0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 01:45:28 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 01:45:28 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1830.092246] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1830.122207] ip_tables: iptables: counters copy to user failed while replacing table 01:45:28 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:28 executing program 2 (fault-call:9 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1830.566281] FAULT_INJECTION: forcing a failure. [ 1830.566281] name failslab, interval 1, probability 0, space 0, times 0 [ 1830.593981] CPU: 0 PID: 3376 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1830.603138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1830.612522] Call Trace: [ 1830.615152] dump_stack+0x13e/0x194 [ 1830.618903] should_fail.cold+0x10a/0x14b [ 1830.623093] should_failslab+0xd6/0x130 [ 1830.629269] kmem_cache_alloc+0x2b5/0x770 [ 1830.633813] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1830.638947] mmu_topup_memory_caches+0x83/0x300 [ 1830.643840] kvm_mmu_load+0x1e/0xd00 [ 1830.647692] ? vcpu_enter_guest+0x1c94/0x5240 [ 1830.652220] ? __sanitizer_cov_trace_pc+0x23/0x50 [ 1830.659055] vcpu_enter_guest+0x2eb9/0x5240 [ 1830.663419] ? save_trace+0x290/0x290 [ 1830.667248] ? check_preemption_disabled+0x35/0x240 [ 1830.672291] ? emulator_read_emulated+0x40/0x40 [ 1830.677194] ? lock_acquire+0x170/0x3f0 [ 1830.681285] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1830.686286] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1830.691237] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1830.696189] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1830.700974] kvm_vcpu_ioctl+0x3df/0xc70 [ 1830.705027] ? kvm_vcpu_block+0xb70/0xb70 [ 1830.709205] ? trace_hardirqs_on+0x10/0x10 [ 1830.713577] ? retint_kernel+0x2d/0x2d [ 1830.717494] ? retint_kernel+0x2d/0x2d [ 1830.721400] ? save_trace+0x290/0x290 [ 1830.725320] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1830.730901] ? retint_kernel+0x2d/0x2d [ 1830.735097] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1830.740154] ? kvm_vcpu_block+0xb70/0xb70 [ 1830.744345] do_vfs_ioctl+0x75a/0xfe0 [ 1830.748167] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1830.752944] ? check_preemption_disabled+0x35/0x240 [ 1830.757997] ? ioctl_preallocate+0x1a0/0x1a0 [ 1830.762446] ? security_file_ioctl+0x76/0xb0 [ 1830.766905] ? security_file_ioctl+0x83/0xb0 [ 1830.771349] SyS_ioctl+0x7f/0xb0 [ 1830.774740] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1830.778749] do_syscall_64+0x1d5/0x640 [ 1830.782665] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1830.787881] RIP: 0033:0x45c849 [ 1830.791640] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1830.799629] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1830.806921] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1830.814220] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1830.821509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1830.828832] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000000 [ 1830.863857] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1830.885265] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1830.938778] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1830.948304] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1830.967626] device bridge_slave_1 left promiscuous mode [ 1830.977870] bridge0: port 2(bridge_slave_1) entered disabled state [ 1831.028716] device bridge_slave_0 left promiscuous mode [ 1831.037883] bridge0: port 1(bridge_slave_0) entered disabled state [ 1831.094878] device veth1_macvtap left promiscuous mode [ 1831.100318] device veth0_macvtap left promiscuous mode [ 1831.105884] device veth1_vlan left promiscuous mode [ 1831.111073] device veth0_vlan left promiscuous mode [ 1831.258016] device hsr_slave_1 left promiscuous mode [ 1831.318594] device hsr_slave_0 left promiscuous mode [ 1831.376157] team0 (unregistering): Port device team_slave_1 removed [ 1831.387967] team0 (unregistering): Port device team_slave_0 removed [ 1831.401238] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1831.429131] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1831.496239] bond0 (unregistering): Released all slaves [ 1833.331419] IPVS: ftp: loaded support on port[0] = 21 [ 1834.160573] chnl_net:caif_netlink_parms(): no params data found [ 1834.236372] bridge0: port 1(bridge_slave_0) entered blocking state [ 1834.243580] bridge0: port 1(bridge_slave_0) entered disabled state [ 1834.254160] device bridge_slave_0 entered promiscuous mode [ 1834.262159] bridge0: port 2(bridge_slave_1) entered blocking state [ 1834.269252] bridge0: port 2(bridge_slave_1) entered disabled state [ 1834.279454] device bridge_slave_1 entered promiscuous mode [ 1834.304704] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1834.315493] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1834.340190] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1834.347933] team0: Port device team_slave_0 added [ 1834.354681] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1834.362858] team0: Port device team_slave_1 added [ 1834.385877] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1834.392240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1834.418276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1834.430713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1834.437581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1834.463381] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1834.477959] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1834.486572] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1834.555858] device hsr_slave_0 entered promiscuous mode [ 1834.601533] device hsr_slave_1 entered promiscuous mode [ 1834.642697] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1834.650685] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1834.751364] bridge0: port 2(bridge_slave_1) entered blocking state [ 1834.758863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1834.765607] bridge0: port 1(bridge_slave_0) entered blocking state [ 1834.772140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1834.823976] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1834.830116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1834.840915] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1834.852649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1834.860197] bridge0: port 1(bridge_slave_0) entered disabled state [ 1834.867572] bridge0: port 2(bridge_slave_1) entered disabled state [ 1834.880863] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1834.887264] 8021q: adding VLAN 0 to HW filter on device team0 [ 1834.899112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1834.906933] bridge0: port 1(bridge_slave_0) entered blocking state [ 1834.913516] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1834.925727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1834.934651] bridge0: port 2(bridge_slave_1) entered blocking state [ 1834.941848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1834.964688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1834.974421] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1834.986224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1835.006708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1835.015399] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1835.031871] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1835.039141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1835.060652] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1835.069203] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1835.077989] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1835.092798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1835.156009] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1835.179774] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1835.191413] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 1835.199139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1835.207802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1835.249371] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1835.258484] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1835.265618] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1835.277751] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 1835.284683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1835.293134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1835.301966] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1835.309455] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1835.320290] device veth0_vlan entered promiscuous mode [ 1835.333894] device veth1_vlan entered promiscuous mode [ 1835.341963] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1835.354032] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1835.371481] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1835.383509] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 1835.392055] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1835.400196] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1835.407561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1835.415706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1835.427248] device veth0_macvtap entered promiscuous mode [ 1835.434128] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1835.445674] device veth1_macvtap entered promiscuous mode [ 1835.452594] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 1835.463857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1835.474562] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1835.486330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1835.496664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.506197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1835.516463] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.525703] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1835.535541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.544808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1835.554929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.564279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1835.574125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.583333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1835.593266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.605034] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 1835.615059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.626129] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 1835.633842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1835.659049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1835.669093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.678465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1835.688349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.697797] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1835.707577] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.716987] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1835.726985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.736402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1835.746249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.755795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1835.766034] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.775939] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1835.785902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.795564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 1835.805838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1835.817796] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 1835.825367] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1835.832987] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1835.840525] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1835.848939] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1835.858239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1835.867484] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1835.876132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 01:45:35 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) dup2(r0, r1) mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0) 01:45:35 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:35 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:35 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:35 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = getpid() rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f00000000c0)) ptrace(0x10, r4) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000000)) ptrace$setregs(0xf, r4, 0x0, &(0x7f00000002c0)="6ffecad8b1") write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:35 executing program 2 (fault-call:9 fault-nth:1): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:35 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1837.403543] ip_tables: iptables: counters copy to user failed while replacing table [ 1837.497597] FAULT_INJECTION: forcing a failure. [ 1837.497597] name failslab, interval 1, probability 0, space 0, times 0 01:45:35 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1837.587514] CPU: 1 PID: 3445 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1837.595529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1837.605155] Call Trace: [ 1837.607763] dump_stack+0x13e/0x194 [ 1837.611418] should_fail.cold+0x10a/0x14b [ 1837.615784] should_failslab+0xd6/0x130 [ 1837.619804] kmem_cache_alloc+0x2b5/0x770 [ 1837.623990] ? retint_kernel+0x2d/0x2d [ 1837.628042] mmu_topup_memory_caches+0x83/0x300 [ 1837.632745] kvm_mmu_load+0x1e/0xd00 [ 1837.636631] ? vmx_inject_nmi+0xb0/0x1e0 [ 1837.640876] ? vmx_inject_nmi+0x125/0x1e0 [ 1837.645066] vcpu_enter_guest+0x2eb9/0x5240 [ 1837.649594] ? emulator_read_emulated+0x40/0x40 [ 1837.655716] ? lock_acquire+0x170/0x3f0 [ 1837.659914] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1837.665680] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1837.670730] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1837.676224] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1837.681892] kvm_vcpu_ioctl+0x3df/0xc70 01:45:35 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1837.686696] ? kvm_vcpu_block+0xb70/0xb70 [ 1837.690869] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1837.695851] ? check_preemption_disabled+0x35/0x240 [ 1837.700975] ? retint_kernel+0x2d/0x2d [ 1837.704983] ? kvm_vcpu_block+0xb70/0xb70 [ 1837.709201] ? kvm_vcpu_block+0xb70/0xb70 [ 1837.713346] do_vfs_ioctl+0x75a/0xfe0 [ 1837.717145] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1837.721887] ? ioctl_preallocate+0x1a0/0x1a0 [ 1837.726292] ? security_file_ioctl+0x76/0xb0 [ 1837.730895] ? security_file_ioctl+0x83/0xb0 [ 1837.735484] SyS_ioctl+0x7f/0xb0 [ 1837.738838] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1837.742823] do_syscall_64+0x1d5/0x640 [ 1837.746898] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1837.753305] RIP: 0033:0x45c849 [ 1837.756631] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1837.764627] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1837.772683] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1837.779959] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 01:45:36 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:36 