[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.671446] kauditd_printk_skb: 8 callbacks suppressed [ 28.671458] audit: type=1800 audit(1545208423.484:29): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.704209] audit: type=1800 audit(1545208423.484:30): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts. 2018/12/19 08:33:53 fuzzer started 2018/12/19 08:33:55 dialing manager at 10.128.0.26:46187 2018/12/19 08:33:55 syscalls: 1 2018/12/19 08:33:55 code coverage: enabled 2018/12/19 08:33:55 comparison tracing: enabled 2018/12/19 08:33:55 setuid sandbox: enabled 2018/12/19 08:33:55 namespace sandbox: enabled 2018/12/19 08:33:55 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/19 08:33:55 fault injection: enabled 2018/12/19 08:33:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/19 08:33:55 net packet injection: enabled 2018/12/19 08:33:55 net device setup: enabled 08:36:14 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000009fe8)={0xaa, 0x22}) syz_genetlink_get_family_id$team(0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, &(0x7f0000000780), 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x40001, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, [0x18]}, 0x2c) bind$alg(0xffffffffffffffff, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000240)={0x0, 0x5, 0x0, 0x4, 0x2, [{0x5, 0x0, 0x10001}, {0x3, 0x100, 0x8001}]}) r2 = userfaultfd(0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4000, 0x0) close(r2) clone(0x4800a000, &(0x7f0000001f37), 0x0, 0x0, 0x0) read(r0, &(0x7f0000000400)=""/100, 0x64) dup3(r2, r0, 0x0) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x1000}) syzkaller login: [ 180.076131] IPVS: ftp: loaded support on port[0] = 21 08:36:15 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8, 0x0) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000480)={0x9, @raw_data="b760ec4a9caded1b97c4d8a27661e5aa6c86716462e4e0324c8c64938d37b50db959471d9de75f5f781974fcd22e3ab7fd86955ae6ab3dd78ad5667af4b6582b7acca82db3b27d590350824d0fdcae6519434ed3a297f522ec09e1a1cd62bdecda3dbc1d16550b348b216d11f2b3861c6fb928c8ee718f78c96c7f478b68fcb810f76c4dfb445b08f050e9ba29e6ffadd054f9965a7de53b81ecde0dbbc3b636391a42c6f37405a3289420bd8b09bc961385247ce0e9bcff5765ce1b5b54e396b472272d085aa9ff"}) [ 180.371500] IPVS: ftp: loaded support on port[0] = 21 08:36:15 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 180.659657] IPVS: ftp: loaded support on port[0] = 21 08:36:15 executing program 3: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f0000000140)='./control/file0\x00') rename(&(0x7f00000003c0)='./control/file0\x00', &(0x7f0000000380)='./file0\x00') mknod(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./file0\x00', 0x0, 0x1000, 0x0) umount2(&(0x7f0000000200)='./file0\x00', 0x0) close(r0) mknod(&(0x7f00000000c0)='./control/file0\x00', 0x1028, 0x80) [ 181.146300] IPVS: ftp: loaded support on port[0] = 21 08:36:16 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_GET_KEEPCAPS(0x7) [ 181.639775] IPVS: ftp: loaded support on port[0] = 21 08:36:16 executing program 5: syz_emit_ethernet(0x72, &(0x7f0000000140)={@local, @empty=[0x8000000, 0x100000000000000], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0xffffff88, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x228, {0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev, {[@timestamp={0x8, 0x34, 0x0, 0x0, 0x0, [{}, {[@multicast1]}, {}, {[@loopback]}, {[@broadcast]}, {[@multicast1]}, {[@dev]}]}]}}}}}}}, 0x0) [ 181.905711] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.937610] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.945994] device bridge_slave_0 entered promiscuous mode [ 182.046913] IPVS: ftp: loaded support on port[0] = 21 [ 182.130429] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.137260] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.144796] device bridge_slave_1 entered promiscuous mode [ 182.288419] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.420517] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.464744] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.474368] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.501707] device bridge_slave_0 entered promiscuous mode [ 182.659009] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.666309] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.689237] device bridge_slave_1 entered promiscuous mode [ 182.724832] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.766713] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.778714] device bridge_slave_0 entered promiscuous mode [ 182.805104] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.838111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.923406] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.940546] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.956947] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.964333] device bridge_slave_1 entered promiscuous mode [ 182.990193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.079299] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.228189] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.394924] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.554775] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.577826] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.594338] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.607675] team0: Port device team_slave_0 added [ 183.614025] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.639229] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.652165] device bridge_slave_0 entered promiscuous mode [ 183.718031] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.755773] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.772708] team0: Port device team_slave_1 added [ 183.781884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.799026] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.805686] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.818488] device bridge_slave_1 entered promiscuous mode [ 183.835160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.878560] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.887540] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.898149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.961717] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.971520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.997299] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.024864] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.082127] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.227001] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.242342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.277648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.327430] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.340567] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.349109] device bridge_slave_0 entered promiscuous mode [ 184.379803] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.409066] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.419983] team0: Port device team_slave_0 added [ 184.426899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.442453] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.480341] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.489999] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.498000] device bridge_slave_1 entered promiscuous mode [ 184.509145] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.519719] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.526069] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.540363] device bridge_slave_0 entered promiscuous mode [ 184.549952] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.562594] team0: Port device team_slave_0 added [ 184.574131] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.599487] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.617046] team0: Port device team_slave_1 added [ 184.635442] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.652188] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.660584] device bridge_slave_1 entered promiscuous mode [ 184.671862] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 184.691259] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 184.712546] team0: Port device team_slave_1 added [ 184.721955] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.741789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.758934] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.779509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.797793] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 184.804658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.817523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.836978] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.843893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.868578] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.943608] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.962740] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.978412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.988722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.010011] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 185.024297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.041563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.087426] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.095055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.112879] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.137645] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 185.144930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.167644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.175515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.190623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.259164] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.267303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.282389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.301603] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.321440] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.345665] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.367558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.412177] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.441766] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.531320] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 185.557442] team0: Port device team_slave_0 added [ 