3ffd4fc044fcae391fabfc139a4a1b689a687b36a3ad01bca548c8e90f0ed817bd44bf58af4ab0977cf1b1518d510ae5fa221cdbcb4c0a05f0459298fd7f98068db0b823666ce6652582c8d7805f009772cbcccc4b06b6cc2c84301bf259ebe84d3dfd73b901ea497539", @ANYRES16=r6, @ANYBLOB="143180be0257370334b7adeccd3c88ffd80378a6b93ab0cdd7edfd7970aed65f747ed218968ecfdb3c142705b20215bbe37515b0aff11b5d5c100565ecefb551714f05ba91ca1478a485e2a07dc94fff52c19469c6daef09236c08fac806ac975390662e0802a90c57f075ab66a88a8a884ff91ff9ccb6505ef7ad7b76f9410d77a4e9d7f52bf0b9752350533c20bad01370d1f56a54eef89bc5396ecbbf1f16e63843dda7bcdf588cd355bc5ff1bfea4f822c9245a4d3bc917eef60443165b8f0ab6d815ecaf1a1e9406d1d4074ec4774028063b068f7b9f352d90b5148b12d2a307058d0bfd427b9b392777c677c", @ANYRES32=0x0, @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRES64, @ANYPTR64, @ANYPTR]], @ANYBLOB="367ff325eda2"])
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r8, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

01:45:58 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:58 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:58 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:58 executing program 0:
perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@ipv4_newaddr={0x18, 0x12}, 0x18}, 0x1, 0xf0ffffff}, 0x0)

[ 1860.640674] ip_tables: iptables: counters copy to user failed while replacing table
01:45:58 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:58 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = open(0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(r2, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000005c40)=[{{&(0x7f0000000380)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)=""/16, 0x10}], 0x1}}, {{&(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0}}, {{&(0x7f0000000e80)=@phonet, 0x80, &(0x7f0000000440)=[{&(0x7f0000000400)=""/36, 0x24}], 0x1}}, {{&(0x7f0000001140)=@alg, 0x80, &(0x7f0000001500)=[{&(0x7f00000012c0)=""/225, 0xe1}, {&(0x7f00000013c0)=""/187, 0xbb}, {&(0x7f0000003880)=""/4096, 0x1000}], 0x3, &(0x7f0000001580)=""/13, 0xd}, 0x100}, {{&(0x7f00000015c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000001740), 0x0, &(0x7f0000001780)=""/64, 0x40}, 0x767}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004c40)=""/4096, 0x1000}}], 0x6, 0x0, 0x0)
fcntl$setpipe(r1, 0x407, 0x0)
pipe(&(0x7f00000004c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
statx(r3, &(0x7f0000000140)='./bus\x00', 0x400, 0x10, &(0x7f0000000880))
fcntl$setpipe(r4, 0x407, 0x0)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x2}, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0)
pipe(0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r5, 0x800)
lseek(r5, 0x0, 0x2)
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000002c0)=""/187, &(0x7f00000001c0)=0xbb)
r6 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r5, r6, 0x0, 0x8400f7fffff8)
syz_genetlink_get_family_id$fou(0x0)
creat(&(0x7f0000000680)='./bus\x00', 0x0)

01:45:58 executing program 2:
syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x2, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="8fcb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x1, 0xf000, 0x1000, &(0x7f0000ffb000/0x1000)=nil})
fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f0000000100))
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:58 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:58 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1861.062576] audit: type=1800 audit(1584323159.133:2050): pid=4243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=17345 res=0
[ 1861.201757] unregister_netdevice: waiting for lo to become free. Usage count = 1
01:45:59 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(0xffffffffffffffff)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0)