executing program 2 (fault-call:9 fault-nth:2): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1837.787365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1837.794629] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000001 01:45:36 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002900)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40000103, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00') preadv(r4, &(0x7f00000017c0), 0x1a0, 0xf0ffff) 01:45:36 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1837.964991] FAULT_INJECTION: forcing a failure. [ 1837.964991] name failslab, interval 1, probability 0, space 0, times 0 [ 1838.066255] CPU: 1 PID: 3461 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1838.074123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1838.083540] Call Trace: [ 1838.086163] dump_stack+0x13e/0x194 [ 1838.089832] should_fail.cold+0x10a/0x14b [ 1838.094016] should_failslab+0xd6/0x130 [ 1838.098015] kmem_cache_alloc+0x2b5/0x770 [ 1838.102556] mmu_topup_memory_caches+0x83/0x300 [ 1838.109357] kvm_mmu_load+0x1e/0xd00 [ 1838.113826] ? vmx_inject_nmi+0xb0/0x1e0 [ 1838.117927] ? vmx_inject_nmi+0x125/0x1e0 [ 1838.122559] vcpu_enter_guest+0x2eb9/0x5240 [ 1838.128028] ? save_trace+0x290/0x290 [ 1838.132044] ? retint_kernel+0x2d/0x2d [ 1838.135979] ? emulator_read_emulated+0x40/0x40 [ 1838.140789] ? lock_acquire+0x170/0x3f0 [ 1838.144826] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1838.149841] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1838.154965] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1838.160121] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1838.165946] kvm_vcpu_ioctl+0x3df/0xc70 [ 1838.170134] ? retint_kernel+0x2d/0x2d [ 1838.174145] ? kvm_vcpu_block+0xb70/0xb70 [ 1838.178333] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1838.183399] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1838.188275] ? check_preemption_disabled+0x35/0x240 [ 1838.193351] ? retint_kernel+0x2d/0x2d [ 1838.197276] ? __fget+0x201/0x360 [ 1838.200764] ? kvm_vcpu_block+0xb70/0xb70 [ 1838.205029] do_vfs_ioctl+0x75a/0xfe0 [ 1838.208848] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1838.213626] ? ioctl_preallocate+0x1a0/0x1a0 [ 1838.218069] ? security_file_ioctl+0x76/0xb0 [ 1838.222478] ? security_file_ioctl+0x83/0xb0 [ 1838.226888] SyS_ioctl+0x7f/0xb0 [ 1838.230257] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1838.234236] do_syscall_64+0x1d5/0x640 [ 1838.238129] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1838.243487] RIP: 0033:0x45c849 [ 1838.246672] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1838.254381] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 01:45:36 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = getpid() rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f00000000c0)) ptrace(0x10, r4) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000000)) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:36 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1838.261749] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1838.269291] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1838.277079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1838.284363] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000002 01:45:36 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:36 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) dup2(0xffffffffffffffff, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:36 executing program 2 (fault-call:9 fault-nth:3): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:36 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1838.601143] FAULT_INJECTION: forcing a failure. [ 1838.601143] name failslab, interval 1, probability 0, space 0, times 0 [ 1838.603309] ip_tables: iptables: counters copy to user failed while replacing table [ 1838.613945] CPU: 1 PID: 3482 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1838.629317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1838.638701] Call Trace: [ 1838.641344] dump_stack+0x13e/0x194 [ 1838.644994] should_fail.cold+0x10a/0x14b [ 1838.649155] should_failslab+0xd6/0x130 [ 1838.653138] kmem_cache_alloc+0x2b5/0x770 [ 1838.657317] mmu_topup_memory_caches+0x83/0x300 [ 1838.662013] kvm_mmu_load+0x1e/0xd00 [ 1838.665742] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1838.670604] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1838.675379] ? vcpu_enter_guest+0x3813/0x5240 [ 1838.679912] vcpu_enter_guest+0x2eb9/0x5240 [ 1838.684281] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1838.689327] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1838.694114] ? emulator_read_emulated+0x40/0x40 [ 1838.698806] ? lock_acquire+0x170/0x3f0 [ 1838.702816] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1838.707776] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1838.712733] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1838.717708] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1838.722854] kvm_vcpu_ioctl+0x3df/0xc70 [ 1838.726980] ? kvm_vcpu_block+0xb70/0xb70 [ 1838.731166] ? trace_hardirqs_on+0x10/0x10 [ 1838.735538] ? mark_held_locks+0xa6/0xf0 [ 1838.739792] ? save_trace+0x290/0x290 [ 1838.743614] ? SyS_write+0x1b7/0x210 [ 1838.747490] ? kvm_vcpu_block+0xb70/0xb70 [ 1838.752642] do_vfs_ioctl+0x75a/0xfe0 [ 1838.756673] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1838.761453] ? ioctl_preallocate+0x1a0/0x1a0 [ 1838.765890] ? security_file_ioctl+0x76/0xb0 [ 1838.770310] ? security_file_ioctl+0x83/0xb0 [ 1838.774734] SyS_ioctl+0x7f/0xb0 [ 1838.778090] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1838.782098] do_syscall_64+0x1d5/0x640 [ 1838.785981] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1838.791853] RIP: 0033:0x45c849 01:45:37 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:37 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) dup2(0xffffffffffffffff, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1838.795033] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1838.802733] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1838.810079] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1838.817356] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1838.824615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1838.831875] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000003 01:45:37 executing program 2 (fault-call:9 fault-nth:4): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:37 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002900)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40000103, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00') preadv(r2, &(0x7f00000017c0), 0x1a0, 0xf0ffff) 01:45:37 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) dup2(0xffffffffffffffff, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1839.047181] FAULT_INJECTION: forcing a failure. [ 1839.047181] name failslab, interval 1, probability 0, space 0, times 0 [ 1839.060621] CPU: 0 PID: 3496 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1839.068437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1839.077807] Call Trace: [ 1839.080430] dump_stack+0x13e/0x194 [ 1839.084099] should_fail.cold+0x10a/0x14b [ 1839.088286] should_failslab+0xd6/0x130 [ 1839.092274] kmem_cache_alloc+0x2b5/0x770 [ 1839.096460] mmu_topup_memory_caches+0x83/0x300 [ 1839.101158] kvm_mmu_load+0x1e/0xd00 [ 1839.105536] ? vcpu_enter_guest+0x2eb1/0x5240 [ 1839.110075] vcpu_enter_guest+0x2eb9/0x5240 [ 1839.114432] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1839.119228] ? check_preemption_disabled+0x35/0x240 [ 1839.126706] ? emulator_read_emulated+0x40/0x40 [ 1839.131400] ? lock_acquire+0x170/0x3f0 [ 1839.135394] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1839.140352] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1839.145283] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1839.150214] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1839.154963] kvm_vcpu_ioctl+0x3df/0xc70 [ 1839.158937] ? kvm_vcpu_block+0xb70/0xb70 [ 1839.163106] ? trace_hardirqs_on+0x10/0x10 [ 1839.167358] ? __lock_is_held+0xad/0x140 [ 1839.171439] ? save_trace+0x290/0x290 [ 1839.175443] ? SyS_write+0x1b7/0x210 [ 1839.179160] ? retint_kernel+0x2d/0x2d [ 1839.183055] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1839.188194] ? kvm_vcpu_block+0xb70/0xb70 [ 1839.192462] do_vfs_ioctl+0x75a/0xfe0 [ 1839.196289] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1839.201052] ? check_preemption_disabled+0x35/0x240 [ 1839.206081] ? ioctl_preallocate+0x1a0/0x1a0 [ 1839.210533] ? security_file_ioctl+0x76/0xb0 [ 1839.215553] ? security_file_ioctl+0x83/0xb0 [ 1839.219971] SyS_ioctl+0x7f/0xb0 [ 1839.223342] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1839.227372] do_syscall_64+0x1d5/0x640 [ 1839.231284] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1839.236483] RIP: 0033:0x45c849 [ 1839.239670] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 01:45:37 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1839.247417] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1839.254705] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1839.261987] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1839.269267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1839.277233] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000004 01:45:37 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = getpid() rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f00000000c0)) ptrace(0x10, r4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:37 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:37 executing program 2 (fault-call:9 fault-nth:5): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:37 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$binfmt_misc(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0200ffff070000000000f28600cd1c32ffcd3b3342e0ca1692802ce39d7e98c9f17db7f95b52dcf519f0d879fec9e8db94bca06420804295f9e74e239d730473f47bfa47e1de324626b2ea6cdcda905e139435698a046109910d040000000000000062fd70a4d1e82df3c48aff8e7a898c24b4b83d89509453782d04c2c5161fd3a69dcfeb0e0000000000008fb8992446cf59137af5b43dce7b01d25c14cb61c43f8774b7b66006d0f9165fd232f177b7ecd6eab562a89cfff73acabbaf6d2ef9c49c7d6312b58ee691532cd8710cf727756fc4b4c298a3c929ca08b6786f92c2880961e52306b4073f265fca83a328dbb595bdfade394484c3c81c828fc8aa142fb65b063eb3d6c4b15a672e02000000dc2f095c63dfb8080000007af4425a68aa1bb58cf2645ff50932502b306d327c791ea26299cc0900f024c8e512ec26f9c7f6ea5783cc6698447a9c955f2f4fd4f7e5dbd355c057457ebcb4f8a2a0a838b4cba4d9d18a87f15d3c1c4e7e5c2b2fce99354eff944755c49d779f1151af00130f4107f4651632b5606399a576c16233f329a52edc65f5b92a98f799c209d3338a7ff56b080d4b5a49fc46b883d8b0ebf062fa6e360fb169e21c9ff5b651ca8d55ca1c541d80d093a3ba1259724e90e172441bc6729db05a68480c287df98713465e3618f51616f72c92bf5188ae67b88ea84bed0f853aef59211a086e9edcd7b16dece1a0ac5cd3c7cd12d30e2ecc53357d065221c7bb9a180a65004f26bd29f62217decbd63850c5bcd47f99cf8fe0"], 0xd) [ 1839.580211] ip_tables: iptables: counters copy to user failed while replacing table 01:45:37 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) dup2(0xffffffffffffffff, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1839.638449] FAULT_INJECTION: forcing a failure. [ 1839.638449] name failslab, interval 1, probability 0, space 0, times 0 01:45:37 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1839.693941] CPU: 0 PID: 3514 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1839.701925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1839.711302] Call Trace: [ 1839.713936] dump_stack+0x13e/0x194 [ 1839.717596] should_fail.cold+0x10a/0x14b [ 1839.721775] should_failslab+0xd6/0x130 [ 1839.725780] kmem_cache_alloc+0x2b5/0x770 [ 1839.729955] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1839.734769] mmu_topup_memory_caches+0x83/0x300 [ 1839.739470] kvm_mmu_load+0x1e/0xd00 01:45:38 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1839.743214] ? vmx_inject_nmi+0xb0/0x1e0 [ 1839.747302] ? vmx_inject_nmi+0x133/0x1e0 [ 1839.751473] vcpu_enter_guest+0x2eb9/0x5240 [ 1839.755926] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1839.760940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1839.765707] ? emulator_read_emulated+0x40/0x40 [ 1839.770688] ? lock_acquire+0x170/0x3f0 [ 1839.774706] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1839.779678] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1839.784624] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1839.789565] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1839.794449] kvm_vcpu_ioctl+0x3df/0xc70 [ 1839.798458] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1839.803526] ? kvm_vcpu_block+0xb70/0xb70 [ 1839.807748] ? check_preemption_disabled+0x35/0x240 [ 1839.812816] ? retint_kernel+0x2d/0x2d [ 1839.816749] ? selinux_file_ioctl+0x19a/0x560 [ 1839.821267] ? selinux_file_ioctl+0x1ca/0x560 [ 1839.825749] ? kvm_vcpu_block+0xb70/0xb70 [ 1839.829901] do_vfs_ioctl+0x75a/0xfe0 [ 1839.833711] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1839.838497] ? ioctl_preallocate+0x1a0/0x1a0 [ 1839.843056] ? security_file_ioctl+0x76/0xb0 [ 1839.847480] ? security_file_ioctl+0x83/0xb0 [ 1839.852015] SyS_ioctl+0x7f/0xb0 [ 1839.855422] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1839.859620] do_syscall_64+0x1d5/0x640 [ 1839.863666] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1839.868856] RIP: 0033:0x45c849 [ 1839.872031] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1839.880703] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1839.888088] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1839.895352] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1839.902609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1839.909875] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000005 01:45:38 executing program 2 (fault-call:9 fault-nth:6): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:38 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/nf_conntrack_expect\x00') preadv(r0, &(0x7f00000017c0), 0x1b4, 0x0) [ 1840.211892] FAULT_INJECTION: forcing a failure. [ 1840.211892] name failslab, interval 1, probability 0, space 0, times 0 01:45:38 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:38 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = getpid() rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f00000000c0)) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1840.361513] CPU: 1 PID: 3537 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1840.369848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1840.379324] Call Trace: [ 1840.381939] dump_stack+0x13e/0x194 [ 1840.385832] should_fail.cold+0x10a/0x14b [ 1840.390030] should_failslab+0xd6/0x130 [ 1840.394032] kmem_cache_alloc+0x2b5/0x770 [ 1840.404385] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1840.409432] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1840.414324] mmu_topup_memory_caches+0x83/0x300 [ 1840.419020] ? retint_kernel+0x2d/0x2d [ 1840.422940] kvm_mmu_load+0x1e/0xd00 [ 1840.426688] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1840.431597] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1840.436397] ? vcpu_enter_guest+0x422/0x5240 [ 1840.440970] vcpu_enter_guest+0x2eb9/0x5240 [ 1840.445465] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1840.450527] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1840.455318] ? emulator_read_emulated+0x40/0x40 [ 1840.460034] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1840.464995] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1840.469872] kvm_vcpu_ioctl+0x3df/0xc70 [ 1840.473867] ? kvm_vcpu_block+0xb70/0xb70 [ 1840.478033] ? trace_hardirqs_on+0x10/0x10 [ 1840.482424] ? mark_held_locks+0xa6/0xf0 [ 1840.486534] ? save_trace+0x290/0x290 [ 1840.490374] ? SyS_write+0x1b7/0x210 [ 1840.494287] ? kvm_vcpu_block+0xb70/0xb70 [ 1840.503936] do_vfs_ioctl+0x75a/0xfe0 01:45:38 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1840.507786] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1840.512576] ? ioctl_preallocate+0x1a0/0x1a0 [ 1840.517033] ? security_file_ioctl+0x76/0xb0 [ 1840.521492] ? security_file_ioctl+0x83/0xb0 [ 1840.525926] SyS_ioctl+0x7f/0xb0 [ 1840.529542] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1840.533703] do_syscall_64+0x1d5/0x640 [ 1840.537612] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1840.542803] RIP: 0033:0x45c849 [ 1840.545981] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1840.554407] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 01:45:38 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) dup2(0xffffffffffffffff, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:38 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) dup2(0xffffffffffffffff, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x40000000011, r3, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x196, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1840.562028] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1840.569296] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1840.576596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1840.583866] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000006 [ 1840.591795] ip_tables: iptables: counters copy to user failed while replacing table 01:45:38 executing program 2 (fault-call:9 fault-nth:7): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:39 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) dup2(0xffffffffffffffff, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1840.967846] FAULT_INJECTION: forcing a failure. [ 1840.967846] name failslab, interval 1, probability 0, space 0, times 0 [ 1841.016790] CPU: 0 PID: 3564 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1841.024763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1841.034150] Call Trace: [ 1841.036776] dump_stack+0x13e/0x194 [ 1841.040427] should_fail.cold+0x10a/0x14b [ 1841.044711] should_failslab+0xd6/0x130 [ 1841.048712] kmem_cache_alloc+0x2b5/0x770 [ 1841.052886] ? check_preemption_disabled+0x35/0x240 [ 1841.057934] mmu_topup_memory_caches+0x83/0x300 [ 1841.062647] kvm_mmu_load+0x1e/0xd00 [ 1841.066389] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1841.071261] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1841.076161] ? vmx_get_nmi_mask+0x29/0xa0 [ 1841.080323] vcpu_enter_guest+0x2eb9/0x5240 [ 1841.084657] ? retint_kernel+0x2d/0x2d [ 1841.088574] ? emulator_read_emulated+0x40/0x40 [ 1841.093276] ? lock_acquire+0x1ec/0x3f0 [ 1841.097274] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1841.102223] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1841.107172] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1841.111944] kvm_vcpu_ioctl+0x3df/0xc70 01:45:39 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e0000001c008105e00f80ecdb4cb9f207a07e4f1e00000002006cfb0a000200b683d29fb4dc49e96c0742105032", 0x2e}], 0x1}, 0x0) [ 1841.116659] ? kvm_vcpu_block+0xb70/0xb70 [ 1841.120828] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1841.125608] ? check_preemption_disabled+0x35/0x240 [ 1841.130628] ? retint_kernel+0x2d/0x2d [ 1841.134642] ? do_vfs_ioctl+0x76/0xfe0 [ 1841.138567] ? kvm_vcpu_block+0xb70/0xb70 [ 1841.142728] do_vfs_ioctl+0x75a/0xfe0 [ 1841.146642] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1841.151414] ? ioctl_preallocate+0x1a0/0x1a0 [ 1841.155858] ? security_file_ioctl+0x76/0xb0 [ 1841.160272] ? security_file_ioctl+0x83/0xb0 [ 1841.164674] SyS_ioctl+0x7f/0xb0 [ 1841.168044] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1841.172012] do_syscall_64+0x1d5/0x640 [ 1841.175912] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1841.181255] RIP: 0033:0x45c849 [ 1841.184450] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1841.192261] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1841.199558] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1841.206844] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 01:45:39 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) dup2(0xffffffffffffffff, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:39 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r4, 0xffffffffffffffff) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1841.214407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1841.222073] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000007 01:45:39 executing program 2 (fault-call:9 fault-nth:8): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:39 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getpid() write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1841.342112] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. 01:45:39 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x1) dup2(r1, r0) 01:45:39 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r4, 0xffffffffffffffff) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1841.597807] ip_tables: iptables: counters copy to user failed while replacing table [ 1841.622315] FAULT_INJECTION: forcing a failure. [ 1841.622315] name failslab, interval 1, probability 0, space 0, times 0 [ 1841.644404] CPU: 1 PID: 3584 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1841.652371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1841.661743] Call Trace: [ 1841.664383] dump_stack+0x13e/0x194 [ 1841.668060] should_fail.cold+0x10a/0x14b [ 1841.672271] should_failslab+0xd6/0x130 [ 1841.676278] kmem_cache_alloc+0x2b5/0x770 [ 1841.680456] ? retint_kernel+0x2d/0x2d [ 1841.684375] mmu_topup_memory_caches+0x83/0x300 [ 1841.689082] ? vmx_get_nmi_mask.part.0+0x6e/0xf0 [ 1841.694221] kvm_mmu_load+0x1e/0xd00 [ 1841.697966] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1841.702836] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1841.707623] ? vmx_get_nmi_mask+0x29/0xa0 [ 1841.711806] vcpu_enter_guest+0x2eb9/0x5240 [ 1841.716173] ? save_trace+0x290/0x290 [ 1841.719999] ? check_preemption_disabled+0x35/0x240 [ 1841.725067] ? emulator_read_emulated+0x40/0x40 [ 1841.729763] ? lock_acquire+0x170/0x3f0 [ 1841.733818] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1841.738781] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1841.743736] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1841.748687] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1841.753484] kvm_vcpu_ioctl+0x3df/0xc70 [ 1841.757500] ? kvm_vcpu_block+0xb70/0xb70 [ 1841.761781] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1841.766598] ? check_preemption_disabled+0x35/0x240 [ 1841.771651] ? retint_kernel+0x2d/0x2d [ 1841.775587] ? do_vfs_ioctl+0x76/0xfe0 [ 1841.779529] ? kvm_vcpu_block+0xb70/0xb70 [ 1841.783687] do_vfs_ioctl+0x75a/0xfe0 [ 1841.787499] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1841.792263] ? ioctl_preallocate+0x1a0/0x1a0 01:45:39 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:39 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) dup2(0xffffffffffffffff, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:40 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r4, 0xffffffffffffffff) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1841.796707] ? security_file_ioctl+0x76/0xb0 [ 1841.801129] ? security_file_ioctl+0x83/0xb0 [ 1841.805704] SyS_ioctl+0x7f/0xb0 [ 1841.809456] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1841.813466] do_syscall_64+0x1d5/0x640 [ 1841.817379] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1841.822582] RIP: 0033:0x45c849 [ 1841.825924] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1841.833722] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1841.841441] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1841.848955] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1841.857116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1841.865449] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000008 01:45:40 executing program 2 (fault-call:9 fault-nth:9): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:40 executing program 0: mmap(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x3, 0x8972, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mremap(&(0x7f0000a94000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000a90000/0x4000)=nil) ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, &(0x7f0000b1d000)={&(0x7f0000a92000/0x3000)=nil, 0x20000003, 0x0, 0x0, &(0x7f0000a90000/0x2000)=nil}) mprotect(&(0x7f0000b1d000/0x2000)=nil, 0x2000, 0x5) vmsplice(r0, &(0x7f0000b1d000)=[{0x0}], 0x1, 0x0) [ 1842.120527] FAULT_INJECTION: forcing a failure. [ 1842.120527] name failslab, interval 1, probability 0, space 0, times 0 01:45:40 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:40 executing program 0: getpid() recvmmsg(0xffffffffffffffff, &(0x7f0000002900)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40000103, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00') preadv(r0, &(0x7f00000017c0), 0x1a0, 0xf0ffff) [ 1842.271176] CPU: 0 PID: 3608 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1842.279049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1842.288428] Call Trace: [ 1842.291047] dump_stack+0x13e/0x194 [ 1842.294703] should_fail.cold+0x10a/0x14b [ 1842.298880] should_failslab+0xd6/0x130 [ 1842.302883] kmem_cache_alloc+0x2b5/0x770 [ 1842.307068] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1842.311856] mmu_topup_memory_caches+0x83/0x300 [ 1842.316589] kvm_mmu_load+0x1e/0xd00 01:45:40 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1842.320364] ? vmx_inject_nmi+0xc/0x1e0 [ 1842.324976] ? vmx_inject_nmi+0x24/0x1e0 [ 1842.329064] vcpu_enter_guest+0x2eb9/0x5240 [ 1842.333409] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1842.338242] ? check_preemption_disabled+0x35/0x240 [ 1842.343907] ? emulator_read_emulated+0x40/0x40 [ 1842.348614] ? lock_acquire+0x170/0x3f0 [ 1842.352609] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1842.357601] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1842.363499] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1842.368449] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1842.373217] kvm_vcpu_ioctl+0x3df/0xc70 [ 1842.377192] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1842.382360] ? kvm_vcpu_block+0xb70/0xb70 [ 1842.387207] ? check_preemption_disabled+0x35/0x240 [ 1842.392239] ? retint_kernel+0x2d/0x2d [ 1842.396161] ? selinux_file_ioctl+0x2b8/0x560 [ 1842.400739] ? kvm_vcpu_block+0xb70/0xb70 [ 1842.405150] do_vfs_ioctl+0x75a/0xfe0 [ 1842.409686] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1842.414461] ? ioctl_preallocate+0x1a0/0x1a0 [ 1842.418899] ? check_preemption_disabled+0x35/0x240 [ 1842.424003] ? swapgs_restore_regs_and_return_to_usermode+0x6/0x40 [ 1842.430904] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1842.435407] ? security_file_ioctl+0x76/0xb0 [ 1842.440214] ? security_file_ioctl+0x83/0xb0 [ 1842.444636] SyS_ioctl+0x7f/0xb0 [ 1842.448001] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1842.452111] do_syscall_64+0x1d5/0x640 [ 1842.456363] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1842.461578] RIP: 0033:0x45c849 [ 1842.464765] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 01:45:40 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:40 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1842.472668] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1842.479933] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1842.487702] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1842.495112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1842.502494] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000009 01:45:40 executing program 2 (fault-call:9 fault-nth:10): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:40 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1842.752683] FAULT_INJECTION: forcing a failure. [ 1842.752683] name failslab, interval 1, probability 0, space 0, times 0 [ 1842.766865] ip_tables: iptables: counters copy to user failed while replacing table [ 1842.775264] CPU: 1 PID: 3628 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1842.789529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1842.798995] Call Trace: [ 1842.801622] dump_stack+0x13e/0x194 [ 1842.805277] should_fail.cold+0x10a/0x14b [ 1842.809457] should_failslab+0xd6/0x130 [ 1842.813456] kmem_cache_alloc+0x2b5/0x770 [ 1842.817617] ? retint_kernel+0x2d/0x2d [ 1842.821513] mmu_topup_memory_caches+0x83/0x300 [ 1842.826216] kvm_mmu_load+0x1e/0xd00 [ 1842.829963] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1842.834995] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1842.841783] ? vcpu_enter_guest+0x3c2/0x5240 [ 1842.846224] vcpu_enter_guest+0x2eb9/0x5240 [ 1842.855112] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1842.860167] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1842.864945] ? emulator_read_emulated+0x40/0x40 [ 1842.869634] ? lock_acquire+0x170/0x3f0 [ 1842.873803] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1842.878779] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1842.883754] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1842.888703] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1842.893489] kvm_vcpu_ioctl+0x3df/0xc70 [ 1842.897604] ? kvm_vcpu_block+0xb70/0xb70 01:45:41 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:41 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:41 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/fib_trie\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x3da, 0x0) [ 1842.901764] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1842.906663] ? check_preemption_disabled+0x35/0x240 [ 1842.911925] ? retint_kernel+0x2d/0x2d [ 1842.916555] ? kvm_vcpu_block+0xb70/0xb70 [ 1842.920737] ? kvm_vcpu_block+0xb70/0xb70 [ 1842.925693] do_vfs_ioctl+0x75a/0xfe0 [ 1842.929514] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1842.934305] ? ioctl_preallocate+0x1a0/0x1a0 [ 1842.938839] ? security_file_ioctl+0x76/0xb0 [ 1842.943394] ? security_file_ioctl+0x83/0xb0 [ 1842.947831] SyS_ioctl+0x7f/0xb0 [ 1842.951194] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1842.955349] do_syscall_64+0x1d5/0x640 [ 1842.959242] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1842.964567] RIP: 0033:0x45c849 [ 1842.967748] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1842.976093] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1842.983362] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1842.990632] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1842.997918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1843.005184] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000a 01:45:41 executing program 2 (fault-call:9 fault-nth:11): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:41 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000002900)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x40000103, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00') preadv(r4, &(0x7f00000017c0), 