185.565385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.588406] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.596033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.670060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.686392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.703513] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.716268] team0: Port device team_slave_1 added [ 185.750223] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.783738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.864198] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.897255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.926144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 185.937420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.945320] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.043442] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.051377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.077927] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.115545] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.122099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.129203] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.135598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.148760] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.166314] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 186.192457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.209196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.276767] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.287288] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.299882] team0: Port device team_slave_0 added [ 186.307069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.337147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.360139] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.367494] team0: Port device team_slave_0 added [ 186.407322] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.417410] team0: Port device team_slave_1 added [ 186.448176] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.486312] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 186.494899] team0: Port device team_slave_1 added [ 186.555937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.586836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.607465] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.634458] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 186.661782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.672054] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.694021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.728315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.736261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.773224] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.779663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.786344] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.792779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.802998] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.812294] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 186.826160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.839689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.869179] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 186.876317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.907474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.964181] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 186.984118] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.998952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.017616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.034468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.049367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.065059] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.071498] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.078213] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.084587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.105236] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.136541] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 187.152932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.177418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.457062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.467677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.855333] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.861792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.868508] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.874917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.888379] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.384965] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.391423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.398163] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.404537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.433865] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.478261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.487557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.586998] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.593440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.600201] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.606646] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.619056] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 189.497151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.740821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.201984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.211569] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.270757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.700669] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.734724] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.778591] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.787805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.803403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.013945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.167833] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.177484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.207702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.221584] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.243367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.257995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.300030] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.561164] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.647077] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.672563] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.695449] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.825172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.051074] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.135264] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.141564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.160094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.257361] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.513714] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.526794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.535726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.592409] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.769042] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.775268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.797252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.021630] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.165319] 8021q: adding VLAN 0 to HW filter on device team0 08:36:31 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8, 0x0) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000480)={0x9, @raw_data="b760ec4a9caded1b97c4d8a27661e5aa6c86716462e4e0324c8c64938d37b50db959471d9de75f5f781974fcd22e3ab7fd86955ae6ab3dd78ad5667af4b6582b7acca82db3b27d590350824d0fdcae6519434ed3a297f522ec09e1a1cd62bdecda3dbc1d16550b348b216d11f2b3861c6fb928c8ee718f78c96c7f478b68fcb810f76c4dfb445b08f050e9ba29e6ffadd054f9965a7de53b81ecde0dbbc3b636391a42c6f37405a3289420bd8b09bc961385247ce0e9bcff5765ce1b5b54e396b472272d085aa9ff"}) 08:36:31 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8, 0x0) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000480)={0x9, @raw_data="b760ec4a9caded1b97c4d8a27661e5aa6c86716462e4e0324c8c64938d37b50db959471d9de75f5f781974fcd22e3ab7fd86955ae6ab3dd78ad5667af4b6582b7acca82db3b27d590350824d0fdcae6519434ed3a297f522ec09e1a1cd62bdecda3dbc1d16550b348b216d11f2b3861c6fb928c8ee718f78c96c7f478b68fcb810f76c4dfb445b08f050e9ba29e6ffadd054f9965a7de53b81ecde0dbbc3b636391a42c6f37405a3289420bd8b09bc961385247ce0e9bcff5765ce1b5b54e396b472272d085aa9ff"}) [ 196.598735] hrtimer: interrupt took 30392 ns 08:36:31 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x8, 0x0) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000480)={0x9, @raw_data="b760ec4a9caded1b97c4d8a27661e5aa6c86716462e4e0324c8c64938d37b50db959471d9de75f5f781974fcd22e3ab7fd86955ae6ab3dd78ad5667af4b6582b7acca82db3b27d590350824d0fdcae6519434ed3a297f522ec09e1a1cd62bdecda3dbc1d16550b348b216d11f2b3861c6fb928c8ee718f78c96c7f478b68fcb810f76c4dfb445b08f050e9ba29e6ffadd054f9965a7de53b81ecde0dbbc3b636391a42c6f37405a3289420bd8b09bc961385247ce0e9bcff5765ce1b5b54e396b472272d085aa9ff"}) 08:36:31 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x8001000000002c) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000480)={'gre0\x00', &(0x7f00000004c0)=@ethtool_sset_info}) 08:36:31 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffbc}, [@ldst={0x7, 0x1, 0x0, 0x0, 0x7a}]}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0x3d1, &(0x7f000000cf3d)=""/195}, 0x48) [ 197.102669] IPVS: ftp: loaded support on port[0] = 21 08:36:31 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000100)=@ethtool_stats={0x9}}) close(r2) close(r1) [ 197.470317] IPVS: ftp: loaded support on port[0] = 21 08:36:41 executing program 0: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0xddcbc2a23a49d0f0) r1 = socket$inet6(0xa, 0x803, 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x2c) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) 08:36:41 executing program 1: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) capset(&(0x7f0000000280)={0x19980330}, &(0x7f0000001fe8)={0x20000fffffff8, 0xffffffffffffffff}) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) 08:36:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) 08:36:41 executing program 5: clone(0x13102001fe9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x24) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0xdf}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 