01:45:59 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:45:59 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="0204"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:45:59 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:59 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1861.448724] ip_tables: iptables: counters copy to user failed while replacing table
01:45:59 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:45:59 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1861.728715] audit: type=1800 audit(1584323159.787:2051): pid=4250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=17345 res=0
01:45:59 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:46:00 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
open(0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000005c40)=[{{&(0x7f0000000380)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)=""/16, 0x10}], 0x1}}, {{&(0x7f0000000500)=@generic, 0x80, &(0x7f0000000740)=[{&(0x7f0000000580)=""/128, 0x80}, {&(0x7f0000000480)=""/3, 0x3}, {&(0x7f00000006c0)=""/118, 0x76}], 0x3, &(0x7f0000000780)=""/70, 0x46}, 0xfff}, {{&(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0, 0x0, &(0x7f0000000e00)=""/99, 0x63}}, {{&(0x7f0000000e80)=@phonet, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000f00)=""/144, 0x90}], 0x1}, 0xffffff00}, {{&(0x7f0000001000)=@nfc_llcp, 0x80, &(0x7f0000001100)=[{&(0x7f0000001080)=""/120, 0x78}], 0x1}, 0xeab8b72}, {{&(0x7f0000001140)=@alg, 0x80, &(0x7f0000001500)=[{&(0x7f00000011c0)=""/253, 0xfd}, {&(0x7f00000012c0)=""/225, 0xe1}, {&(0x7f00000013c0)=""/187, 0xbb}, {&(0x7f0000003880)=""/4096, 0x1000}], 0x4, &(0x7f0000001580)=""/13, 0xd}, 0x100}, {{&(0x7f0000000400)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000001740)=[{&(0x7f0000001640)=""/250, 0xfa}], 0x1, &(0x7f0000001780)=""/64, 0x40}, 0x766}, {{0x0, 0x0, &(0x7f0000004bc0)=[{&(0x7f0000004880)=""/52, 0x34}, {&(0x7f00000048c0)=""/211, 0xd3}, {&(0x7f00000049c0)=""/124, 0x7c}, {&(0x7f0000004a40)=""/38, 0x26}, {&(0x7f0000004a80)=""/49, 0x31}, {&(0x7f0000004ac0)=""/25, 0x19}, {0x0}], 0x7, &(0x7f0000004c40)=""/4096, 0x1000}}], 0x8, 0x0, 0x0)
fcntl$setpipe(r1, 0x407, 0x0)
pipe(&(0x7f00000004c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
statx(r2, &(0x7f0000000140)='./bus\x00', 0x400, 0x10, &(0x7f0000000880))
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x514}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000854}, 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = creat(&(0x7f0000000680)='./bus\x00', 0x0)
ftruncate(r4, 0x800)
r5 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0)
sendfile(r4, r5, 0x0, 0x8400f7fffff8)

01:46:00 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fanotify_init(0x0, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000100)={0x18}, 0x18)
r5 = fanotify_init(0x0, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
write$FUSE_NOTIFY_POLL(r6, &(0x7f0000000100)={0x18}, 0x18)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

01:46:00 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:46:00 executing program 4:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(0xffffffffffffffff)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0)

01:46:00 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:46:00 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)=ANY=[@ANYBLOB="0000565e7aec7d92d52c9a703931999517ff929a1118"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = fanotify_init(0x0, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000100)={0x18}, 0x18)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r4, 0xc0405519, &(0x7f00000001c0)={0xa, 0x6, 0x400, 0x100, 'syz0\x00', 0x3})
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f00000000c0)=0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 1862.429017] audit: type=1800 audit(1584323160.482:2052): pid=4289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16976 res=0
01:46:00 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:46:00 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1862.642888] ip_tables: iptables: counters copy to user failed while replacing table
01:46:00 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:46:00 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
r3 = fanotify_init(0x0, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000100)={0x18}, 0x18)
ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f00000000c0)=0x6)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:46:00 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1863.038919] audit: type=1800 audit(1584323161.096:2053): pid=4288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16976 res=0
01:46:01 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:46:01 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
unshare(0x44000600)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x38}}, 0x0)

01:46:01 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:46:01 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x18002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xf}, 0x0, 0x0, 0x4000, 0x0, 0x8000002, 0x0, 0xa83}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:46:01 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe0, 0x0)

01:46:01 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:46:01 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

01:46:01 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"])
r2 = fanotify_init(0x0, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000100)={0x18}, 0x18)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
write$fb(r3, &(0x7f0000000180)="28774a1fe7344f56c1b22e087493d45e9cb083ca23b2b85c76fa80fd7082337dc000f5e88c76cc179d296e6b9e404c117569e4767db6379c878c36a15450980cc0d2eb9e6b9b5c9407cbdec87a7bf5f2a5e6f4b91e343636ec183b52af7a3a7e63a8b492ac95babadbe175541658938ef76bcd99cfe395221a2fd6b9d61f2e41139f859b1f071b75922f42aee0b0a95af57d3918fe7c9606c49c83be34", 0x9d)

01:46:01 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r3)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r6, r5)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

[ 1863.636999] ip_tables: iptables: counters copy to user failed while replacing table
01:46:01 executing program 3:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')

01:46:01 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe0, 0x0)

01:46:01 executing program 1:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4)
sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0)
close(r2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup3(r4, r3, 0x0)
r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0)
dup2(r5, r4)
bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0)

[ 1863.932311] ip_tables: iptables: counters copy to user failed while replacing table
01:46:02 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)=ANY=[@ANYBLOB="00003f4b3d871804a4e61a5a12b1b45baa01190fde9c02e83a3f025203ce38c76630c7801ed377b221ae7aeb13c8dd17131af91de0a12dc4c4a578d5f89c781e4996608833a40fc7f5aa9b98b56d0ddbfb67dbd51a652b1f07bb1e56aea1a8419e75928b4315d6f7650aa95a382dd342f70789e32e0e110bc93e0177151f9801c82d7b00"/144])
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

01:46:02 executing program 0:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r0)
r1 = open(&(0x7f0000002000)='./bus\x00', 0xc4042, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
lseek(r2, 0x800002, 0x0)
ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000001c0))
write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="f0b1"], 0x2)
sendfile(r0, r1, 0x0, 0x200fc0)

01:46:02 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1)
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe0, 0x0)

01:46:02 executing program 5:
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10)
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c65300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000