0x1a0, 0xf0ffff) 01:45:41 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:41 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1843.390558] FAULT_INJECTION: forcing a failure. [ 1843.390558] name failslab, interval 1, probability 0, space 0, times 0 [ 1843.456386] CPU: 1 PID: 3644 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1843.465236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1843.474607] Call Trace: [ 1843.477214] dump_stack+0x13e/0x194 [ 1843.480867] should_fail.cold+0x10a/0x14b [ 1843.485050] should_failslab+0xd6/0x130 [ 1843.489039] kmem_cache_alloc+0x2b5/0x770 [ 1843.493194] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1843.497979] mmu_topup_memory_caches+0x83/0x300 [ 1843.502686] kvm_mmu_load+0x1e/0xd00 [ 1843.506452] ? kvm_cpu_has_injectable_intr+0x113/0x180 [ 1843.511901] ? __sanitizer_cov_trace_pc+0x4a/0x50 [ 1843.516771] vcpu_enter_guest+0x2eb9/0x5240 [ 1843.522149] ? save_trace+0x290/0x290 [ 1843.526396] ? check_preemption_disabled+0x35/0x240 [ 1843.531625] ? emulator_read_emulated+0x40/0x40 [ 1843.536320] ? lock_acquire+0x170/0x3f0 [ 1843.540308] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1843.545250] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1843.550188] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1843.555135] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1843.559912] kvm_vcpu_ioctl+0x3df/0xc70 [ 1843.564678] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1843.569706] ? kvm_vcpu_block+0xb70/0xb70 [ 1843.573872] ? check_preemption_disabled+0x35/0x240 [ 1843.578926] ? retint_kernel+0x2d/0x2d [ 1843.582845] ? selinux_file_ioctl+0x2d0/0x560 [ 1843.587364] ? kvm_vcpu_block+0xb70/0xb70 [ 1843.591541] do_vfs_ioctl+0x75a/0xfe0 [ 1843.595360] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1843.600141] ? ioctl_preallocate+0x1a0/0x1a0 [ 1843.605698] ? security_file_ioctl+0x76/0xb0 [ 1843.610118] ? security_file_ioctl+0x83/0xb0 [ 1843.614531] SyS_ioctl+0x7f/0xb0 [ 1843.618288] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1843.622256] do_syscall_64+0x1d5/0x640 [ 1843.626158] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1843.631444] RIP: 0033:0x45c849 [ 1843.634625] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1843.642468] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1843.649752] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1843.657151] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1843.664448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1843.671758] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000b 01:45:42 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r4, 0xffffffffffffffff) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:42 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r4, 0xffffffffffffffff) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:42 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:42 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:42 executing program 2 (fault-call:9 fault-nth:12): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1844.064319] ip_tables: iptables: counters copy to user failed while replacing table 01:45:42 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r4, 0xffffffffffffffff) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:42 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1844.164757] FAULT_INJECTION: forcing a failure. [ 1844.164757] name failslab, interval 1, probability 0, space 0, times 0 01:45:42 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) getrlimit(0x1, &(0x7f0000000100)) mkdir(0x0, 0x0) io_setup(0x2, 0x0) creat(0x0, 0x0) io_setup(0x8, &(0x7f0000000240)=0x0) io_submit(r4, 0x0, &(0x7f0000000100)) io_setup(0x0, &(0x7f00000004c0)) io_submit(0x0, 0x0, &(0x7f0000000440)) creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x2, 0x0) r5 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r6 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x1) r7 = dup2(r6, r5) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r7, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xfcc8) 01:45:42 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r4, 0xffffffffffffffff) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1844.210803] CPU: 1 PID: 3669 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1844.218658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1844.228133] Call Trace: [ 1844.230745] dump_stack+0x13e/0x194 [ 1844.234404] should_fail.cold+0x10a/0x14b [ 1844.238585] should_failslab+0xd6/0x130 [ 1844.242588] kmem_cache_alloc+0x2b5/0x770 [ 1844.246782] mmu_topup_memory_caches+0x83/0x300 [ 1844.251588] kvm_mmu_load+0x1e/0xd00 [ 1844.255346] ? vcpu_enter_guest+0x1c94/0x5240 [ 1844.259889] vcpu_enter_guest+0x2eb9/0x5240 [ 1844.264257] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1844.269046] ? check_preemption_disabled+0x35/0x240 [ 1844.274108] ? emulator_read_emulated+0x40/0x40 [ 1844.278821] ? lock_acquire+0x170/0x3f0 [ 1844.282821] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1844.287786] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1844.292761] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1844.297741] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1844.302545] kvm_vcpu_ioctl+0x3df/0xc70 [ 1844.306547] ? kvm_vcpu_block+0xb70/0xb70 [ 1844.310733] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1844.315523] ? check_preemption_disabled+0x35/0x240 [ 1844.320571] ? retint_kernel+0x2d/0x2d [ 1844.324483] ? kvm_vcpu_block+0xb70/0xb70 [ 1844.328666] ? kvm_vcpu_block+0xb70/0xb70 [ 1844.332849] do_vfs_ioctl+0x75a/0xfe0 [ 1844.336673] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1844.341453] ? ioctl_preallocate+0x1a0/0x1a0 [ 1844.345891] ? security_file_ioctl+0x76/0xb0 [ 1844.350315] ? security_file_ioctl+0x83/0xb0 [ 1844.354741] SyS_ioctl+0x7f/0xb0 [ 1844.358118] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1844.362102] do_syscall_64+0x1d5/0x640 [ 1844.366006] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1844.371202] RIP: 0033:0x45c849 [ 1844.374398] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1844.382128] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1844.389418] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1844.396717] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1844.404005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1844.411310] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000c 01:45:42 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r4, 0xffffffffffffffff) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:42 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:42 executing program 2 (fault-call:9 fault-nth:13): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1844.652944] FAULT_INJECTION: forcing a failure. [ 1844.652944] name failslab, interval 1, probability 0, space 0, times 0 [ 1844.679571] CPU: 0 PID: 3692 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1844.687466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1844.696941] Call Trace: [ 1844.699553] dump_stack+0x13e/0x194 01:45:42 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r4, 0xffffffffffffffff) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1844.703203] should_fail.cold+0x10a/0x14b [ 1844.707375] should_failslab+0xd6/0x130 [ 1844.711359] kmem_cache_alloc+0x2b5/0x770 [ 1844.715524] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1844.720565] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1844.725359] mmu_topup_memory_caches+0x83/0x300 [ 1844.730076] kvm_mmu_load+0x1e/0xd00 [ 1844.733810] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1844.738670] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1844.743440] ? vcpu_enter_guest+0x1807/0x5240 [ 1844.747958] vcpu_enter_guest+0x2eb9/0x5240 [ 1844.752294] ? check_preemption_disabled+0x35/0x240 [ 1844.757317] ? retint_user+0x13/0x18 [ 1844.761040] ? emulator_read_emulated+0x40/0x40 [ 1844.765721] ? lock_acquire+0x170/0x3f0 [ 1844.769801] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1844.774753] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1844.779697] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1844.784641] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1844.789424] kvm_vcpu_ioctl+0x3df/0xc70 [ 1844.793423] ? kvm_vcpu_block+0xb70/0xb70 [ 1844.797706] ? trace_hardirqs_on+0x10/0x10 [ 1844.801980] ? check_preemption_disabled+0x35/0x240 [ 1844.807191] ? save_trace+0x290/0x290 [ 1844.811004] ? SyS_write+0x1b7/0x210 [ 1844.814855] ? retint_kernel+0x2d/0x2d [ 1844.818789] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1844.823954] ? kvm_vcpu_block+0xb70/0xb70 [ 1844.828134] do_vfs_ioctl+0x75a/0xfe0 [ 1844.832147] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1844.837034] ? check_preemption_disabled+0x35/0x240 [ 1844.842078] ? ioctl_preallocate+0x1a0/0x1a0 [ 1844.846492] ? security_file_ioctl+0x76/0xb0 [ 1844.851041] ? security_file_ioctl+0x83/0xb0 [ 1844.855488] SyS_ioctl+0x7f/0xb0 [ 1844.858862] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1844.862933] do_syscall_64+0x1d5/0x640 [ 1844.866825] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1844.872121] RIP: 0033:0x45c849 [ 1844.875419] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1844.883374] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1844.890645] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 01:45:43 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:43 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1844.897970] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1844.905252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1844.912652] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000d 01:45:43 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:43 executing program 2 (fault-call:9 fault-nth:14): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1845.102971] ip_tables: iptables: counters copy to user failed while replacing table 01:45:43 executing program 0: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) lseek(r1, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x4000000000010046) [ 1845.231423] FAULT_INJECTION: forcing a failure. [ 1845.231423] name failslab, interval 1, probability 0, space 0, times 0 01:45:43 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:43 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1845.346176] CPU: 0 PID: 3706 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1845.354161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1845.364507] Call Trace: [ 1845.367209] dump_stack+0x13e/0x194 [ 1845.370863] should_fail.cold+0x10a/0x14b [ 1845.375024] should_failslab+0xd6/0x130 [ 1845.379002] kmem_cache_alloc+0x2b5/0x770 [ 1845.383164] ? mmu_topup_memory_caches+0x1d/0x300 [ 1845.388017] mmu_topup_memory_caches+0x83/0x300 [ 1845.392696] kvm_mmu_load+0x1e/0xd00 [ 1845.396417] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1845.401264] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1845.406029] ? vcpu_enter_guest+0x1807/0x5240 [ 1845.410552] vcpu_enter_guest+0x2eb9/0x5240 [ 1845.414903] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1845.419919] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1845.424695] ? emulator_read_emulated+0x40/0x40 [ 1845.429373] ? lock_acquire+0x170/0x3f0 [ 1845.433346] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1845.438600] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1845.443563] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1845.448545] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1845.453305] kvm_vcpu_ioctl+0x3df/0xc70 [ 1845.457280] ? kvm_vcpu_block+0xb70/0xb70 [ 1845.461443] ? trace_hardirqs_on+0x10/0x10 [ 1845.465706] ? retint_kernel+0x2d/0x2d [ 1845.469609] ? retint_kernel+0x2d/0x2d [ 1845.473512] ? save_trace+0x290/0x290 [ 1845.477302] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1845.482326] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1845.487112] ? kvm_vcpu_block+0xb70/0xb70 [ 1845.491282] do_vfs_ioctl+0x75a/0xfe0 [ 1845.495096] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1845.499867] ? ioctl_preallocate+0x1a0/0x1a0 [ 1845.504301] ? security_file_ioctl+0x76/0xb0 [ 1845.508718] ? security_file_ioctl+0x83/0xb0 [ 1845.513127] SyS_ioctl+0x7f/0xb0 [ 1845.516488] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1845.521433] do_syscall_64+0x1d5/0x640 [ 1845.525351] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1845.530555] RIP: 0033:0x45c849 [ 1845.533818] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 01:45:43 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1845.541563] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1845.548837] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1845.556107] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1845.563387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1845.570673] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000e 01:45:43 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x800448f0, &(0x7f0000000080)) 01:45:43 executing program 2 (fault-call:9 fault-nth:15): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:43 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000280)='./file0\x00', &(0x7f0000000480)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r1) listxattr(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 1845.808471] FAULT_INJECTION: forcing a failure. [ 1845.808471] name failslab, interval 1, probability 0, space 0, times 0 01:45:44 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1845.920944] CPU: 0 PID: 3732 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1845.929869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1845.939394] Call Trace: [ 1845.942038] dump_stack+0x13e/0x194 [ 1845.945852] should_fail.cold+0x10a/0x14b [ 1845.950148] should_failslab+0xd6/0x130 [ 1845.954157] kmem_cache_alloc+0x2b5/0x770 [ 1845.958342] ? mmu_topup_memory_caches+0x94/0x300 [ 1845.963229] mmu_topup_memory_caches+0x83/0x300 [ 1845.967934] ? retint_kernel+0x2d/0x2d [ 1845.971841] kvm_mmu_load+0x1e/0xd00 [ 1845.975561] ? vcpu_enter_guest+0x18c4/0x5240 [ 1845.980088] vcpu_enter_guest+0x2eb9/0x5240 [ 1845.984422] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1845.989471] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1845.994248] ? emulator_read_emulated+0x40/0x40 [ 1845.998956] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1846.003906] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1846.009428] kvm_vcpu_ioctl+0x3df/0xc70 [ 1846.013580] ? kvm_vcpu_block+0xb70/0xb70 [ 1846.017794] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1846.022604] ? check_preemption_disabled+0x35/0x240 [ 1846.027659] ? retint_kernel+0x2d/0x2d [ 1846.031624] ? do_vfs_ioctl+0x76/0xfe0 [ 1846.035730] ? kvm_vcpu_block+0xb70/0xb70 [ 1846.039910] do_vfs_ioctl+0x75a/0xfe0 [ 1846.043841] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1846.048649] ? ioctl_preallocate+0x1a0/0x1a0 [ 1846.053110] ? security_file_ioctl+0x76/0xb0 [ 1846.057540] ? security_file_ioctl+0x83/0xb0 [ 1846.061969] SyS_ioctl+0x7f/0xb0 [ 1846.065360] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1846.069379] do_syscall_64+0x1d5/0x640 [ 1846.073729] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1846.079256] RIP: 0033:0x45c849 [ 1846.082455] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1846.090207] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1846.097498] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1846.104855] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1846.112222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 