08:36:41 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x1, 0x5, 0xb}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000fe6000)={0x3, 0x4, 0x4, 0x100000009}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000f00fb8)={0xe, 0x5, &(0x7f0000b0afd8)=@framed={{}, [@map={0x18, 0x0, 0x1, 0x0, r1}]}, &(0x7f0000fe9000)='syzkaller\x00', 0x5, 0x1000, &(0x7f0000e18000)=""/4096}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00004b1000)={0x8, 0x7, &(0x7f0000261000)=@framed={{}, [@map={0x18, 0x9, 0x1, 0x0, r1}, @map={0x18, 0x4, 0x1, 0x0, r0}]}, &(0x7f0000cd0000)='GPL\x00', 0xb4c3, 0x259, &(0x7f0000cdd000)=""/4096}, 0x48) 08:36:41 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x0, 0x80013, r0, 0x0) [ 206.921355] capability: warning: `syz-executor1' uses 32-bit capabilities (legacy support in use) 08:36:41 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000200)="0a5c2d023c126285718070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0xbcda34450b800b7a, 0x40000000000a132, 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r1, 0x10c, 0x2, &(0x7f00000002c0), &(0x7f0000002600)=0x4) [ 206.961391] overlayfs: failed to create directory ./file1/work (errno: 13); mounting read-only [ 206.999988] FAULT_FLAG_ALLOW_RETRY missing 30 [ 207.005288] CPU: 1 PID: 7713 Comm: syz-executor2 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 207.013797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.023167] Call Trace: [ 207.025763] dump_stack+0x244/0x39d [ 207.029406] ? dump_stack_print_info.cold.1+0x20/0x20 [ 207.034649] handle_userfault.cold.30+0x47/0x62 [ 207.039345] ? userfaultfd_ioctl+0x55d0/0x55d0 [ 207.043932] ? mark_held_locks+0x130/0x130 [ 207.048181] ? mark_held_locks+0x130/0x130 [ 207.052433] ? print_usage_bug+0xc0/0xc0 [ 207.056492] ? lock_downgrade+0x900/0x900 [ 207.060647] ? kasan_check_read+0x11/0x20 [ 207.064889] ? do_raw_spin_unlock+0xa7/0x330 [ 207.069315] ? do_raw_spin_trylock+0x270/0x270 [ 207.073909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.079465] ? check_preemption_disabled+0x48/0x280 [ 207.084488] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.090048] ? mark_held_locks+0xc7/0x130 [ 207.094223] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.098981] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 207.103566] ? graph_lock+0x270/0x270 [ 207.107378] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.112155] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 207.117633] ? graph_lock+0x270/0x270 [ 207.121474] ? print_usage_bug+0xc0/0xc0 [ 207.125546] ? find_held_lock+0x36/0x1c0 [ 207.129624] ? __handle_mm_fault+0x4d19/0x5b70 [ 207.134211] ? lock_downgrade+0x900/0x900 [ 207.138367] ? kasan_check_read+0x11/0x20 [ 207.142516] ? do_raw_spin_unlock+0xa7/0x330 [ 207.146927] ? do_raw_spin_trylock+0x270/0x270 [ 207.151515] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 207.157169] __handle_mm_fault+0x4d26/0x5b70 [ 207.161609] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 207.166458] ? __schedule+0xa49/0x21e0 [ 207.170360] ? note_gp_changes+0x470/0x470 [ 207.174604] ? __sched_text_start+0x8/0x8 [ 207.178768] ? graph_lock+0x270/0x270 [ 207.182566] ? graph_lock+0x270/0x270 [ 207.186403] ? retint_kernel+0x2d/0x2d [ 207.190301] ? find_held_lock+0x36/0x1c0 [ 207.194385] ? handle_mm_fault+0x42a/0xc70 [ 207.198637] ? lock_downgrade+0x900/0x900 [ 207.202816] ? check_preemption_disabled+0x48/0x280 [ 207.207852] ? __rcu_read_unlock+0x205/0x210 [ 207.212265] ? rcu_read_unlock_special+0x370/0x370 [ 207.217239] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.222781] ? check_preemption_disabled+0x48/0x280 [ 207.227822] handle_mm_fault+0x54f/0xc70 [ 207.231894] ? __handle_mm_fault+0x5b70/0x5b70 [ 207.236481] ? find_vma+0x34/0x190 [ 207.240055] __do_page_fault+0x5f6/0xd70 [ 207.244162] do_page_fault+0xf2/0x7e0 [ 207.247971] ? vmalloc_sync_all+0x30/0x30 [ 207.252138] ? error_entry+0x76/0xd0 [ 207.255859] ? trace_hardirqs_off_caller+0xbb/0x310 [ 207.260878] ? find_held_lock+0x36/0x1c0 [ 207.264956] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.269808] ? trace_hardirqs_on_caller+0x310/0x310 [ 207.274843] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.279755] page_fault+0x1e/0x30 [ 207.283240] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 207.289130] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 207.308032] RSP: 0018:ffff888189926de0 EFLAGS: 00010206 [ 207.313396] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 207.320661] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff8881ae19e000 [ 207.327960] RBP: ffff888189926e18 R08: 0000000000000000 R09: 0000000000000040 [ 207.335233] R10: ffffed1035c33dff R11: ffff8881ae19efff R12: 0000000020014000 [ 207.342505] R13: 0000000020013000 R14: ffff8881ae19e000 R15: 00007ffffffff000 [ 207.349797] ? _copy_from_user+0x10d/0x150 [ 207.354040] mcopy_atomic+0x1bc2/0x2cd0 [ 207.358041] ? mm_alloc_pmd+0x2f0/0x2f0 [ 207.362033] ? graph_lock+0x270/0x270 [ 207.365844] ? mark_held_locks+0x130/0x130 [ 207.370082] ? __lock_acquire+0x62f/0x4c20 [ 207.374363] ? find_held_lock+0x36/0x1c0 [ 207.378449] ? __might_fault+0x12b/0x1e0 [ 207.382529] ? lock_downgrade+0x900/0x900 [ 207.386720] ? lock_release+0xa00/0xa00 [ 207.390697] ? perf_trace_sched_process_exec+0x860/0x860 [ 207.396161] ? fixup_owner+0x250/0x250 [ 207.400124] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.405675] ? _copy_from_user+0xdf/0x150 [ 207.409844] userfaultfd_ioctl+0x29f4/0x55d0 [ 207.414254] ? graph_lock+0x270/0x270 [ 207.418074] ? graph_lock+0x270/0x270 [ 207.421892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.427430] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.432198] ? userfaultfd_read+0x2c0/0x2c0 [ 207.436541] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 207.442007] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.446771] ? retint_kernel+0x2d/0x2d [ 207.450673] ? _raw_spin_unlock_irqrestore+0xaf/0xd0 [ 207.455803] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 207.460918] ? try_to_wake_up+0x11c/0x1440 [ 207.465159] ? graph_lock+0x270/0x270 [ 207.468962] ? print_usage_bug+0xc0/0xc0 [ 207.473028] ? migrate_swap_stop+0x8a0/0x8a0 [ 207.477454] ? find_held_lock+0x36/0x1c0 [ 207.481530] ? __lock_acquire+0x62f/0x4c20 [ 207.485765] ? lock_downgrade+0x900/0x900 [ 207.489929] ? mark_held_locks+0x130/0x130 [ 207.494162] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 207.498759] ? retint_kernel+0x2d/0x2d [ 207.502649] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.507454] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 207.512903] ? futex_wake+0x304/0x760 [ 207.516717] ? __lock_acquire+0x62f/0x4c20 [ 207.520959] ? retint_kernel+0x2d/0x2d [ 207.524859] ? mark_held_locks+0x130/0x130 [ 207.529106] ? graph_lock+0x270/0x270 [ 207.532936] ? do_futex+0x249/0x26d0 [ 207.536673] ? lockdep_init_map+0x105/0x590 [ 207.541000] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 207.545761] ? find_held_lock+0x36/0x1c0 [ 207.549878] ? __fget+0x4aa/0x740 [ 207.553336] ? lock_downgrade+0x900/0x900 [ 207.557484] ? check_preemption_disabled+0x48/0x280 [ 207.562746] ? kasan_check_read+0x11/0x20 [ 207.566905] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 207.572202] ? rcu_read_unlock_special+0x370/0x370 [ 207.577256] ? __fget+0x4d1/0x740 [ 207.580755] ? ksys_dup3+0x680/0x680 [ 207.584486] ? __might_fault+0x12b/0x1e0 [ 207.588554] ? lock_downgrade+0x900/0x900 [ 207.592707] ? lock_release+0xa00/0xa00 [ 207.596692] ? userfaultfd_read+0x2c0/0x2c0 [ 207.601033] do_vfs_ioctl+0x1de/0x1790 [ 207.604921] ? do_vfs_ioctl+0x1de/0x1790 [ 207.608996] ? ioctl_preallocate+0x300/0x300 [ 207.613415] ? __fget_light+0x2e9/0x430 [ 207.617425] ? fget_raw+0x20/0x20 [ 207.620901] ? _copy_to_user+0xc8/0x110 [ 207.624885] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.630441] ? put_timespec64+0x10f/0x1b0 [ 207.634601] ? nsecs_to_jiffies+0x30/0x30 [ 207.638754] ? do_syscall_64+0x9a/0x820 [ 207.642733] ? do_syscall_64+0x9a/0x820 [ 207.646721] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 207.651317] ? security_file_ioctl+0x94/0xc0 [ 207.655747] ksys_ioctl+0xa9/0xd0 [ 207.659222] __x64_sys_ioctl+0x73/0xb0 [ 207.663125] do_syscall_64+0x1b9/0x820 [ 207.667020] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 207.672404] ? syscall_return_slowpath+0x5e0/0x5e0 [ 207.677338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.682188] ? trace_hardirqs_on_caller+0x310/0x310 [ 207.687211] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 207.692711] ? prepare_exit_to_usermode+0x291/0x3b0 [ 207.697777] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.702635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.707823] RIP: 0033:0x457669 [ 207.711038] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.729938] RSP: 002b:00007f072295cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.737645] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 207.744929] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 207.752225] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 08:36:42 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00W^Q,\x9c\xc0\xc9G\xa5\x03\xfe\xd4\x85\xe8\xb5\xb52\xeb\xbd\xa5\xfd\xae\x8d\x9b\xd2\xd0\xe72\x91p\x00\x1c\xc8\xa9\x16\xec\xb9\x89(\xba:\xf1\xb1[b\'\xeb\xa8\x88\xfb.\xf1\xf1\xba\xe7h\x04\x13\x8e0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00W^Q,\x9c\xc0\xc9G\xa5\x03\xfe\xd4\x85\xe8\xb5\xb52\xeb\xbd\xa5\xfd\xae\x8d\x9b\xd2\xd0\xe72\x91p\x00\x1c\xc8\xa9\x16\xec\xb9\x89(\xba:\xf1\xb1[b\'\xeb\xa8\x88\xfb.\xf1\xf1\xba\xe7h\x04\x13\x8e0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00W^Q,\x9c\xc0\xc9G\xa5\x03\xfe\xd4\x85\xe8\xb5\xb52\xeb\xbd\xa5\xfd\xae\x8d\x9b\xd2\xd0\xe72\x91p\x00\x1c\xc8\xa9\x16\xec\xb9\x89(\xba:\xf1\xb1[b\'\xeb\xa8\x88\xfb.\xf1\xf1\xba\xe7h\x04\x13\x8e0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00W^Q,\x9c\xc0\xc9G\xa5\x03\xfe\xd4\x85\xe8\xb5\xb52\xeb\xbd\xa5\xfd\xae\x8d\x9b\xd2\xd0\xe72\x91p\x00\x1c\xc8\xa9\x16\xec\xb9\x89(\xba:\xf1\xb1[b\'\xeb\xa8\x88\xfb.