01:45:44 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:44 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:44 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f00000002c0)={0x3d, 0x0, 0x1}) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f00000004c0)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x931]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1846.119909] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000000f 01:45:44 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:44 executing program 2 (fault-call:9 fault-nth:16): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1846.250065] ip_tables: iptables: counters copy to user failed while replacing table 01:45:44 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:44 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:44 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1846.568533] FAULT_INJECTION: forcing a failure. [ 1846.568533] name failslab, interval 1, probability 0, space 0, times 0 [ 1846.604826] CPU: 1 PID: 3754 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1846.612703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1846.622195] Call Trace: [ 1846.624812] dump_stack+0x13e/0x194 [ 1846.628469] should_fail.cold+0x10a/0x14b [ 1846.632656] should_failslab+0xd6/0x130 [ 1846.636661] kmem_cache_alloc+0x2b5/0x770 [ 1846.640856] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1846.645910] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1846.650697] mmu_topup_memory_caches+0x83/0x300 [ 1846.655404] kvm_mmu_load+0x1e/0xd00 [ 1846.659145] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1846.664201] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1846.669943] ? vcpu_enter_guest+0x422/0x5240 [ 1846.674410] vcpu_enter_guest+0x2eb9/0x5240 [ 1846.678749] ? retint_kernel+0x2d/0x2d [ 1846.682675] ? emulator_read_emulated+0x40/0x40 [ 1846.687376] ? lock_acquire+0x1ec/0x3f0 [ 1846.691383] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1846.697041] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1846.701990] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1846.706785] kvm_vcpu_ioctl+0x3df/0xc70 [ 1846.710785] ? kvm_vcpu_block+0xb70/0xb70 [ 1846.714971] ? trace_hardirqs_on+0x10/0x10 [ 1846.719227] ? check_preemption_disabled+0x35/0x240 [ 1846.724281] ? retint_kernel+0x2d/0x2d [ 1846.728207] ? save_trace+0x290/0x290 [ 1846.732021] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1846.737088] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1846.741890] ? kvm_vcpu_block+0xb70/0xb70 [ 1846.746188] do_vfs_ioctl+0x75a/0xfe0 [ 1846.750106] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1846.754884] ? ioctl_preallocate+0x1a0/0x1a0 [ 1846.759677] ? security_file_ioctl+0x76/0xb0 [ 1846.765107] ? security_file_ioctl+0x83/0xb0 [ 1846.769693] SyS_ioctl+0x7f/0xb0 [ 1846.774502] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1846.778521] do_syscall_64+0x1d5/0x640 [ 1846.782454] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1846.787710] RIP: 0033:0x45c849 [ 1846.790925] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1846.798677] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1846.806066] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 01:45:45 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x34, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9, 0x1, 'vcan\x00'}, {0x4}}}]}, 0x34}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@ipv4_newaddr={0x28, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IFA_BROADCAST={0x8, 0x4, @multicast2}]}, 0x28}, 0x1, 0xf0ffffff}, 0x0) 01:45:45 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:45 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1846.813460] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1846.821344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1846.829013] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000010 01:45:45 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:45 executing program 2 (fault-call:9 fault-nth:17): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:45 executing program 0: r0 = open(&(0x7f0000000080)='./file0\x00', 0x80ff, 0x0) fcntl$setlease(r0, 0x400, 0x0) 01:45:45 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:45 executing program 0: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="2321202e2f66696c653020f014d336b04b030400000000000092290a7e4555a763c15ceda085e276ed3ae7a290ab0e74467713328b5e4577124d1a2e21da765cd1ce2356a8f87e56f0bf8893cc7149595314f0771b65d33e129933dd93f99f03cd6b3e5903e1ddb592a67f706eb14c1d3d1a204fe2e9c50d7920f69e068d2c7faba4084e7a3b0c6c699890e19745ba9a37cfdd7ff58b659bbf65d6a2b2e441a0e0c44a3d9abeb7d90f0d01107d0e077d0d67096da85a6d22c36fac7585a35892211b5194d55e0ad396b242ac56b00fbd89c9"], 0xd2) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) setxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='security.capability\x00', &(0x7f0000000340)=@v2={0x2000000, [{0x0, 0xffffffc1}]}, 0x14, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x400000001ffffffd) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) 01:45:45 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1847.302142] FAULT_INJECTION: forcing a failure. [ 1847.302142] name failslab, interval 1, probability 0, space 0, times 0 01:45:45 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1847.360416] ip_tables: iptables: counters copy to user failed while replacing table [ 1847.361322] CPU: 1 PID: 3781 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1847.376259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1847.385805] Call Trace: [ 1847.388463] dump_stack+0x13e/0x194 [ 1847.392229] should_fail.cold+0x10a/0x14b [ 1847.397031] should_failslab+0xd6/0x130 [ 1847.401710] kmem_cache_alloc+0x2b5/0x770 [ 1847.405891] ? mmu_topup_memory_caches+0x1d/0x300 [ 1847.411066] mmu_topup_memory_caches+0x83/0x300 [ 1847.416200] ? retint_kernel+0x2d/0x2d [ 1847.420290] kvm_mmu_load+0x1e/0xd00 [ 1847.424107] ? vcpu_enter_guest+0x18c4/0x5240 [ 1847.429541] vcpu_enter_guest+0x2eb9/0x5240 [ 1847.434019] ? retint_kernel+0x2d/0x2d [ 1847.437945] ? emulator_read_emulated+0x40/0x40 [ 1847.442646] ? lock_acquire+0x170/0x3f0 [ 1847.446656] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1847.452339] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1847.457587] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1847.463265] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1847.468051] kvm_vcpu_ioctl+0x3df/0xc70 [ 1847.472065] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1847.477117] ? kvm_vcpu_block+0xb70/0xb70 [ 1847.481295] ? check_preemption_disabled+0x35/0x240 [ 1847.486333] ? retint_kernel+0x2d/0x2d [ 1847.490349] ? selinux_file_ioctl+0x30a/0x560 [ 1847.494984] ? selinux_file_ioctl+0x323/0x560 [ 1847.500044] ? kvm_vcpu_block+0xb70/0xb70 [ 1847.504483] do_vfs_ioctl+0x75a/0xfe0 [ 1847.508312] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1847.513107] ? ioctl_preallocate+0x1a0/0x1a0 [ 1847.517552] ? security_file_ioctl+0x76/0xb0 [ 1847.522011] ? security_file_ioctl+0x83/0xb0 [ 1847.526465] SyS_ioctl+0x7f/0xb0 [ 1847.529851] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1847.533847] do_syscall_64+0x1d5/0x640 [ 1847.537755] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1847.543502] RIP: 0033:0x45c849 [ 1847.546969] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 01:45:45 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:45 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = memfd_create(&(0x7f0000000140)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac', 0x3) write$binfmt_misc(r1, &(0x7f0000000c40)=ANY=[@ANYRES32], 0xff67) sendfile(r0, r1, &(0x7f0000000000), 0xffff) fcntl$addseals(r1, 0x409, 0x8) [ 1847.555748] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1847.563037] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1847.570523] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1847.577905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1847.585301] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000011 01:45:45 executing program 2 (fault-call:9 fault-nth:18): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1847.648117] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1847.691769] batman_adv: batadv0: Removing interface: batadv_slave_0 01:45:45 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1847.753147] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1847.807527] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1847.815768] FAULT_INJECTION: forcing a failure. [ 1847.815768] name failslab, interval 1, probability 0, space 0, times 0 [ 1847.845258] CPU: 0 PID: 3806 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 01:45:46 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1847.853304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1847.862921] Call Trace: [ 1847.865576] dump_stack+0x13e/0x194 [ 1847.869249] should_fail.cold+0x10a/0x14b [ 1847.873426] should_failslab+0xd6/0x130 [ 1847.877862] kmem_cache_alloc+0x2b5/0x770 [ 1847.882033] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1847.886936] mmu_topup_memory_caches+0x83/0x300 [ 1847.891720] kvm_mmu_load+0x1e/0xd00 [ 1847.895466] ? vmx_nmi_allowed+0xb/0x100 [ 1847.899543] ? vmx_nmi_allowed+0x31/0x100 [ 1847.903749] vcpu_enter_guest+0x2eb9/0x5240 [ 1847.908171] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1847.913189] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1847.917998] ? emulator_read_emulated+0x40/0x40 [ 1847.922685] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1847.927645] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1847.933160] kvm_vcpu_ioctl+0x3df/0xc70 [ 1847.937175] ? retint_kernel+0x2d/0x2d [ 1847.941082] ? kvm_vcpu_block+0xb70/0xb70 [ 1847.945746] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1847.950772] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1847.955543] ? check_preemption_disabled+0x35/0x240 [ 1847.960578] ? retint_kernel+0x2d/0x2d [ 1847.964474] ? __fget+0x201/0x360 [ 1847.968076] ? kvm_vcpu_block+0xb70/0xb70 [ 1847.972319] do_vfs_ioctl+0x75a/0xfe0 [ 1847.976374] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1847.981132] ? ioctl_preallocate+0x1a0/0x1a0 [ 1847.985543] ? security_file_ioctl+0x76/0xb0 [ 1847.989953] ? security_file_ioctl+0x83/0xb0 [ 1847.994380] SyS_ioctl+0x7f/0xb0 [ 1847.999492] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1848.004258] do_syscall_64+0x1d5/0x640 [ 1848.008155] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1848.013344] RIP: 0033:0x45c849 [ 1848.016690] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1848.024384] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1848.031861] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1848.039259] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1848.046657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 01:45:46 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:46 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1848.053967] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000012 [ 1848.063389] device bridge_slave_1 left promiscuous mode [ 1848.068969] bridge0: port 2(bridge_slave_1) entered disabled state 01:45:46 executing program 2 (fault-call:9 fault-nth:19): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1848.130500] bridge0: port 1(bridge_slave_0) entered disabled state [ 1848.197698] device veth1_macvtap left promiscuous mode [ 1848.212698] device veth0_macvtap left promiscuous mode [ 1848.229946] device veth1_vlan left promiscuous mode 01:45:46 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) dup2(r0, r1) mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0) [ 1848.245845] device veth0_vlan left promiscuous mode [ 1848.308493] FAULT_INJECTION: forcing a failure. [ 1848.308493] name failslab, interval 1, probability 0, space 0, times 0 [ 1848.360278] CPU: 1 PID: 3818 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1848.368136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1848.378325] Call Trace: [ 1848.380936] dump_stack+0x13e/0x194 [ 1848.384596] should_fail.cold+0x10a/0x14b [ 1848.388772] should_failslab+0xd6/0x130 [ 1848.392784] kmem_cache_alloc+0x2b5/0x770 [ 1848.396977] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1848.402562] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1848.407973] mmu_topup_memory_caches+0x83/0x300 [ 1848.412675] kvm_mmu_load+0x1e/0xd00 [ 1848.416516] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1848.421376] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1848.426274] ? vcpu_enter_guest+0x1807/0x5240 [ 1848.431157] vcpu_enter_guest+0x2eb9/0x5240 [ 1848.435514] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1848.440546] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1848.445305] ? emulator_read_emulated+0x40/0x40 [ 1848.449985] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1848.454903] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1848.459668] kvm_vcpu_ioctl+0x3df/0xc70 [ 1848.463633] ? kvm_vcpu_block+0xb70/0xb70 [ 1848.467798] ? trace_hardirqs_on+0x10/0x10 [ 1848.472343] ? mark_held_locks+0xa6/0xf0 [ 1848.476427] ? save_trace+0x290/0x290 [ 1848.480232] ? SyS_write+0x1b7/0x210 [ 1848.484025] ? kvm_vcpu_block+0xb70/0xb70 [ 1848.488162] do_vfs_ioctl+0x75a/0xfe0 [ 1848.492073] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1848.496843] ? ioctl_preallocate+0x1a0/0x1a0 [ 1848.501253] ? security_file_ioctl+0x76/0xb0 [ 1848.506001] ? security_file_ioctl+0x83/0xb0 [ 1848.510413] SyS_ioctl+0x7f/0xb0 [ 1848.513792] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1848.517780] do_syscall_64+0x1d5/0x640 [ 1848.521669] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1848.526851] RIP: 0033:0x45c849 [ 1848.534130] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1848.541828] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1848.549085] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1848.556369] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1848.563656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1848.570949] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000013 01:45:46 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:46 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:46 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1848.768214] ip_tables: iptables: counters copy to user failed while replacing table 01:45:47 executing program 2 (fault-call:9 fault-nth:20): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:47 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000240)={@multicast1, @local}, 0xc) connect$inet(r0, &(0x7f0000000400)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)={@multicast1, @local}, 0x10) 01:45:47 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:47 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:47 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1849.109184] FAULT_INJECTION: forcing a failure. [ 1849.109184] name failslab, interval 1, probability 0, space 0, times 0 [ 1849.128063] bond3 (unregistering): Released all slaves [ 1849.148444] bond2 (unregistering): Released all slaves [ 1849.160207] CPU: 0 PID: 3839 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1849.168465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1849.177930] Call Trace: [ 1849.180554] dump_stack+0x13e/0x194 [ 1849.184192] should_fail.cold+0x10a/0x14b [ 1849.188480] should_failslab+0xd6/0x130 [ 1849.192468] kmem_cache_alloc+0x2b5/0x770 [ 1849.196747] ? kmem_cache_alloc+0x10/0x770 [ 1849.200998] mmu_topup_memory_caches+0x83/0x300 [ 1849.205666] ? kvm_apic_accept_events+0x4f/0x3f0 [ 1849.210552] kvm_mmu_load+0x1e/0xd00 [ 1849.214274] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1849.219127] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1849.223872] ? vmx_get_nmi_mask+0x29/0xa0 [ 1849.228035] vcpu_enter_guest+0x2eb9/0x5240 [ 1849.232374] ? check_preemption_disabled+0x35/0x240 [ 1849.238347] ? retint_user+0x13/0x18 [ 1849.242053] ? emulator_read_emulated+0x40/0x40 [ 1849.246713] ? lock_acquire+0x170/0x3f0 [ 1849.250677] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1849.255597] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1849.260513] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1849.265429] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1849.270175] kvm_vcpu_ioctl+0x3df/0xc70 [ 1849.274136] ? kvm_vcpu_block+0xb70/0xb70 [ 1849.278285] ? trace_hardirqs_on+0x10/0x10 [ 1849.282508] ? retint_kernel+0x2d/0x2d [ 1849.286415] ? save_trace+0x290/0x290 [ 1849.290215] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1849.294961] ? kvm_vcpu_block+0xb70/0xb70 [ 1849.299100] do_vfs_ioctl+0x75a/0xfe0 [ 1849.302891] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1849.307673] ? ioctl_preallocate+0x1a0/0x1a0 [ 1849.312100] ? security_file_ioctl+0x76/0xb0 [ 1849.316509] ? security_file_ioctl+0x83/0xb0 [ 1849.320922] SyS_ioctl+0x7f/0xb0 [ 1849.324308] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1849.328385] do_syscall_64+0x1d5/0x640 [ 1849.332265] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1849.337446] RIP: 0033:0x45c849 [ 1849.340639] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1849.348348] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1849.355625] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1849.362899] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1849.370184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1849.377479] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000014 01:45:47 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1849.428045] bond1 (unregistering): Released all slaves 01:45:47 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:47 executing program 2 (fault-call:9 fault-nth:21): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:47 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:47 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1849.617041] ip_tables: iptables: counters copy to user failed while replacing table [ 1849.652303] device hsr_slave_1 left promiscuous mode [ 1849.723459] device hsr_slave_0 left promiscuous mode 01:45:47 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1849.793843] FAULT_INJECTION: forcing a failure. [ 1849.793843] name failslab, interval 1, probability 0, space 0, times 0 [ 1849.892145] CPU: 1 PID: 3856 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1849.900024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1849.909526] Call Trace: [ 1849.912508] dump_stack+0x13e/0x194 [ 1849.916173] should_fail.cold+0x10a/0x14b [ 1849.920504] should_failslab+0xd6/0x130 [ 1849.924636] kmem_cache_alloc+0x2b5/0x770 [ 1849.928816] ? mmu_topup_memory_caches+0x94/0x300 [ 1849.933694] mmu_topup_memory_caches+0x83/0x300 [ 1849.938404] kvm_mmu_load+0x1e/0xd00 [ 1849.942141] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1849.947017] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1849.951813] ? vcpu_enter_guest+0x3813/0x5240 [ 1849.956357] vcpu_enter_guest+0x2eb9/0x5240 [ 1849.960718] ? retint_kernel+0x2d/0x2d [ 1849.964669] ? emulator_read_emulated+0x40/0x40 [ 1849.969373] ? lock_acquire+0x1ec/0x3f0 [ 1849.973480] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1849.978434] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1849.983397] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1849.988182] kvm_vcpu_ioctl+0x3df/0xc70 [ 1849.992169] ? kvm_vcpu_block+0xb70/0xb70 [ 1849.996328] ? trace_hardirqs_on+0x10/0x10 [ 1850.000599] ? save_trace+0x290/0x290 [ 1850.004430] ? lock_release+0x435/0x7f0 [ 1850.008426] ? kvm_vcpu_block+0xb70/0xb70 [ 1850.012587] do_vfs_ioctl+0x75a/0xfe0 [ 1850.016424] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1850.021204] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1850.025987] ? ioctl_preallocate+0x1a0/0x1a0 [ 1850.030443] ? check_preemption_disabled+0x35/0x240 [ 1850.035488] ? retint_kernel+0x2d/0x2d [ 1850.039394] ? security_file_ioctl+0x76/0xb0 [ 1850.043825] ? security_file_ioctl+0x83/0xb0 [ 1850.048258] SyS_ioctl+0x7f/0xb0 [ 1850.051642] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1850.055640] do_syscall_64+0x1d5/0x640 [ 1850.059569] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1850.064771] RIP: 0033:0x45c849 [ 1850.067961] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1850.075669] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1850.082939] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 01:45:48 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:48 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1850.090219] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1850.097487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1850.104745] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000015 [ 1850.113852] team0 (unregistering): Port device team_slave_1 removed [ 1850.198913] team0 (unregistering): Port device team_slave_0 removed [ 1850.209495] ip_tables: iptables: counters copy to user failed while replacing table [ 1850.236973] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1850.340827] bond0 (unregistering): Releasing backup interface bond_slave_0 01:45:48 executing program 0: mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() accept4(0xffffffffffffffff, 0x0, &(0x7f0000000580), 0x80000) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x38, 0x1, 0x10, 0x0, 0x10000005, 0x0, 0x0, 0x1000, 0x0, 0x401}, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5, 0x3, 0x3, 0x6}, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) getpeername(0xffffffffffffffff, &(0x7f00000005c0)=@x25, 0x0) pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) getxattr(0x0, 0x0, 0x0, 0x0) r4 = gettid() r5 = creat(&(0x7f0000000280)='./file0\x00', 0x1) prctl$PR_SET_PTRACER(0x59616d61, r4) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xa}}, 0x0, 0x1, 0xffffffffffffffff, 0x0) close(r5) sync_file_range(0xffffffffffffffff, 0x7, 0x0, 0x2) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) 01:45:48 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:48 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:48 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:48 executing program 2 (fault-call:9 fault-nth:22): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1850.437818] bond0 (unregistering): Released all slaves 01:45:48 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1850.558093] FAULT_INJECTION: forcing a failure. [ 1850.558093] name failslab, interval 1, probability 0, space 0, times 0 [ 1850.645332] CPU: 1 PID: 3878 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1850.653311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1850.662711] Call Trace: [ 1850.665332] dump_stack+0x13e/0x194 [ 1850.668980] should_fail.cold+0x10a/0x14b [ 1850.673179] should_failslab+0xd6/0x130 [ 1850.683791] kmem_cache_alloc+0x2b5/0x770 [ 1850.688031] mmu_topup_memory_caches+0x83/0x300 [ 1850.692736] kvm_mmu_load+0x1e/0xd00 [ 1850.696474] ? vcpu_enter_guest+0x2eb1/0x5240 [ 1850.701130] vcpu_enter_guest+0x2eb9/0x5240 [ 1850.705523] ? check_preemption_disabled+0x35/0x240 [ 1850.710566] ? retint_user+0x13/0x18 [ 1850.714413] ? emulator_read_emulated+0x40/0x40 [ 1850.719208] ? lock_acquire+0x170/0x3f0 [ 1850.723223] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1850.728197] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1850.733416] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1850.738434] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1850.743242] kvm_vcpu_ioctl+0x3df/0xc70 [ 1850.747258] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1850.752033] ? kvm_vcpu_block+0xb70/0xb70 [ 1850.756458] ? trace_hardirqs_on+0x10/0x10 [ 1850.760720] ? save_trace+0x290/0x290 [ 1850.764538] ? SyS_write+0x1b7/0x210 [ 1850.768312] ? kvm_vcpu_block+0xb70/0xb70 [ 1850.772484] do_vfs_ioctl+0x75a/0xfe0 [ 1850.776436] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1850.781220] ? ioctl_preallocate+0x1a0/0x1a0 [ 1850.785656] ? security_file_ioctl+0x76/0xb0 [ 1850.790082] ? security_file_ioctl+0x83/0xb0 [ 1850.794519] SyS_ioctl+0x7f/0xb0 [ 1850.797908] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1850.801897] do_syscall_64+0x1d5/0x640 [ 1850.805820] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1850.811036] RIP: 0033:0x45c849 [ 1850.814232] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1850.821948] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1850.829222] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1850.836514] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 01:45:49 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:49 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:49 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1850.843884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1850.851164] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000016 01:45:49 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:49 executing program 2 (fault-call:9 fault-nth:23): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:49 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1851.108211] ip_tables: iptables: counters copy to user failed while replacing table [ 1851.195895] FAULT_INJECTION: forcing a failure. [ 1851.195895] name failslab, interval 1, probability 0, space 0, times 0 [ 1851.257974] CPU: 1 PID: 3902 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1851.265826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1851.275208] Call Trace: [ 1851.277825] dump_stack+0x13e/0x194 [ 1851.281481] should_fail.cold+0x10a/0x14b [ 1851.285767] should_failslab+0xd6/0x130 [ 1851.289818] kmem_cache_alloc+0x2b5/0x770 [ 1851.294003] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1851.299062] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1851.303867] mmu_topup_memory_caches+0x83/0x300 [ 1851.308582] kvm_mmu_load+0x1e/0xd00 [ 1851.312337] ? vcpu_enter_guest+0x2eb1/0x5240 [ 1851.316867] vcpu_enter_guest+0x2eb9/0x5240 [ 1851.321236] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1851.326275] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1851.331050] ? emulator_read_emulated+0x40/0x40 [ 1851.335740] ? lock_acquire+0x170/0x3f0 [ 1851.339736] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1851.344684] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1851.349791] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1851.355619] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1851.360515] kvm_vcpu_ioctl+0x3df/0xc70 [ 1851.364510] ? kvm_vcpu_block+0xb70/0xb70 [ 1851.368669] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1851.373438] ? check_preemption_disabled+0x35/0x240 [ 1851.378466] ? retint_kernel+0x2d/0x2d [ 1851.382376] ? do_vfs_ioctl+0xcc8/0xfe0 [ 1851.386361] ? kvm_vcpu_block+0xb70/0xb70 [ 1851.391484] do_vfs_ioctl+0x75a/0xfe0 [ 1851.395313] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1851.400109] ? ioctl_preallocate+0x1a0/0x1a0 [ 1851.404554] ? security_file_ioctl+0x76/0xb0 [ 1851.408961] ? security_file_ioctl+0x83/0xb0 [ 1851.413366] SyS_ioctl+0x7f/0xb0 [ 1851.416720] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1851.420848] do_syscall_64+0x1d5/0x640 [ 1851.425520] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1851.430715] RIP: 0033:0x45c849 [ 1851.433925] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1851.441779] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1851.449206] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 01:45:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@mcast1, 0x91}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0, 0xfffffffffffffd71}, {0x0, 0x1e1}, {&(0x7f00000002c0)=""/66, 0x9}], 0x3, 0x0, 0xb9, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 01:45:49 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:49 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:49 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:49 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1851.456481] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1851.463833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1851.471107] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000017 01:45:49 executing program 2 (fault-call:9 fault-nth:24): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1851.635121] ip_tables: iptables: counters copy to user failed while replacing table 01:45:49 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1851.742811] FAULT_INJECTION: forcing a failure. [ 1851.742811] name failslab, interval 1, probability 0, space 0, times 0 [ 1851.762711] CPU: 1 PID: 3927 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1851.770561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1851.779935] Call Trace: [ 1851.782552] dump_stack+0x13e/0x194 [ 1851.786391] should_fail.cold+0x10a/0x14b [ 1851.790572] should_failslab+0xd6/0x130 [ 1851.794559] kmem_cache_alloc+0x2b5/0x770 [ 1851.798736] ? mmu_topup_memory_caches+0x94/0x300 [ 1851.804538] mmu_topup_memory_caches+0x83/0x300 [ 1851.809261] ? retint_kernel+0x2d/0x2d [ 1851.813162] kvm_mmu_load+0x1e/0xd00 [ 1851.816886] ? vcpu_enter_guest+0x56a/0x5240 [ 1851.821301] vcpu_enter_guest+0x2eb9/0x5240 [ 1851.825628] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1851.830649] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1851.835446] ? emulator_read_emulated+0x40/0x40 [ 1851.840325] ? lock_acquire+0x170/0x3f0 [ 1851.845023] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1851.849964] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1851.854920] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1851.859876] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1851.864687] kvm_vcpu_ioctl+0x3df/0xc70 [ 1851.869981] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1851.876007] ? kvm_vcpu_block+0xb70/0xb70 [ 1851.880220] ? retint_kernel+0x2d/0x2d [ 1851.884143] ? selinux_file_ioctl+0x83/0x560 [ 1851.888571] ? selinux_file_ioctl+0x42b/0x560 [ 1851.893088] ? kvm_vcpu_block+0xb70/0xb70 [ 1851.897261] do_vfs_ioctl+0x75a/0xfe0 [ 1851.901082] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1851.905872] ? ioctl_preallocate+0x1a0/0x1a0 [ 1851.910314] ? security_file_ioctl+0x76/0xb0 [ 1851.914746] ? security_file_ioctl+0x83/0xb0 [ 1851.919530] SyS_ioctl+0x7f/0xb0 [ 1851.922931] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1851.927277] do_syscall_64+0x1d5/0x640 [ 1851.931196] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1851.936409] RIP: 0033:0x45c849 01:45:50 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:50 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1851.939614] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1851.947349] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1851.954729] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1851.962153] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1851.969547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1851.978131] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000018 