\xf1\xf1\xba\xe7h\x04\x13\x8e a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 208.590769] RSP: 0018:ffff88818b22ede0 EFLAGS: 00010206 [ 208.596161] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 208.603428] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff8881a7fcb000 [ 208.610694] RBP: ffff88818b22ee18 R08: 0000000000000000 R09: 0000000000000040 [ 208.617964] R10: ffffed1034ff97ff R11: ffff8881a7fcbfff R12: 0000000020014000 [ 208.625235] R13: 0000000020013000 R14: ffff8881a7fcb000 R15: 00007ffffffff000 [ 208.632541] ? _copy_from_user+0x10d/0x150 [ 208.636818] mcopy_atomic+0x1bc2/0x2cd0 [ 208.640798] ? do_raw_spin_trylock+0x270/0x270 [ 208.645387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.650946] ? mm_alloc_pmd+0x2f0/0x2f0 [ 208.654923] ? find_held_lock+0x36/0x1c0 [ 208.658999] ? graph_lock+0x270/0x270 [ 208.662805] ? _raw_spin_unlock_irq+0x27/0x80 [ 208.667316] ? _raw_spin_unlock_irq+0x27/0x80 [ 208.671829] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 208.676414] ? trace_hardirqs_on+0xbd/0x310 [ 208.680736] ? kasan_check_read+0x11/0x20 [ 208.684883] ? finish_task_switch+0x140/0x910 [ 208.689417] ? find_held_lock+0x36/0x1c0 [ 208.694019] ? __might_fault+0x12b/0x1e0 [ 208.698100] ? lock_downgrade+0x900/0x900 [ 208.702275] ? lock_release+0xa00/0xa00 [ 208.706262] ? perf_trace_sched_process_exec+0x860/0x860 [ 208.711726] ? __switch_to_asm+0x40/0x70 [ 208.715789] ? __switch_to_asm+0x34/0x70 [ 208.719849] ? __switch_to_asm+0x40/0x70 [ 208.723907] ? __switch_to_asm+0x34/0x70 [ 208.727965] ? __switch_to_asm+0x40/0x70 [ 208.732054] ? __switch_to_asm+0x34/0x70 [ 208.736127] ? __switch_to_asm+0x34/0x70 [ 208.740210] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 208.745773] ? _copy_from_user+0xdf/0x150 [ 208.749933] userfaultfd_ioctl+0x29f4/0x55d0 [ 208.754349] ? graph_lock+0x270/0x270 [ 208.758159] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 208.762941] ? userfaultfd_read+0x2c0/0x2c0 [ 208.767298] ? perf_trace_sched_process_exec+0x860/0x860 [ 208.772750] ? do_raw_spin_unlock+0xa7/0x330 [ 208.777189] ? do_raw_spin_trylock+0x270/0x270 [ 208.781770] ? lock_acquire+0x1ed/0x520 [ 208.785755] ? __might_sleep+0x95/0x190 [ 208.789737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.795280] ? futex_wait_queue_me+0x55d/0x840 [ 208.799867] ? refill_pi_state_cache.part.7+0x310/0x310 [ 208.805237] ? print_usage_bug+0xc0/0xc0 [ 208.809304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.814842] ? get_futex_value_locked+0xcb/0xf0 [ 208.819516] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 208.824549] ? futex_wait_setup+0x266/0x3e0 [ 208.828893] ? __lock_acquire+0x62f/0x4c20 [ 208.833135] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 208.838241] ? futex_wait+0x5ec/0xa50 [ 208.842055] ? mark_held_locks+0x130/0x130 [ 208.846305] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 208.851438] ? futex_wake+0x304/0x760 [ 208.855252] ? __lock_acquire+0x62f/0x4c20 [ 208.859523] ? mark_held_locks+0x130/0x130 [ 208.863756] ? graph_lock+0x270/0x270 [ 208.867554] ? do_futex+0x249/0x26d0 [ 208.871280] ? __sched_text_start+0x8/0x8 [ 208.875435] ? find_held_lock+0x36/0x1c0 [ 208.879509] ? __fget+0x4aa/0x740 [ 208.882965] ? lock_downgrade+0x900/0x900 [ 208.887134] ? check_preemption_disabled+0x48/0x280 [ 208.892158] ? kasan_check_read+0x11/0x20 [ 208.896305] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 208.901583] ? rcu_read_unlock_special+0x370/0x370 [ 208.906542] ? __fget+0x4d1/0x740 [ 208.910008] ? ksys_dup3+0x680/0x680 [ 208.913745] ? __might_fault+0x12b/0x1e0 [ 208.917815] ? lock_downgrade+0x900/0x900 [ 208.921969] ? lock_release+0xa00/0xa00 [ 208.925954] ? userfaultfd_read+0x2c0/0x2c0 [ 208.930278] do_vfs_ioctl+0x1de/0x1790 [ 208.934168] ? do_vfs_ioctl+0x1de/0x1790 [ 208.938239] ? ioctl_preallocate+0x300/0x300 [ 208.942669] ? __fget_light+0x2e9/0x430 [ 208.946679] ? fget_raw+0x20/0x20 [ 208.950163] ? _copy_to_user+0xc8/0x110 [ 208.954169] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 208.959719] ? put_timespec64+0x10f/0x1b0 [ 208.963891] ? nsecs_to_jiffies+0x30/0x30 [ 208.968043] ? do_syscall_64+0x9a/0x820 [ 208.972019] ? do_syscall_64+0x9a/0x820 [ 208.975993] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 208.980617] ? security_file_ioctl+0x94/0xc0 [ 208.985047] ksys_ioctl+0xa9/0xd0 [ 208.988509] __x64_sys_ioctl+0x73/0xb0 [ 208.992401] do_syscall_64+0x1b9/0x820 [ 208.996296] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 209.001666] ? syscall_return_slowpath+0x5e0/0x5e0 [ 209.006608] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.011488] ? trace_hardirqs_on_caller+0x310/0x310 [ 209.016523] ? prepare_exit_to_usermode+0x291/0x3b0 [ 209.021547] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.026402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.031629] RIP: 0033:0x457669 [ 209.034855] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.053755] RSP: 002b:00007f072295cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 209.061467] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 209.068735] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 209.076045] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 209.083336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f072295d6d4 08:36:43 executing program 1: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) capset(&(0x7f0000000280)={0x19980330}, &(0x7f0000001fe8)={0x20000fffffff8, 0xffffffffffffffff}) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) [ 209.090621] R13: 00000000004c1703 R14: 00000000004d32d0 R15: 00000000ffffffff 08:36:43 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) 08:36:44 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) [ 209.222510] overlayfs: failed to create directory ./file1/work (errno: 13); mounting read-only 08:36:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) [ 209.294650] FAULT_FLAG_ALLOW_RETRY missing 30 [ 209.312730] FAULT_FLAG_ALLOW_RETRY missing 30 [ 209.318493] CPU: 1 PID: 7785 Comm: syz-executor4 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 209.327008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.336378] Call Trace: [ 209.339000] dump_stack+0x244/0x39d [ 209.342680] ? dump_stack_print_info.cold.1+0x20/0x20 [ 209.347920] handle_userfault.cold.30+0x47/0x62 [ 209.352644] ? userfaultfd_ioctl+0x55d0/0x55d0 [ 209.357257] ? mark_held_locks+0x130/0x130 [ 209.361547] ? find_held_lock+0x36/0x1c0 [ 209.365687] ? userfaultfd_ctx_put+0x830/0x830 [ 209.370290] ? graph_lock+0x270/0x270 [ 209.374117] ? pvclock_read_flags+0x160/0x160 [ 209.378637] ? graph_lock+0x270/0x270 [ 209.382480] ? print_usage_bug+0xc0/0xc0 [ 209.386572] ? graph_lock+0x270/0x270 [ 209.390428] ? find_held_lock+0x36/0x1c0 [ 209.394513] ? find_held_lock+0x36/0x1c0 [ 209.398587] ? find_held_lock+0x36/0x1c0 [ 209.402675] ? __handle_mm_fault+0x4d19/0x5b70 [ 209.407271] ? lock_downgrade+0x900/0x900 [ 209.411437] ? kasan_check_read+0x11/0x20 [ 209.415606] ? do_raw_spin_unlock+0xa7/0x330 [ 209.420035] ? do_raw_spin_trylock+0x270/0x270 [ 209.424655] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 209.430298] ? __lock_acquire+0x62f/0x4c20 [ 209.434563] __handle_mm_fault+0x4d26/0x5b70 [ 209.439016] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 209.443873] ? copy_user_handle_tail+0x39/0xb0 [ 209.448524] ? search_extable+0x80/0xb0 [ 209.452528] ? print_usage_bug+0xc0/0xc0 [ 209.452583] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 209.452610] ? ex_handler_uaccess+0x9d/0xc0 [ 209.462415] ? bogus_uaccess.isra.2+0x180/0x180 [ 209.462436] ? fixup_exception+0xb1/0xde [ 209.462464] ? graph_lock+0x270/0x270 [ 209.462484] ? graph_lock+0x270/0x270 [ 209.483124] ? find_held_lock+0x36/0x1c0 [ 209.487224] ? handle_mm_fault+0x42a/0xc70 [ 209.491476] ? lock_downgrade+0x900/0x900 [ 209.495680] ? check_preemption_disabled+0x48/0x280 [ 209.500725] ? kasan_check_read+0x11/0x20 [ 209.504904] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 209.510200] ? rcu_read_unlock_special+0x370/0x370 [ 209.515156] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 209.520708] ? check_preemption_disabled+0x48/0x280 [ 209.525778] handle_mm_fault+0x54f/0xc70 [ 209.529858] ? __handle_mm_fault+0x5b70/0x5b70 [ 209.534472] ? find_vma+0x34/0x190 [ 209.538063] __do_page_fault+0x5f6/0xd70 [ 209.542176] do_page_fault+0xf2/0x7e0 [ 209.546000] ? vmalloc_sync_all+0x30/0x30 [ 209.550295] ? error_entry+0x76/0xd0 [ 209.554029] ? trace_hardirqs_off_caller+0xbb/0x310 [ 209.559099] ? find_held_lock+0x36/0x1c0 [ 209.563408] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.568273] ? trace_hardirqs_on_caller+0x310/0x310 [ 209.573316] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.578201] page_fault+0x1e/0x30 [ 209.581668] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 209.587564] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 209.606489] RSP: 0018:ffff888189236de0 EFLAGS: 00010206 [ 209.611857] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 209.619133] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff8881a2e5c000 [ 209.626417] RBP: ffff888189236e18 R08: 0000000000000000 R09: 0000000000000040 [ 209.633697] R10: ffffed10345cb9ff R11: ffff8881a2e5cfff R12: 0000000020014000 [ 209.641064] R13: 0000000020013000 R14: ffff8881a2e5c000 R15: 00007ffffffff000 [ 209.648381] ? _copy_from_user+0x10d/0x150 [ 209.652645] mcopy_atomic+0x1bc2/0x2cd0 [ 209.656644] ? do_raw_spin_trylock+0x270/0x270 [ 209.661243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 209.666817] ? mm_alloc_pmd+0x2f0/0x2f0 [ 209.670839] ? trace_hardirqs_on_caller+0xc0/0x310 [ 209.675793] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.680565] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 209.686058] ? graph_lock+0x270/0x270 [ 209.689891] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.695199] ? find_held_lock+0x36/0x1c0 [ 209.699289] ? __might_fault+0x12b/0x1e0 [ 209.703386] ? lock_downgrade+0x900/0x900 [ 209.707562] ? lock_release+0xa00/0xa00 [ 209.711625] ? perf_trace_sched_process_exec+0x860/0x860 [ 209.717112] ? __switch_to_asm+0x40/0x70 [ 209.721186] ? __switch_to_asm+0x34/0x70 [ 209.725262] ? __switch_to_asm+0x40/0x70 [ 209.729339] ? __switch_to_asm+0x34/0x70 [ 209.733434] ? __switch_to_asm+0x40/0x70 [ 209.737513] ? __switch_to_asm+0x34/0x70 [ 209.741589] ? __switch_to_asm+0x34/0x70 [ 209.745705] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 209.751254] ? _copy_from_user+0xdf/0x150 [ 209.755425] userfaultfd_ioctl+0x29f4/0x55d0 [ 209.759849] ? graph_lock+0x270/0x270 [ 209.763674] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.768453] ? userfaultfd_read+0x2c0/0x2c0 [ 209.772813] ? perf_trace_sched_process_exec+0x860/0x860 [ 209.778289] ? do_raw_spin_unlock+0xa7/0x330 [ 209.782711] ? do_raw_spin_trylock+0x270/0x270 [ 209.787308] ? lock_acquire+0x1ed/0x520 [ 209.791302] ? __might_sleep+0x95/0x190 [ 209.795299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 209.800852] ? futex_wait_queue_me+0x55d/0x840 [ 209.805465] ? refill_pi_state_cache.part.7+0x310/0x310 [ 209.810866] ? print_usage_bug+0xc0/0xc0 [ 209.814947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 209.820499] ? get_futex_value_locked+0xcb/0xf0 [ 209.825188] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 209.830220] ? futex_wait_setup+0x266/0x3e0 [ 209.834575] ? __lock_acquire+0x62f/0x4c20 [ 209.838847] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 209.843967] ? futex_wait+0x5ec/0xa50 [ 209.847794] ? mark_held_locks+0x130/0x130 [ 209.852038] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 209.856635] ? retint_kernel+0x2d/0x2d [ 209.860541] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.865315] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 209.870778] ? futex_wake+0x304/0x760 [ 209.874611] ? __lock_acquire+0x62f/0x4c20 [ 209.878895] ? mark_held_locks+0x130/0x130 [ 209.883145] ? graph_lock+0x270/0x270 [ 209.886957] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.891735] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 209.896334] ? retint_kernel+0x2d/0x2d [ 209.900238] ? trace_hardirqs_on_caller+0xc0/0x310 [ 209.905180] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 209.909775] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.914552] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 209.920021] ? find_held_lock+0x36/0x1c0 [ 209.924166] ? __fget+0x4aa/0x740 [ 209.927651] ? lock_downgrade+0x900/0x900 [ 209.931812] ? check_preemption_disabled+0x48/0x280 [ 209.936861] ? kasan_check_read+0x11/0x20 [ 209.941052] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 209.946355] ? rcu_read_unlock_special+0x370/0x370 [ 209.951299] ? lock_is_held_type+0x18b/0x210 [ 209.955907] ? __fget+0x4d1/0x740 [ 209.959384] ? ksys_dup3+0x680/0x680 [ 209.963159] ? __might_fault+0x12b/0x1e0 [ 209.967238] ? lock_downgrade+0x900/0x900 [ 209.971403] ? lock_release+0xa00/0xa00 [ 209.975396] ? userfaultfd_read+0x2c0/0x2c0 [ 209.979732] do_vfs_ioctl+0x1de/0x1790 [ 209.983633] ? do_vfs_ioctl+0x1de/0x1790 [ 209.987749] ? ioctl_preallocate+0x300/0x300 [ 209.992175] ? __fget_light+0x2e9/0x430 [ 209.996164] ? fget_raw+0x20/0x20 [ 209.999632] ? _copy_to_user+0xc8/0x110 [ 210.003631] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.009186] ? put_timespec64+0x10f/0x1b0 [ 210.013352] ? nsecs_to_jiffies+0x30/0x30 [ 210.017514] ? do_syscall_64+0x9a/0x820 [ 210.021503] ? do_syscall_64+0x9a/0x820 [ 210.025486] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 210.030092] ? security_file_ioctl+0x94/0xc0 [ 210.034529] ksys_ioctl+0xa9/0xd0 [ 210.038017] __x64_sys_ioctl+0x73/0xb0 [ 210.041924] do_syscall_64+0x1b9/0x820 [ 210.045825] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 210.051204] ? syscall_return_slowpath+0x5e0/0x5e0 [ 210.056149] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.061014] ? trace_hardirqs_on_caller+0x310/0x310 [ 210.066045] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 210.071100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.076666] ? prepare_exit_to_usermode+0x291/0x3b0 [ 210.081704] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.086567] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.091802] RIP: 0033:0x457669 [ 210.095005] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 210.113914] RSP: 002b:00007fc9a9c53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 210.121657] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 210.128933] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 210.136224] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 08:36:44 executing program 0: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0xddcbc2a23a49d0f0) r1 = socket$inet6(0xa, 0x803, 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x2c) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) 08:36:44 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) [ 210.143515] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc9a9c546d4 [ 210.150788] R13: 00000000004c1703 R14: 00000000004d32d0 R15: 00000000ffffffff [ 210.158107] CPU: 0 PID: 7787 Comm: syz-executor5 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 210.166615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.175970] Call Trace: [ 210.178566] dump_stack+0x244/0x39d [ 210.182205] ? dump_stack_print_info.cold.1+0x20/0x20 [ 210.187408] handle_userfault.cold.30+0x47/0x62 [ 210.192113] ? userfaultfd_ioctl+0x55d0/0x55d0 [ 210.196702] ? mark_held_locks+0x130/0x130 [ 210.200956] ? find_held_lock+0x36/0x1c0 [ 210.205033] ? userfaultfd_ctx_put+0x830/0x830 [ 210.209625] ? graph_lock+0x270/0x270 [ 210.213440] ? pvclock_read_flags+0x160/0x160 [ 210.217957] ? graph_lock+0x270/0x270 [ 210.221773] ? print_usage_bug+0xc0/0xc0 [ 210.225837] ? graph_lock+0x270/0x270 [ 210.229647] ? find_held_lock+0x36/0x1c0 [ 210.233716] ? find_held_lock+0x36/0x1c0 [ 210.237786] ? find_held_lock+0x36/0x1c0 [ 210.241863] ? __handle_mm_fault+0x4d19/0x5b70 [ 210.246455] ? lock_downgrade+0x900/0x900 [ 210.250613] ? kasan_check_read+0x11/0x20 [ 210.254768] ? do_raw_spin_unlock+0xa7/0x330 [ 210.259180] ? do_raw_spin_trylock+0x270/0x270 [ 210.263769] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 210.269397] ? __lock_acquire+0x62f/0x4c20 [ 210.273645] __handle_mm_fault+0x4d26/0x5b70 [ 210.278067] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 210.282925] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 210.287510] ? retint_kernel+0x2d/0x2d [ 210.291435] ? trace_hardirqs_on_caller+0xc0/0x310 [ 210.296407] ? ex_handler_uaccess+0x9d/0xc0 [ 210.300743] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.305505] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 210.310958] ? fixup_exception+0xb1/0xde [ 210.315036] ? graph_lock+0x270/0x270 [ 210.318842] ? graph_lock+0x270/0x270 [ 210.322653] ? find_held_lock+0x36/0x1c0 [ 210.326727] ? handle_mm_fault+0x42a/0xc70 [ 210.330970] ? lock_downgrade+0x900/0x900 [ 210.335127] ? check_preemption_disabled+0x48/0x280 [ 210.340150] ? kasan_check_read+0x11/0x20 [ 210.344303] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 210.349587] ? rcu_read_unlock_special+0x370/0x370 [ 210.354546] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.360082] ? check_preemption_disabled+0x48/0x280 [ 210.365127] handle_mm_fault+0x54f/0xc70 [ 210.369194] ? __handle_mm_fault+0x5b70/0x5b70 [ 210.373783] ? find_vma+0x34/0x190 [ 210.377333] __do_page_fault+0x5f6/0xd70 [ 210.381433] do_page_fault+0xf2/0x7e0 [ 210.385237] ? vmalloc_sync_all+0x30/0x30 [ 210.389390] ? error_entry+0x76/0xd0 [ 210.393122] ? trace_hardirqs_off_caller+0xbb/0x310 [ 210.398147] ? find_held_lock+0x36/0x1c0 [ 210.402300] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.407150] ? trace_hardirqs_on_caller+0x310/0x310 [ 210.412181] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.417033] page_fault+0x1e/0x30 [ 210.420513] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 210.426398] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 210.445299] RSP: 0018:ffff88818a0d6de0 EFLAGS: 00010206 [ 210.450664] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 210.457932] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff8881990ef000 [ 210.465204] RBP: ffff88818a0d6e18 R08: 0000000000000000 R09: 0000000000000040 [ 210.472475] R10: ffffed103321dfff R11: ffff8881990effff R12: 0000000020014000 [ 210.479774] R13: 0000000020013000 R14: ffff8881990ef000 R15: 00007ffffffff000 [ 210.487118] ? _copy_from_user+0x10d/0x150 [ 210.491361] mcopy_atomic+0x1bc2/0x2cd0 [ 210.495337] ? do_raw_spin_trylock+0x270/0x270 [ 210.499929] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.505504] ? mm_alloc_pmd+0x2f0/0x2f0 [ 210.509504] ? find_held_lock+0x36/0x1c0 [ 210.513581] ? graph_lock+0x270/0x270 [ 210.517405] ? retint_kernel+0x2d/0x2d [ 210.521309] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.526069] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 210.530693] ? retint_kernel+0x2d/0x2d [ 210.534625] ? trace_hardirqs_on_caller+0xc0/0x310 [ 210.539562] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.544325] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 210.549790] ? lock_downgrade+0x900/0x900 [ 210.553949] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.558714] ? retint_kernel+0x2d/0x2d [ 210.562622] userfaultfd_ioctl+0x29f4/0x55d0 [ 210.567057] ? mark_held_locks+0xc7/0x130 [ 210.571223] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.575999] ? userfaultfd_read+0x2c0/0x2c0 [ 210.580328] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 210.585794] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.590564] ? retint_kernel+0x2d/0x2d [ 210.594464] ? futex_wait_queue_me+0x55d/0x840 [ 210.599047] ? futex_wait_queue_me+0x602/0x840 [ 210.603634] ? refill_pi_state_cache.part.7+0x310/0x310 [ 210.609025] ? print_usage_bug+0xc0/0xc0 [ 210.613121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.618694] ? get_futex_value_locked+0xcb/0xf0 [ 210.623382] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 210.628399] ? futex_wait_setup+0x266/0x3e0 [ 210.632740] ? __lock_acquire+0x62f/0x4c20 [ 210.636983] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 210.642192] ? futex_wait+0x5ec/0xa50 [ 210.646386] ? mark_held_locks+0x130/0x130 [ 210.650659] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 210.655768] ? futex_wake+0x304/0x760 [ 210.659589] ? __lock_acquire+0x62f/0x4c20 [ 210.663849] ? mark_held_locks+0x130/0x130 [ 210.668120] ? graph_lock+0x270/0x270 [ 210.671925] ? do_futex+0x249/0x26d0 [ 210.675647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.680408] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 210.684994] ? retint_kernel+0x2d/0x2d [ 210.688891] ? find_held_lock+0x36/0x1c0 [ 210.693013] ? __fget+0x4aa/0x740 [ 210.696471] ? lock_downgrade+0x900/0x900 [ 210.700626] ? check_preemption_disabled+0x48/0x280 [ 210.705647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.710433] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 210.715017] ? retint_kernel+0x2d/0x2d [ 210.718910] ? trace_hardirqs_on_caller+0xc0/0x310 [ 210.723844] ? rcu_read_unlock_special+0x370/0x370 [ 210.728773] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.733547] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 210.739011] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 210.743775] ? retint_kernel+0x2d/0x2d [ 210.747703] ? userfaultfd_read+0x2c0/0x2c0 [ 210.752028] do_vfs_ioctl+0x1de/0x1790 [ 210.755931] ? do_vfs_ioctl+0x1de/0x1790 [ 210.760000] ? ioctl_preallocate+0x300/0x300 [ 210.764412] ? __fget_light+0x2e9/0x430 [ 210.768393] ? fget_raw+0x20/0x20 [ 210.771851] ? _copy_to_user+0xc8/0x110 [ 210.775830] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.781368] ? put_timespec64+0x10f/0x1b0 [ 210.785520] ? nsecs_to_jiffies+0x30/0x30 [ 210.789677] ? do_syscall_64+0x9a/0x820 [ 210.793668] ? do_syscall_64+0x9a/0x820 [ 210.797672] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 210.802261] ? security_file_ioctl+0x94/0xc0 [ 210.806681] ksys_ioctl+0xa9/0xd0 [ 210.810142] __x64_sys_ioctl+0x73/0xb0 [ 210.814034] do_syscall_64+0x1b9/0x820 [ 210.817925] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 210.823299] ? syscall_return_slowpath+0x5e0/0x5e0 [ 210.828231] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.833080] ? trace_hardirqs_on_caller+0x310/0x310 [ 210.838126] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 210.843164] ? prepare_exit_to_usermode+0x291/0x3b0 [ 210.848209] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.853065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.858299] RIP: 0033:0x457669 [ 210.861538] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 210.880438] RSP: 002b:00007ffa78f02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 210.888145] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 210.895409] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 210.902689] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 210.909959] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffa78f036d4 [ 210.917227] R13: 00000000004c1703 R14: 00000000004d32d0 R15: 00000000ffffffff 08:36:45 executing program 3: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0xddcbc2a23a49d0f0) r1 = socket$inet6(0xa, 0x803, 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x2c) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) [ 210.993578] FAULT_FLAG_ALLOW_RETRY missing 30 [ 211.003698] CPU: 0 PID: 7792 Comm: syz-executor2 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 211.012210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.021597] Call Trace: [ 211.024215] dump_stack+0x244/0x39d [ 211.027856] ? dump_stack_print_info.cold.1+0x20/0x20 [ 211.033058] ? handle_userfault+0x4fb/0x24b0 [ 211.037492] handle_userfault.cold.30+0x47/0x62 [ 211.042183] ? userfaultfd_ioctl+0x55d0/0x55d0 [ 211.046777] ? mark_held_locks+0x130/0x130 [ 211.051023] ? find_held_lock+0x36/0x1c0 [ 211.055112] ? mark_held_locks+0xc7/0x130 [ 211.059273] ? print_usage_bug+0xc0/0xc0 [ 211.063339] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.068114] ? lockdep_hardirqs_on+0x2d0/0x5b0 [ 211.072703] ? retint_kernel+0x2d/0x2d [ 211.076600] ? trace_hardirqs_on_caller+0xc0/0x310 [ 211.081536] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.086302] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 211.091757] ? print_usage_bug+0xc0/0xc0 [ 211.095822] ? graph_lock+0x270/0x270 [ 211.099658] ? mark_held_locks+0xc7/0x130 [ 211.103809] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.108580] ? find_held_lock+0x36/0x1c0 [ 211.112652] ? __handle_mm_fault+0x4d19/0x5b70 [ 211.117243] ? lock_downgrade+0x900/0x900 [ 211.121399] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.126166] ? kasan_check_read+0x11/0x20 [ 211.130315] ? do_raw_spin_unlock+0xa7/0x330 [ 211.134725] ? do_raw_spin_trylock+0x270/0x270 [ 211.139323] __handle_mm_fault+0x4d26/0x5b70 [ 211.143742] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 211.148606] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.153385] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 211.157977] ? retint_kernel+0x2d/0x2d [ 211.161873] ? find_held_lock+0x36/0x1c0 [ 211.165944] ? handle_mm_fault+0x42a/0xc70 [ 211.170187] ? lock_downgrade+0x900/0x900 [ 211.174345] ? retint_kernel+0x2d/0x2d [ 211.178253] handle_mm_fault+0x54f/0xc70 [ 211.182323] ? __handle_mm_fault+0x5b70/0x5b70 [ 211.186912] ? find_vma+0x34/0x190 [ 211.190463] __do_page_fault+0x5f6/0xd70 [ 211.194539] do_page_fault+0xf2/0x7e0 [ 211.198344] ? vmalloc_sync_all+0x30/0x30 [ 211.202494] ? error_entry+0x76/0xd0 [ 211.206212] ? trace_hardirqs_off_caller+0xbb/0x310 [ 211.211238] ? find_held_lock+0x36/0x1c0 [ 211.215301] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.220150] ? trace_hardirqs_on_caller+0x310/0x310 [ 211.225182] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.230038] page_fault+0x1e/0x30 [ 211.233498] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 211.239391] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 211.258294] RSP: 0018:ffff88818907ede0 EFLAGS: 00010206 [ 211.263662] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 211.270929] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff88819f002000 [ 211.278197] RBP: ffff88818907ee18 R08: 0000000000000000 R09: 0000000000000040 [ 211.285465] R10: ffffed1033e005ff R11: ffff88819f002fff R12: 0000000020014000 [ 211.292820] R13: 0000000020013000 R14: ffff88819f002000 R15: 00007ffffffff000 [ 211.300134] ? _copy_from_user+0x10d/0x150 [ 211.304379] mcopy_atomic+0x1bc2/0x2cd0 [ 211.308359] ? do_raw_spin_trylock+0x270/0x270 [ 211.312947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.318510] ? mm_alloc_pmd+0x2f0/0x2f0 [ 211.322490] ? find_held_lock+0x36/0x1c0 [ 211.326563] ? graph_lock+0x270/0x270 [ 211.330374] ? _raw_spin_unlock_irq+0x27/0x80 [ 211.334873] ? _raw_spin_unlock_irq+0x27/0x80 [ 211.339371] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 211.343959] ? trace_hardirqs_on+0xbd/0x310 [ 211.348281] ? kasan_check_read+0x11/0x20 [ 211.352431] ? finish_task_switch+0x140/0x910 [ 211.356935] ? find_held_lock+0x36/0x1c0 [ 211.361013] ? __might_fault+0x12b/0x1e0 [ 211.365079] ? lock_downgrade+0x900/0x900 [ 211.369250] ? lock_release+0xa00/0xa00 [ 211.373226] ? perf_trace_sched_process_exec+0x860/0x860 [ 211.378681] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.383461] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.389002] ? _copy_from_user+0xdf/0x150 [ 211.393161] userfaultfd_ioctl+0x29f4/0x55d0 [ 211.397582] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.402356] ? userfaultfd_read+0x2c0/0x2c0 [ 211.406703] ? perf_trace_sched_process_exec+0x860/0x860 [ 211.412158] ? do_raw_spin_unlock+0xa7/0x330 [ 211.416571] ? do_raw_spin_trylock+0x270/0x270 [ 211.421159] ? lock_acquire+0x1ed/0x520 [ 211.425161] ? __might_sleep+0x95/0x190 [ 211.429147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.434695] ? futex_wait_queue_me+0x55d/0x840 [ 211.439287] ? refill_pi_state_cache.part.7+0x310/0x310 [ 211.444661] ? print_usage_bug+0xc0/0xc0 [ 211.448743] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.454284] ? get_futex_value_locked+0xcb/0xf0 [ 211.458972] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 211.464000] ? futex_wait_setup+0x266/0x3e0 [ 211.468343] ? __lock_acquire+0x62f/0x4c20 [ 211.472582] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 211.477692] ? futex_wait+0x5ec/0xa50 [ 211.481505] ? mark_held_locks+0x130/0x130 [ 211.485749] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 211.490857] ? futex_wake+0x304/0x760 [ 211.494765] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.499541] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 211.504130] ? retint_kernel+0x2d/0x2d [ 211.508025] ? trace_hardirqs_on_caller+0xc0/0x310 [ 211.512960] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.517721] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 211.523182] ? mark_held_locks+0x130/0x130 [ 211.527421] ? graph_lock+0x270/0x270 [ 211.531232] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.536004] ? find_held_lock+0x36/0x1c0 [ 211.540080] ? __fget+0x4aa/0x740 [ 211.543571] ? lock_downgrade+0x900/0x900 [ 211.547722] ? check_preemption_disabled+0x48/0x280 [ 211.552776] ? kasan_check_read+0x11/0x20 [ 211.556947] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 211.562696] ? rcu_read_unlock_special+0x370/0x370 [ 211.567642] ? __fget+0x4d1/0x740 [ 211.571120] ? ksys_dup3+0x680/0x680 [ 211.574842] ? __might_fault+0x12b/0x1e0 [ 211.578912] ? lock_downgrade+0x900/0x900 [ 211.583066] ? lock_release+0xa00/0xa00 [ 211.587064] ? userfaultfd_read+0x2c0/0x2c0 [ 211.591403] do_vfs_ioctl+0x1de/0x1790 [ 211.595294] ? do_vfs_ioctl+0x1de/0x1790 [ 211.599381] ? ioctl_preallocate+0x300/0x300 [ 211.603822] ? __fget_light+0x2e9/0x430 [ 211.607818] ? fget_raw+0x20/0x20 [ 211.611273] ? _copy_to_user+0xc8/0x110 [ 211.615288] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.620830] ? put_timespec64+0x10f/0x1b0 [ 211.624982] ? nsecs_to_jiffies+0x30/0x30 [ 211.629138] ? do_syscall_64+0x9a/0x820 [ 211.633125] ? do_syscall_64+0x9a/0x820 [ 211.637133] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 211.641722] ? security_file_ioctl+0x94/0xc0 [ 211.646140] ksys_ioctl+0xa9/0xd0 [ 211.649602] __x64_sys_ioctl+0x73/0xb0 [ 211.653500] do_syscall_64+0x1b9/0x820 [ 211.657397] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 211.662766] ? syscall_return_slowpath+0x5e0/0x5e0 [ 211.667697] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.672549] ? trace_hardirqs_on_caller+0x310/0x310 [ 211.677571] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 211.682593] ? prepare_exit_to_usermode+0x291/0x3b0 [ 211.687621] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.692637] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.697832] RIP: 0033:0x457669 [ 211.701029] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.719944] RSP: 002b:00007f072295cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 211.727667] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 211.734933] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 08:36:46 executing program 0: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0xddcbc2a23a49d0f0) r1 = socket$inet6(0xa, 0x803, 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x2c) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) [ 211.742204] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 211.749477] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f072295d6d4 [ 211.756749] R13: 00000000004c1703 R14: 00000000004d32d0 R15: 00000000ffffffff 08:36:46 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) [ 211.877652] FAULT_FLAG_ALLOW_RETRY missing 30 [ 211.882289] CPU: 1 PID: 7802 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 211.890794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.900206] Call Trace: [ 211.902813] dump_stack+0x244/0x39d [ 211.906468] ? dump_stack_print_info.cold.1+0x20/0x20 [ 211.911690] handle_userfault.cold.30+0x47/0x62 [ 211.916399] ? userfaultfd_ioctl+0x55d0/0x55d0 [ 211.921003] ? mark_held_locks+0x130/0x130 [ 211.925260] ? mark_held_locks+0x130/0x130 [ 211.929507] ? __lock_is_held+0xb5/0x140 [ 211.933609] ? userfaultfd_ctx_put+0x830/0x830 [ 211.938215] ? lock_downgrade+0x900/0x900 [ 211.942383] ? kasan_check_read+0x11/0x20 [ 211.946641] ? do_raw_spin_trylock+0x230/0x270 [ 211.951245] ? print_usage_bug+0xc0/0xc0 [ 211.955322] ? graph_lock+0x270/0x270 [ 