01:45:50 executing program 2 (fault-call:9 fault-nth:25): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:50 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1852.180850] FAULT_INJECTION: forcing a failure. [ 1852.180850] name failslab, interval 1, probability 0, space 0, times 0 [ 1852.224479] CPU: 1 PID: 3935 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1852.232716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1852.242313] Call Trace: [ 1852.244948] dump_stack+0x13e/0x194 [ 1852.248647] should_fail.cold+0x10a/0x14b [ 1852.252864] ? should_failslab+0x9c/0x130 [ 1852.257078] should_failslab+0xd6/0x130 [ 1852.261096] kmem_cache_alloc+0x2b5/0x770 [ 1852.265762] ? mmu_topup_memory_caches+0x94/0x300 [ 1852.270992] mmu_topup_memory_caches+0x83/0x300 [ 1852.275868] kvm_mmu_load+0x1e/0xd00 [ 1852.279600] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1852.284458] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1852.289437] ? process_nmi+0xcf/0xf0 [ 1852.293454] vcpu_enter_guest+0x2eb9/0x5240 [ 1852.297893] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1852.302663] ? check_preemption_disabled+0x35/0x240 [ 1852.307689] ? emulator_read_emulated+0x40/0x40 [ 1852.312367] ? lock_acquire+0x170/0x3f0 [ 1852.316374] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1852.321506] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1852.326535] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1852.331575] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1852.336364] kvm_vcpu_ioctl+0x3df/0xc70 [ 1852.340357] ? kvm_vcpu_block+0xb70/0xb70 [ 1852.344551] ? trace_hardirqs_on+0x10/0x10 [ 1852.348823] ? save_trace+0x290/0x290 [ 1852.352635] ? SyS_write+0x1b7/0x210 [ 1852.356458] ? kvm_vcpu_block+0xb70/0xb70 [ 1852.360637] do_vfs_ioctl+0x75a/0xfe0 [ 1852.364464] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1852.369392] ? ioctl_preallocate+0x1a0/0x1a0 01:45:50 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1852.373829] ? security_file_ioctl+0x76/0xb0 [ 1852.378378] ? security_file_ioctl+0x83/0xb0 [ 1852.382813] SyS_ioctl+0x7f/0xb0 [ 1852.386756] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1852.391286] do_syscall_64+0x1d5/0x640 [ 1852.395482] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1852.401006] RIP: 0033:0x45c849 [ 1852.404206] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1852.412172] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1852.419454] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1852.426724] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1852.434390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1852.441752] R13: 00000000000003bf R14: 00000000004c6495 R15: 0000000000000019 01:45:52 executing program 0: r0 = syz_open_dev$sndtimer(&(0x7f0000000440)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000000)=0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x0, 0xb9e, 0x20}) 01:45:52 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:52 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:52 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:52 executing program 2 (fault-call:9 fault-nth:26): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:52 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:52 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1854.820685] ip_tables: iptables: counters copy to user failed while replacing table [ 1854.861807] FAULT_INJECTION: forcing a failure. [ 1854.861807] name failslab, interval 1, probability 0, space 0, times 0 [ 1854.878100] CPU: 1 PID: 3957 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1854.886097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1854.895505] Call Trace: [ 1854.898129] dump_stack+0x13e/0x194 [ 1854.901793] should_fail.cold+0x10a/0x14b [ 1854.906173] should_failslab+0xd6/0x130 01:45:53 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) [ 1854.910195] kmem_cache_alloc+0x2b5/0x770 [ 1854.914458] mmu_topup_memory_caches+0x83/0x300 [ 1854.919138] kvm_mmu_load+0x1e/0xd00 [ 1854.922975] ? vcpu_enter_guest+0x56a/0x5240 [ 1854.927496] vcpu_enter_guest+0x2eb9/0x5240 [ 1854.931924] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1854.938094] ? emulator_read_emulated+0x40/0x40 [ 1854.943268] ? lock_acquire+0x170/0x3f0 [ 1854.947272] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1854.952224] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1854.957286] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1854.962564] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1854.967349] kvm_vcpu_ioctl+0x3df/0xc70 [ 1854.971332] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1854.976677] ? kvm_vcpu_block+0xb70/0xb70 [ 1854.980909] ? check_preemption_disabled+0x35/0x240 [ 1854.986730] ? retint_kernel+0x2d/0x2d [ 1854.990790] ? selinux_file_ioctl+0x83/0x560 [ 1854.995217] ? selinux_file_ioctl+0x42b/0x560 [ 1854.999935] ? kvm_vcpu_block+0xb70/0xb70 [ 1855.004755] do_vfs_ioctl+0x75a/0xfe0 [ 1855.010830] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1855.016341] ? ioctl_preallocate+0x1a0/0x1a0 [ 1855.020905] ? security_file_ioctl+0x76/0xb0 [ 1855.025706] ? security_file_ioctl+0x83/0xb0 [ 1855.030177] SyS_ioctl+0x7f/0xb0 [ 1855.033676] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1855.037650] do_syscall_64+0x1d5/0x640 [ 1855.041536] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1855.046860] RIP: 0033:0x45c849 [ 1855.050181] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 01:45:53 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:53 executing program 2 (fault-call:9 fault-nth:27): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:53 executing program 0: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) prctl$PR_SET_PTRACER(0x59616d61, r0) write$binfmt_script(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="2321202e2f66696c653020f014d336b04b030400000000000092290a7e4555a763c15ceda085e276ed3ae7a290ab0e74467713328b5e4577124d1a2e21da765cd1ce2356a8f87e56f0bf8893cc7149595314f0771b65d33e129933dd93f99f03cd6b3e5903e1ddb592a67f706eb14c1d3d1a204fe2e9c50d7920f69e068d2c7faba4084e7a3b0c6c699890e19745ba9a37cfdd7ff58b659bbf65d6a2b2e441a0e0c44a3d9abeb7d90f0d01107d0e077d0d67096da85a6d22c36fac7585a35892211b5194d55e0ad396b242ac56b00fbd89c9ff98e0fb30333b4e890581b21245b36f9ab48e8f83bfcc455d81d7aff06587ca3d455f61f4258a09db4a85d59af344928e136cf95a1898f97d5031c56550cfb29d367f2fb2674b"], 0x24) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r1) setxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='security.capability\x00', &(0x7f0000000340)=@v2={0x2000000, [{0x0, 0xffffffc1}]}, 0x14, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x100000001) listen(0xffffffffffffffff, 0x400000001ffffffd) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) [ 1855.057896] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1855.065333] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1855.074260] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1855.081547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1855.088824] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000001a [ 1855.251111] FAULT_INJECTION: forcing a failure. [ 1855.251111] name failslab, interval 1, probability 0, space 0, times 0 [ 1855.309371] CPU: 0 PID: 3970 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1855.317249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1855.326629] Call Trace: [ 1855.329251] dump_stack+0x13e/0x194 [ 1855.332902] should_fail.cold+0x10a/0x14b [ 1855.337115] should_failslab+0xd6/0x130 [ 1855.341127] kmem_cache_alloc+0x2b5/0x770 [ 1855.345321] ? mmu_topup_memory_caches+0x94/0x300 [ 1855.350212] mmu_topup_memory_caches+0x83/0x300 [ 1855.354909] ? retint_kernel+0x2d/0x2d [ 1855.358825] kvm_mmu_load+0x1e/0xd00 [ 1855.363264] ? vcpu_enter_guest+0x1d1d/0x5240 [ 1855.374955] vcpu_enter_guest+0x2eb9/0x5240 [ 1855.380257] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1855.385309] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1855.390109] ? emulator_read_emulated+0x40/0x40 [ 1855.394826] ? lock_acquire+0x170/0x3f0 [ 1855.398832] ? kvm_arch_vcpu_ioctl_run+0x143/0xfd0 [ 1855.403790] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1855.418566] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1855.423533] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1855.428310] kvm_vcpu_ioctl+0x3df/0xc70 [ 1855.432305] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1855.437344] ? kvm_vcpu_block+0xb70/0xb70 [ 1855.441504] ? check_preemption_disabled+0x35/0x240 [ 1855.446547] ? retint_kernel+0x2d/0x2d [ 1855.450479] ? selinux_file_ioctl+0x19a/0x560 [ 1855.454983] ? selinux_file_ioctl+0x1b7/0x560 [ 1855.459700] ? kvm_vcpu_block+0xb70/0xb70 [ 1855.464068] do_vfs_ioctl+0x75a/0xfe0 [ 1855.467983] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1855.472756] ? ioctl_preallocate+0x1a0/0x1a0 [ 1855.477308] ? security_file_ioctl+0x76/0xb0 [ 1855.481809] ? security_file_ioctl+0x83/0xb0 [ 1855.486484] SyS_ioctl+0x7f/0xb0 [ 1855.489876] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1855.495725] do_syscall_64+0x1d5/0x640 [ 1855.499631] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1855.504837] RIP: 0033:0x45c849 01:45:53 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:53 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:53 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:53 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:53 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='attr\x00') fchdir(r0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f00000000c0)='.\x00', 0x1) getdents64(r0, &(0x7f00000003c0)=""/4096, 0x1000) getdents64(r0, 0x0, 0x0) [ 1855.508019] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1855.515718] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1855.523104] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1855.530517] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1855.537791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1855.545074] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000001b 01:45:53 executing program 2 (fault-call:9 fault-nth:28): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:53 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:53 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/ptype\x00') preadv(r0, &(0x7f00000014c0)=[{&(0x7f0000000100)=""/51, 0x33}], 0x1, 0x33) io_setup(0x100000000000c333, &(0x7f0000000180)=0x0) r2 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100902) io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}]) [ 1855.819124] FAULT_INJECTION: forcing a failure. [ 1855.819124] name failslab, interval 1, probability 0, space 0, times 0 [ 1855.836152] ip_tables: iptables: counters copy to user failed while replacing table [ 1855.872427] CPU: 1 PID: 3998 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0 [ 1855.880409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1855.890644] Call Trace: [ 1855.893256] dump_stack+0x13e/0x194 [ 1855.896913] should_fail.cold+0x10a/0x14b [ 1855.901118] should_failslab+0xd6/0x130 [ 1855.905122] kmem_cache_alloc+0x2b5/0x770 [ 1855.909300] ? mmu_topup_memory_caches+0x94/0x300 [ 1855.914240] mmu_topup_memory_caches+0x83/0x300 [ 1855.918936] kvm_mmu_load+0x1e/0xd00 [ 1855.922685] ? kvm_apic_accept_events+0x16f/0x3f0 [ 1855.927546] ? kvm_lapic_enable_pv_eoi+0xc0/0xc0 [ 1855.932336] ? vcpu_enter_guest+0x482/0x5240 [ 1855.937859] vcpu_enter_guest+0x2eb9/0x5240 [ 1855.942205] ? retint_kernel+0x2d/0x2d [ 1855.946120] ? emulator_read_emulated+0x40/0x40 [ 1855.950810] ? lock_acquire+0x1ec/0x3f0 [ 1855.954815] ? kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1855.959768] ? kvm_arch_vcpu_ioctl_run+0x181/0xfd0 [ 1855.965426] kvm_arch_vcpu_ioctl_run+0x2fe/0xfd0 [ 1855.970940] kvm_vcpu_ioctl+0x3df/0xc70 [ 1855.974980] ? kvm_vcpu_block+0xb70/0xb70 [ 1855.979168] ? trace_hardirqs_on+0x10/0x10 [ 1855.983433] ? retint_kernel+0x2d/0x2d [ 1855.987452] ? save_trace+0x290/0x290 [ 1855.991283] ? trace_hardirqs_on_caller+0x3f6/0x590 [ 1855.996422] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1856.001210] ? kvm_vcpu_block+0xb70/0xb70 [ 1856.005519] do_vfs_ioctl+0x75a/0xfe0 [ 1856.009343] ? selinux_file_mprotect+0x5c0/0x5c0 [ 1856.014129] ? ioctl_preallocate+0x1a0/0x1a0 [ 1856.018566] ? security_file_ioctl+0x76/0xb0 [ 1856.022994] ? security_file_ioctl+0x83/0xb0 [ 1856.027428] SyS_ioctl+0x7f/0xb0 [ 1856.030808] ? do_vfs_ioctl+0xfe0/0xfe0 [ 1856.034844] do_syscall_64+0x1d5/0x640 [ 1856.038751] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1856.043952] RIP: 0033:0x45c849 [ 1856.047152] RSP: 002b:00007fa3bc31dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1856.054971] RAX: ffffffffffffffda RBX: 00007fa3bc31e6d4 RCX: 000000000045c849 [ 1856.062543] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 01:45:54 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:54 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:54 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:54 executing program 2 (fault-call:9 fault-nth:29): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1856.069837] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1856.077472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1856.085746] R13: 00000000000003bf R14: 00000000004c6495 R15: 000000000000001c 01:45:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000007, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)=ANY=[@ANYBLOB="bc2d367f001bd3d4adb38f9b5ab64de42bb4f0f4d15d2f8c35d27c24bbe3b89468a721a285a8ead33c448c8a0d26fc1f3ba2b4c9f5a9d68e97e509dcf98465bb46eb78c93507ba6f0900c4803b75534f27d07a1d7066807ddc57b73ab809c73b65ce435f5205261f29254ed2ec8e75590481a9736c7ed0f49da28fb6"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) r3 = fanotify_init(0x0, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000100)={0x18}, 0x18) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'L-', 0x1}, 0x16, 0x0) ioctl$VFIO_SET_IOMMU(r4, 0x3b66, 0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:54 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:54 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:54 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:54 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b0b, &(0x7f0000000000)='wlan0\x00') 01:45:54 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="974b"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = fanotify_init(0x0, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000180)={[0x6, 0x8, 0x1, 0x2d83aca2, 0x1ff, 0x8, 0x1, 0x5, 0x9f, 0x1f, 0x3, 0x0, 0x0, 0x1, 0x3, 0x5da], 0x5000, 0x10}) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) r5 = fanotify_init(0x0, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) write$FUSE_NOTIFY_POLL(r6, &(0x7f0000000100)={0x18}, 0x18) r7 = fanotify_init(0x0, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) write$FUSE_NOTIFY_POLL(r8, &(0x7f0000000100)={0x18}, 0x18) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r8, 0xc034564b, &(0x7f0000000040)={0x401, 0x1500, 0x8, 0x101, 0x0, @discrete={0x937}}) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, r6, 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:54 executing program 0: [ 1856.760439] ip_tables: iptables: counters copy to user failed while replacing table 01:45:55 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:55 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:55 