211.959140] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 211.963912] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 211.968509] ? retint_kernel+0x2d/0x2d [ 211.972425] ? trace_hardirqs_on_caller+0xc0/0x310 08:36:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) 08:36:46 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) [ 211.977371] ? find_held_lock+0x36/0x1c0 [ 211.977397] ? __handle_mm_fault+0x4d19/0x5b70 [ 211.977421] ? lock_downgrade+0x900/0x900 [ 211.990208] ? kasan_check_read+0x11/0x20 [ 211.994376] ? do_raw_spin_unlock+0xa7/0x330 [ 211.998791] ? do_raw_spin_trylock+0x270/0x270 [ 211.998814] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 211.998832] ? preempt_count_add+0xc9/0x1b0 [ 211.998855] __handle_mm_fault+0x4d26/0x5b70 [ 211.998879] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 211.998898] ? mark_held_locks+0xc7/0x130 [ 211.998919] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 212.031575] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 212.036185] ? retint_kernel+0x2d/0x2d [ 212.040104] ? graph_lock+0x270/0x270 [ 212.040121] ? graph_lock+0x270/0x270 [ 212.040145] ? find_held_lock+0x36/0x1c0 [ 212.040170] ? handle_mm_fault+0x42a/0xc70 [ 212.040190] ? lock_downgrade+0x900/0x900 [ 212.060199] ? check_preemption_disabled+0x48/0x280 [ 212.060222] ? kasan_check_read+0x11/0x20 [ 212.060239] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 212.060258] ? rcu_read_unlock_special+0x370/0x370 [ 212.060278] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 212.060297] ? check_preemption_disabled+0x48/0x280 [ 212.090227] handle_mm_fault+0x54f/0xc70 [ 212.094315] ? __handle_mm_fault+0x5b70/0x5b70 [ 212.098921] ? find_vma+0x34/0x190 [ 212.102485] __do_page_fault+0x5f6/0xd70 [ 212.106572] do_page_fault+0xf2/0x7e0 [ 212.110399] ? vmalloc_sync_all+0x30/0x30 [ 212.112892] FAULT_FLAG_ALLOW_RETRY missing 30 [ 212.114563] ? error_entry+0x76/0xd0 [ 212.114585] ? trace_hardirqs_off_caller+0xbb/0x310 [ 212.114611] ? find_held_lock+0x36/0x1c0 [ 212.114628] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.114650] ? trace_hardirqs_on_caller+0x310/0x310 [ 212.141798] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.146671] page_fault+0x1e/0x30 [ 212.150144] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 212.156040] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 212.174963] RSP: 0018:ffff88818cddede0 EFLAGS: 00010206 [ 212.180337] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 212.187620] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff8881a2e4f000 [ 212.194919] RBP: ffff88818cddee18 R08: 0000000000000000 R09: 0000000000000040 [ 212.202211] R10: ffffed10345c9fff R11: ffff8881a2e4ffff R12: 0000000020014000 [ 212.209488] R13: 0000000020013000 R14: ffff8881a2e4f000 R15: 00007ffffffff000 [ 212.216798] ? _copy_from_user+0x10d/0x150 [ 212.221067] mcopy_atomic+0x1bc2/0x2cd0 [ 212.225082] ? do_raw_spin_trylock+0x270/0x270 [ 212.229696] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.235266] ? mm_alloc_pmd+0x2f0/0x2f0 [ 212.239273] ? find_held_lock+0x36/0x1c0 [ 212.243360] ? graph_lock+0x270/0x270 [ 212.247184] ? _raw_spin_unlock_irq+0x27/0x80 [ 212.251703] ? _raw_spin_unlock_irq+0x27/0x80 [ 212.256215] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 212.260817] ? trace_hardirqs_on+0xbd/0x310 [ 212.265150] ? kasan_check_read+0x11/0x20 [ 212.269308] ? finish_task_switch+0x140/0x910 [ 212.273822] ? find_held_lock+0x36/0x1c0 [ 212.277909] ? __might_fault+0x12b/0x1e0 [ 212.281990] ? lock_downgrade+0x900/0x900 [ 212.286155] ? lock_release+0xa00/0xa00 [ 212.290146] ? perf_trace_sched_process_exec+0x860/0x860 [ 212.295615] ? __switch_to_asm+0x40/0x70 [ 212.299694] ? __switch_to_asm+0x34/0x70 [ 212.303767] ? __switch_to_asm+0x40/0x70 [ 212.307840] ? __switch_to_asm+0x34/0x70 [ 212.311914] ? __switch_to_asm+0x40/0x70 [ 212.315987] ? __switch_to_asm+0x34/0x70 [ 212.320066] ? __switch_to_asm+0x34/0x70 [ 212.324172] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 212.329725] ? _copy_from_user+0xdf/0x150 [ 212.333900] userfaultfd_ioctl+0x29f4/0x55d0 [ 212.338326] ? graph_lock+0x270/0x270 [ 212.342150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 212.346931] ? userfaultfd_read+0x2c0/0x2c0 [ 212.351268] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 212.356741] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 212.361520] ? retint_kernel+0x2d/0x2d [ 212.365429] ? futex_wait_queue_me+0x55d/0x840 [ 212.370019] ? futex_wait_queue_me+0x582/0x840 [ 212.374623] ? refill_pi_state_cache.part.7+0x310/0x310 [ 212.380001] ? futex_wait_setup+0x15c/0x3e0 [ 212.384339] ? print_usage_bug+0xc0/0xc0 [ 212.388431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.393985] ? get_futex_value_locked+0xcb/0xf0 [ 212.398671] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 212.403699] ? futex_wait_setup+0x266/0x3e0 [ 212.408049] ? __lock_acquire+0x62f/0x4c20 [ 212.412306] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 212.417603] ? futex_wait+0x5ec/0xa50 [ 212.421424] ? mark_held_locks+0x130/0x130 [ 212.425681] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 212.430794] ? futex_wake+0x304/0x760 [ 212.434627] ? __lock_acquire+0x62f/0x4c20 [ 212.438897] ? mark_held_locks+0x130/0x130 [ 212.443150] ? graph_lock+0x270/0x270 [ 212.446964] ? do_futex+0x249/0x26d0 [ 212.450704] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 212.455480] ? find_held_lock+0x36/0x1c0 [ 212.459567] ? __fget+0x4aa/0x740 [ 212.463043] ? lock_downgrade+0x900/0x900 [ 212.467220] ? check_preemption_disabled+0x48/0x280 [ 212.472253] ? kasan_check_read+0x11/0x20 08:36:47 executing program 0: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0xddcbc2a23a49d0f0) r1 = socket$inet6(0xa, 0x803, 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x2c) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) [ 212.476410] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 212.481703] ? rcu_read_unlock_special+0x370/0x370 [ 212.481734] ? __fget+0x4d1/0x740 [ 212.481759] ? ksys_dup3+0x680/0x680 [ 212.481780] ? __might_fault+0x12b/0x1e0 [ 212.481800] ? lock_downgrade+0x900/0x900 [ 212.502095] ? lock_release+0xa00/0xa00 [ 212.506098] ? userfaultfd_read+0x2c0/0x2c0 [ 212.510436] do_vfs_ioctl+0x1de/0x1790 [ 212.514338] ? do_vfs_ioctl+0x1de/0x1790 [ 212.518425] ? ioctl_preallocate+0x300/0x300 [ 212.522850] ? __fget_light+0x2e9/0x430 [ 212.526844] ? fget_raw+0x20/0x20 [ 212.530311] ? _copy_to_user+0xc8/0x110 [ 212.534300] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 212.539849] ? put_timespec64+0x10f/0x1b0 [ 212.544014] ? nsecs_to_jiffies+0x30/0x30 [ 212.548180] ? do_syscall_64+0x9a/0x820 [ 212.552167] ? do_syscall_64+0x9a/0x820 [ 212.556159] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 212.560758] ? security_file_ioctl+0x94/0xc0 [ 212.565190] ksys_ioctl+0xa9/0xd0 [ 212.568664] __x64_sys_ioctl+0x73/0xb0 [ 212.572573] do_syscall_64+0x1b9/0x820 [ 212.576483] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 212.581864] ? syscall_return_slowpath+0x5e0/0x5e0 [ 212.586806] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.591673] ? trace_hardirqs_on_caller+0x310/0x310 [ 212.596710] ? prepare_exit_to_usermode+0x291/0x3b0 [ 212.601747] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.606619] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.611825] RIP: 0033:0x457669 [ 212.615032] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 212.633944] RSP: 002b:00007f37bfb27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 212.641655] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 212.649043] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 212.656314] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 212.663585] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f37bfb286d4 [ 212.670860] R13: 00000000004c1703 R14: 00000000004d32d0 R15: 00000000ffffffff [ 212.681336] CPU: 0 PID: 7814 Comm: syz-executor2 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 212.689855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.699215] Call Trace: [ 212.701823] dump_stack+0x244/0x39d [ 212.705468] ? dump_stack_print_info.cold.1+0x20/0x20 [ 212.710706] handle_userfault.cold.30+0x47/0x62 [ 212.715409] ? userfaultfd_ioctl+0x55d0/0x55d0 [ 212.720023] ? mark_held_locks+0x130/0x130 [ 212.724312] ? mark_held_locks+0x130/0x130 [ 212.728565] ? print_usage_bug+0xc0/0xc0 [ 212.732644] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.738209] ? userfaultfd_ctx_put+0x830/0x830 [ 212.742830] ? print_usage_bug+0xc0/0xc0 [ 212.746910] ? print_usage_bug+0x50/0xc0 [ 212.750990] ? mark_held_locks+0xc7/0x130 [ 212.755155] ? _raw_spin_unlock_irq+0x27/0x80 [ 212.759656] ? _raw_spin_unlock_irq+0x27/0x80 [ 212.764167] ? print_usage_bug+0xc0/0xc0 [ 212.768244] ? graph_lock+0x270/0x270 [ 212.772067] ? mark_held_locks+0xc7/0x130 [ 212.776242] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 212.781010] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 212.785782] ? find_held_lock+0x36/0x1c0 [ 212.789862] ? __handle_mm_fault+0x4d19/0x5b70 [ 212.794459] ? lock_downgrade+0x900/0x900 [ 212.798628] ? kasan_check_read+0x11/0x20 [ 212.802785] ? do_raw_spin_unlock+0xa7/0x330 [ 212.807204] ? do_raw_spin_trylock+0x270/0x270 [ 212.811807] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 212.817457] __handle_mm_fault+0x4d26/0x5b70 [ 212.821882] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 212.826736] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 212.831508] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 212.836119] ? retint_kernel+0x2d/0x2d [ 212.840025] ? trace_hardirqs_on_caller+0xc0/0x310 [ 212.844964] ? trace_hardirqs_on+0x310/0x310 [ 212.849382] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 212.854166] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 212.858771] ? find_held_lock+0x36/0x1c0 [ 212.862860] ? handle_mm_fault+0x42a/0xc70 [ 212.867129] ? lock_downgrade+0x900/0x900 [ 212.871290] ? check_preemption_disabled+0x48/0x280 [ 212.872193] FAULT_FLAG_ALLOW_RETRY missing 30 08:36:47 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) [ 212.876321] ? kasan_check_read+0x11/0x20 [ 212.876339] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 212.876358] ? rcu_read_unlock_special+0x370/0x370 [ 212.876384] handle_mm_fault+0x54f/0xc70 [ 212.899276] ? __handle_mm_fault+0x5b70/0x5b70 [ 212.903901] __do_page_fault+0x5f6/0xd70 [ 212.907991] do_page_fault+0xf2/0x7e0 [ 212.911805] ? vmalloc_sync_all+0x30/0x30 [ 212.915970] ? error_entry+0x76/0xd0 [ 212.919704] ? trace_hardirqs_off_caller+0xbb/0x310 [ 212.924739] ? find_held_lock+0x36/0x1c0 [ 