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:55 executing program 0: 01:45:55 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)=ANY=[@ANYBLOB="97cb4b5f4083f75b660a19cfdc9e8b175cf89cd7a445e0dbd5e7d805fc4a5b98481d6ae97c6a743d9cc8f6581366d5aa3a9a2c2cf75cec8a8a"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = fanotify_init(0x0, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000100)={0x18}, 0x18) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:55 executing program 0: [ 1857.133429] ip_tables: iptables: counters copy to user failed while replacing table 01:45:55 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:55 executing program 0: 01:45:55 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:55 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:55 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:55 executing program 0: 01:45:55 executing program 2: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x8200, 0x0) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="5000000005060101000000000000fed98c61b625b51bdda3eb843202e2b200000c0000000900020073797a32000000000900030073797a32000000000900030073797a30000000000900030073797a32000000000900030073797a3200000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x4010) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)=ANY=[@ANYBLOB="97cb42a0ae7396f54fd414d18685c56e73b61c471b29b02a6df897b1baabc6fd505d210372cf90998b271c06daabc4810c421850ebb7c8914605c055fc3db5cb6d9acf0874533f6dfab7f816c61217782e583b07238f571d0d40d3b678de326d6604cf9901b0717422f22d4e535a"]) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r3, 0xae9a) r4 = fanotify_init(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000100)={0x18}, 0x18) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_S390_UCAS_UNMAP(r0, 0x4018ae51, &(0x7f00000003c0)={0x1100000, 0x0, 0x200}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKSECTGET(r5, 0x1267, &(0x7f00000000c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1857.471377] ip_tables: iptables: counters copy to user failed while replacing table 01:45:55 executing program 0: 01:45:55 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:55 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = fanotify_init(0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000100)={0x18}, 0x18) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000280)={{0x3, 0x3, 0x3, 0x1, 0x2}}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000180)=ANY=[@ANYBLOB="657e00000000466bc3ae3bb36ffc791c1c92e662b4454d32028d444e8873e0af90f97fb8c1638e970426c7216f6350c802d4f90289a0314a9761e332dc8b6d0d7452ac4eb572ed0ece96ab9a9b4bd3d3ca7460b1432aecf69f1e441913d388e797bc000000000000800000000000d4697e541b2f4535e5b0e4132da21ba18fb12a24f1398230b2c295afb260bf989026c44d7b024e176680a05d90b1947ad25c9d1b4f83f87f163cf485ceee3197c8e4b2ae82009504433999c00d78c75a751a5e3005500427b5"]) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x145080, 0x0) ioctl$BLKFRASET(r4, 0x1264, &(0x7f0000000100)=0xa4d3) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x88}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/mls\x00', 0x0, 0x0) getsockopt$MISDN_TIME_STAMP(r6, 0x0, 0x1, &(0x7f0000000340), &(0x7f0000000380)=0x4) ioctl$KVM_RUN(r5, 0xae80, 0x0) 01:45:55 executing program 0: 01:45:55 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:55 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:56 executing program 0: [ 1857.862011] ip_tables: iptables: counters copy to user failed while replacing table 01:45:56 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:56 executing program 0: 01:45:56 executing program 0: 01:45:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = fanotify_init(0x0, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000100)={0x18}, 0x18) setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x2, &(0x7f00000000c0)=0x5, 0x4) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:56 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:56 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:56 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:56 executing program 0: 01:45:56 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:56 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) io_getevents(0x0, 0x8, 0x80000000000024d, &(0x7f0000000400)=[{}, {}], 0x0) r2 = memfd_create(&(0x7f0000000000)='-se~g\x00\x00\x00\x00o\xb5z\xff\xeazF\xfb\xcer\x00\x00\x00\x00\x00\x00\x00\x1e\x9d\x17\xc9\xc9\x87 \xb0Z7\a\xac\xe8\vb.T\x9b\xc4\xa6\x04\xb4\xee;\x86\x05\x83U\x11\xf9', 0x0) io_submit(0x0, 0x1, &(0x7f0000001280)=[&(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0}]) io_getevents(0x0, 0xbc, 0xa, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000000)) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = fanotify_init(0x0, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000100)={0x18}, 0x18) r6 = fanotify_init(0x0, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) write$FUSE_NOTIFY_POLL(r7, &(0x7f0000000100)={0x18}, 0x18) ioctl$USBDEVFS_RESETEP(r7, 0x80045503, &(0x7f00000000c0)={0x1, 0x1}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 01:45:56 executing program 0: [ 1858.818121] ip_tables: iptables: counters copy to user failed while replacing table 01:45:57 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:57 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:57 executing program 0: 01:45:57 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="97cb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rt_sigpending(&(0x7f00000000c0), 0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:57 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:45:57 executing program 0: 01:45:57 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:57 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(0xffffffffffffffff) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:57 executing program 2: r0 = fanotify_init(0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000100)={0x18}, 0x18) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x3, 0xfa00, @id_resuseaddr={&(0x7f0000000480)=0x1, r3, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x0, 0x0, @mcast2}, r3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000300)={0x15, 0x110, 0xfa00, {r3, 0x3, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @local}, @ib={0x1b, 0x8467, 0x7ff, {"f955ba289d65932235ffdf27f7ef6473"}, 0x3, 0x3, 0x5}}}, 0x118) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f00000000c0)=ANY=[@ANYBLOB="92c8cc3f28156578e1c87fc3562b5d97cb"]) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r6, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = creat(&(0x7f0000000100)='./file0\x00', 0x0) syz_kvm_setup_cpu$x86(r7, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000180)="b94f0b00000f32c4e17f2c0e460f22012e0f78b33419000066b8fc000f00d0c4e1fa7edd45780b450f3accec010f01cbf3e193", 0x33}], 0x1, 0x38, &(0x7f0000000200), 0x0) 01:45:57 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:57 executing program 0: 01:45:57 executing program 0: [ 1859.726018] ip_tables: iptables: counters copy to user failed while replacing table 01:45:57 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:57 executing program 0: 01:45:57 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:58 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:58 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0xdf5, 0x65a2}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000480)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000d0020000800100009800000080010000000000000000000038020000380200003802000038020000380200000400000000000000000000007f000001ac14140000000000000000007f00000000000000000000000000000064756dea20f9524db2d96900000057c910a19f2bc02c00000000000000000000200000000000000000000000000000000000000000000000700098000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e80000f9c9991d0000000000000000000000000000005000736574000000000000000000000000000000000000000000000000000003000005050000000000000000000000000000000000000000100000000000000000000000000000000000000000000000280052454a45435400000000000000010000000000000000000000000000000000674f000000000000000000e00000020000000000000000766574b5315f766c616e00000000010062726964676530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800544545000000000000000000000000000000d40200000000000000000001ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000001a51496c00000000feffffff"], 0x1) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) 01:45:58 executing program 0: 01:45:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = fanotify_init(0x0, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000100)={0x18}, 0x18) r4 = fanotify_init(0x0, 0x0) fcntl$dupfd(r4, 0x0, r4) r5 = fanotify_init(0x0, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) write$FUSE_NOTIFY_POLL(r6, &(0x7f0000000100)={0x18}, 0x18) r7 = fanotify_init(0x0, 0x0) fcntl$dupfd(r7, 0x0, r7) ioctl$KVM_SET_SIGNAL_MASK(r6, 0x4004ae8b, &(0x7f00000001c0)=ANY=[@ANYRES16, @ANYPTR64=&(0x7f0000000540)=ANY=[@ANYPTR64, @ANYPTR64=&(0x7f0000000500)=ANY=[@ANYPTR64=&(0x7f00000004c0)=ANY=[@ANYRES16, @ANYRES32=r4, @ANYRES64=r6, @ANYPTR64=&(0x7f0000000200)=ANY=[@ANYBLOB="85be198b99e3d9c3aa1d3ddd42d2c50403c7e848a13f1ba6dea166b54aee57e633b8f169a8c0140202c932f57daf5868f6ed234308551c86c4819d50e84b8d03793ba717567138e7f728579f24081ac26255d2f7220b7a3e6579f9bacfc118d87f5bb00a9dae991a9a6abc", @ANYRES16, @ANYRESHEX, @ANYPTR64, @ANYRES64=0x0], @ANYRES64, @ANYRESDEC, @ANYPTR64], @ANYRES64=r5], @ANYBLOB="ff9195b948adb2d8f77ceb47ee112c01ce88a17bcb3ffd4fc044fcae391fabfc139a4a1b689a687b36a3ad01bca548c8e90f0ed817bd44bf58af4ab0977cf1b1518d510ae5fa221cdbcb4c0a05f0459298fd7f98068db0b823666ce6652582c8d7805f009772cbcccc4b06b6cc2c84301bf259ebe84d3dfd73b901ea497539", @ANYRES16=r6, @ANYBLOB="143180be0257370334b7adeccd3c88ffd80378a6b93ab0cdd7edfd7970aed65f747ed218968ecfdb3c142705b20215bbe37515b0aff11b5d5c100565ecefb551714f05ba91ca1478a485e2a07dc94fff52c19469c6daef09236c08fac806ac975390662e0802a90c57f075ab66a88a8a884ff91ff9ccb6505ef7ad7b76f9410d77a4e9d7f52bf0b9752350533c20bad01370d1f56a54eef89bc5396ecbbf1f16e63843dda7bcdf588cd355bc5ff1bfea4f822c9245a4d3bc917eef60443165b8f0ab6d815ecaf1a1e9406d1d4074ec4774028063b068f7b9f352d90b5148b12d2a307058d0bfd427b9b392777c677c", @ANYRES32=0x0, @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRES64, @ANYPTR64, @ANYPTR]], @ANYBLOB="367ff325eda2"]) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r8, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) 01:45:58 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:58 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:58 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:58 executing program 0: perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@ipv4_newaddr={0x18, 0x12}, 0x18}, 0x1, 0xf0ffffff}, 0x0) [ 1860.640674] ip_tables: iptables: counters copy to user failed while replacing table 01:45:58 executing program 1: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) 01:45:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = open(0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(r2, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005c40)=[{{&(0x7f0000000380)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)=""/16, 0x10}], 0x1}}, {{&(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, 0x0}}, {{&(0x7f0000000e80)=@phonet, 0x80, &(0x7f0000000440)=[{&(0x7f0000000400)=""/36, 0x24}], 0x1}}, {{&(0x7f0000001140)=@alg, 0x80, &(0x7f0000001500)=[{&(0x7f00000012c0)=""/225, 0xe1}, {&(0x7f00000013c0)=""/187, 0xbb}, {&(0x7f0000003880)=""/4096, 0x1000}], 0x3, &(0x7f0000001580)=""/13, 0xd}, 0x100}, {{&(0x7f00000015c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000001740), 0x0, &(0x7f0000001780)=""/64, 0x40}, 0x767}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004c40)=""/4096, 0x1000}}], 0x6, 0x0, 0x0) fcntl$setpipe(r1, 0x407, 0x0) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) statx(r3, &(0x7f0000000140)='./bus\x00', 0x400, 0x10, &(0x7f0000000880)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, 0x0, 0x0) pipe(0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x0, 0x2) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000002c0)=""/187, &(0x7f00000001c0)=0xbb) r6 = open(&(0x7f0000001840)='./bus\x00', 0x84002, 0x0) sendfile(r5, r6, 0x0, 0x8400f7fffff8) syz_genetlink_get_family_id$fou(0x0) creat(&(0x7f0000000680)='./bus\x00', 0x0) 01:45:58 executing program 2: syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x2, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="8fcb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000000)={0x1, 0x1}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x1, 0xf000, 0x1000, &(0x7f0000ffb000/0x1000)=nil}) fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f0000000100)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:45:58 executing program 5: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100), 0x618) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r2, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r4, r3, 0x0) r5 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r5, r4) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 01:45:58 executing program 3: lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x43, 0x400000000000000}, 0x11288, 0x2000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @local}, 0x10) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000440), &(0x7f0000000300)=0x60) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000000c0)=[@mss={0x2, 0xffffffff}, @timestamp, @window, @mss={0x2, 0x91c}], 0x4) sendmmsg(r1, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="72617700000000010000000000000000000000000000000000000000000000000200000003000000b80400000000000000000000000000000003000000030000200400002004000020040000200400002004000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000a00200030000000000000000000000000000000000000000300262706600000000000000000000000000000000000000000000000000000101000000000000002e2f66696c653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060005345540000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0002001000000000000000000000000000000000000000050006f736600000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000004feffffff00000000"], 0x518) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES16], 0x1}}, 0x0) close(r1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000200)=[@mss, @timestamp, @window={0x3, 0x0, 0xfffe}, @mss={0x2, 0x3}], 0x4) sendmmsg(r3, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="160e90cb39bca59f8c4064ac6d7b242060a07bc4309e3eb79d8745797b308edd84adef35ad9d8a17240f38f55f57c55f3875db81d255eea402e1c11ca7fc01964aeb9ed6ef4e80bc67cba7e7fe961fe5d921442b0a06b135f8a73b68dc904b436f256f50ae7cb980e69e7580b9f11c6ede4210f23240559b8c427000d7ce7862417ab5a50e494b2a54e346d7ffa008ccef06813e235b446788ac0f1df3c65bc1fb5393364a2efd284640ec2c438ad2b24a69f1f9da000000000000000000000000989eee6a9283bf253ca4"], 0x1}}, 0x0) close(r3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r5, r4, 0x0) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10, 0x0) dup2(r6, r5) bind$pptp(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0x2, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x4}]}, 0x30}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 1861.062576] audit: type=1800 audit(1584323159.133:2050): pid=4243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=17345 res=0