212.928811] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.933671] ? trace_hardirqs_on_caller+0x310/0x310 [ 212.938712] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.943579] page_fault+0x1e/0x30 [ 212.947046] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 212.952950] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 212.971862] RSP: 0018:ffff88818a62ede0 EFLAGS: 00010206 [ 212.977231] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 212.984510] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff8881a3206000 [ 212.991793] RBP: ffff88818a62ee18 R08: 0000000000000000 R09: 0000000000000040 [ 212.999072] R10: ffffed1034640dff R11: ffff8881a3206fff R12: 0000000020014000 [ 213.006365] R13: 0000000020013000 R14: ffff8881a3206000 R15: 00007ffffffff000 [ 213.013672] ? _copy_from_user+0x10d/0x150 [ 213.017928] mcopy_atomic+0x1bc2/0x2cd0 [ 213.021964] ? mm_alloc_pmd+0x2f0/0x2f0 [ 213.025966] ? task_clock_event_start+0x1f0/0x1f0 [ 213.030832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.036386] ? check_preemption_disabled+0x48/0x280 [ 213.041419] ? graph_lock+0x270/0x270 [ 213.045243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.050806] ? perf_pmu_enable+0xd9/0x120 [ 213.054971] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.059742] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 213.064336] ? interrupt_entry+0xc0/0xc0 [ 213.068416] ? find_held_lock+0x36/0x1c0 [ 213.072506] ? __might_fault+0x12b/0x1e0 [ 213.076581] ? lock_downgrade+0x900/0x900 [ 213.080747] ? lock_release+0xa00/0xa00 [ 213.084737] ? retint_kernel+0x2d/0x2d [ 213.088658] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.094212] ? _copy_from_user+0xdf/0x150 [ 213.098375] userfaultfd_ioctl+0x29f4/0x55d0 [ 213.102798] ? graph_lock+0x270/0x270 [ 213.106621] ? userfaultfd_read+0x2c0/0x2c0 [ 213.110957] ? find_held_lock+0x36/0x1c0 [ 213.115043] ? mark_held_locks+0x130/0x130 [ 213.119294] ? kasan_check_read+0x11/0x20 [ 213.123454] ? do_raw_spin_unlock+0xa7/0x330 [ 213.127877] ? do_raw_spin_trylock+0x270/0x270 08:36:47 executing program 0: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0xddcbc2a23a49d0f0) r1 = socket$inet6(0xa, 0x803, 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x2c) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) [ 213.132472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.138018] ? check_preemption_disabled+0x48/0x280 [ 213.143048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.148640] ? graph_lock+0x270/0x270 [ 213.152459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.158013] ? __perf_event_task_sched_in+0x2a9/0xb60 [ 213.158041] ? find_held_lock+0x36/0x1c0 [ 213.158061] ? graph_lock+0x270/0x270 [ 213.171134] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.175906] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 213.180503] ? retint_kernel+0x2d/0x2d [ 213.180523] ? trace_hardirqs_on_caller+0xc0/0x310 [ 213.180544] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.194115] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 213.199592] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.204372] ? retint_kernel+0x2d/0x2d [ 213.208285] ? _raw_spin_unlock_irqrestore+0xaf/0xd0 [ 213.213405] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 213.218524] ? rcu_preempt_deferred_qs_irqrestore+0x89e/0x1000 [ 213.224510] ? __schedule+0xa49/0x21e0 [ 213.228416] ? note_gp_changes+0x470/0x470 [ 213.232662] ? __sched_text_start+0x8/0x8 [ 213.236825] ? graph_lock+0x270/0x270 [ 213.240640] ? __rcu_read_unlock+0x205/0x210 [ 213.245067] ? trace_hardirqs_on+0x310/0x310 [ 213.249506] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 213.254117] ? retint_kernel+0x2d/0x2d [ 213.258024] ? trace_hardirqs_on_caller+0xc0/0x310 [ 213.262973] ? find_held_lock+0x36/0x1c0 [ 213.267065] ? __fget+0x4aa/0x740 [ 213.270543] ? lock_downgrade+0x900/0x900 [ 213.274701] ? check_preemption_disabled+0x48/0x280 [ 213.279740] ? __rcu_read_unlock+0x205/0x210 [ 213.284159] ? rcu_read_unlock_special+0x370/0x370 [ 213.289133] ? __fget+0x479/0x740 [ 213.292606] ? __fget+0x4d1/0x740 [ 213.296080] ? ksys_dup3+0x680/0x680 [ 213.299825] ? __might_fault+0x12b/0x1e0 [ 213.302433] FAULT_FLAG_ALLOW_RETRY missing 30 [ 213.303982] ? lock_downgrade+0x900/0x900 [ 213.304008] ? userfaultfd_read+0x2c0/0x2c0 [ 213.304041] do_vfs_ioctl+0x1de/0x1790 [ 213.304056] ? do_vfs_ioctl+0x1de/0x1790 [ 213.304107] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.304137] ? ioctl_preallocate+0x300/0x300 [ 213.334171] ? __fget_light+0x2e9/0x430 [ 213.338161] ? fget_raw+0x20/0x20 [ 213.341625] ? _copy_to_user+0xc8/0x110 [ 213.345621] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.351176] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.355954] ? security_file_ioctl+0x94/0xc0 [ 213.360382] ksys_ioctl+0xa9/0xd0 [ 213.363855] __x64_sys_ioctl+0x73/0xb0 [ 213.367758] ? do_syscall_64+0xca/0x820 [ 213.371744] do_syscall_64+0x1b9/0x820 [ 213.375645] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 213.381022] ? syscall_return_slowpath+0x5e0/0x5e0 [ 213.385964] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.390828] ? trace_hardirqs_on_caller+0x310/0x310 [ 213.395862] ? prepare_exit_to_usermode+0x291/0x3b0 [ 213.400898] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.405762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.410964] RIP: 0033:0x457669 [ 213.414166] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.433077] RSP: 002b:00007f072295cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 213.440812] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 213.448104] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 213.455381] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 213.462655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f072295d6d4 [ 213.469933] R13: 00000000004c1703 R14: 00000000004d32d0 R15: 00000000ffffffff [ 213.480618] CPU: 1 PID: 7829 Comm: syz-executor5 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 213.489132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.498487] Call Trace: [ 213.501098] dump_stack+0x244/0x39d [ 213.504747] ? dump_stack_print_info.cold.1+0x20/0x20 [ 213.509957] ? vprintk_func+0x85/0x181 [ 213.513870] handle_userfault.cold.30+0x47/0x62 [ 213.518586] ? userfaultfd_ioctl+0x55d0/0x55d0 [ 213.523209] ? mark_held_locks+0x130/0x130 [ 213.527466] ? print_usage_bug+0xc0/0xc0 [ 213.531549] ? print_usage_bug+0xc0/0xc0 [ 213.535644] ? mark_held_locks+0xc7/0x130 [ 213.539808] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.544577] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 213.549174] ? retint_kernel+0x2d/0x2d [ 213.553073] ? trace_hardirqs_on_caller+0xc0/0x310 [ 213.558027] ? print_usage_bug+0xc0/0xc0 [ 213.562277] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.567073] ? graph_lock+0x270/0x270 [ 213.570915] ? mark_held_locks+0xc7/0x130 [ 213.575096] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.579885] ? find_held_lock+0x36/0x1c0 [ 213.583963] ? __handle_mm_fault+0x4d19/0x5b70 [ 213.588557] ? lock_downgrade+0x900/0x900 [ 213.592715] ? kasan_check_write+0x1/0x20 [ 213.596876] ? kasan_check_read+0x11/0x20 [ 213.601033] ? do_raw_spin_unlock+0xa7/0x330 [ 213.605469] ? do_raw_spin_trylock+0x270/0x270 [ 213.610108] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 213.615756] __handle_mm_fault+0x4d26/0x5b70 [ 213.620185] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 213.625055] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 213.629654] ? retint_kernel+0x2d/0x2d [ 213.633553] ? trace_hardirqs_on_caller+0xc0/0x310 [ 213.638498] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.643275] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 213.648758] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 213.653352] ? retint_kernel+0x2d/0x2d [ 213.657276] ? find_held_lock+0x36/0x1c0 [ 213.661357] ? handle_mm_fault+0x42a/0xc70 [ 213.665612] ? lock_downgrade+0x900/0x900 [ 213.669769] ? check_preemption_disabled+0x48/0x280 [ 213.674801] ? kasan_check_read+0x11/0x20 [ 213.678964] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 213.684255] ? rcu_read_unlock_special+0x370/0x370 [ 213.689200] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.695248] ? check_preemption_disabled+0x48/0x280 [ 213.700282] handle_mm_fault+0x54f/0xc70 [ 213.704358] ? __handle_mm_fault+0x5b70/0x5b70 [ 213.708964] ? __do_page_fault+0x3bd/0xd70 [ 213.713221] __do_page_fault+0x5f6/0xd70 [ 213.717309] do_page_fault+0xf2/0x7e0 [ 213.721128] ? vmalloc_sync_all+0x30/0x30 [ 213.725291] ? error_entry+0x76/0xd0 [ 213.729021] ? trace_hardirqs_off_caller+0xbb/0x310 [ 213.734053] ? find_held_lock+0x36/0x1c0 [ 213.738132] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.742991] ? trace_hardirqs_on_caller+0x310/0x310 [ 213.748031] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.752895] page_fault+0x1e/0x30 [ 213.756360] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 213.762257] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 213.781166] RSP: 0018:ffff888189016de0 EFLAGS: 00010206 [ 213.786537] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 213.793813] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff8881a334f000 [ 213.801097] RBP: ffff888189016e18 R08: 0000000000000000 R09: 0000000000000040 [ 213.808373] R10: ffffed1034669fff R11: ffff8881a334ffff R12: 0000000020014000 [ 213.815647] R13: 0000000020013000 R14: ffff8881a334f000 R15: 00007ffffffff000 [ 213.822953] ? _copy_from_user+0x10d/0x150 [ 213.827205] mcopy_atomic+0x1bc2/0x2cd0 [ 213.831195] ? do_raw_spin_trylock+0x270/0x270 [ 213.835790] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.841362] ? mm_alloc_pmd+0x2f0/0x2f0 [ 213.845351] ? find_held_lock+0x36/0x1c0 [ 213.849527] ? graph_lock+0x270/0x270 [ 213.853339] ? _raw_spin_unlock_irq+0x27/0x80 [ 213.857846] ? _raw_spin_unlock_irq+0x27/0x80 [ 213.862354] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 213.866951] ? trace_hardirqs_on+0xbd/0x310 [ 213.871281] ? kasan_check_read+0x11/0x20 [ 213.875440] ? finish_task_switch+0x140/0x910 [ 213.879952] ? find_held_lock+0x36/0x1c0 [ 213.884035] ? __might_fault+0x12b/0x1e0 [ 213.888118] ? lock_downgrade+0x900/0x900 [ 213.892283] ? lock_release+0xa00/0xa00 [ 213.896271] ? perf_trace_sched_process_exec+0x860/0x860 [ 213.901739] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 213.906527] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.912079] ? _copy_from_user+0xdf/0x150 [ 213.916285] userfaultfd_ioctl+0x29f4/0x55d0 [ 213.920711] ? graph_lock+0x270/0x270 [ 213.924541] ? userfaultfd_read+0x2c0/0x2c0 [ 213.928903] ? perf_trace_sched_process_exec+0x860/0x860 [ 213.934365] ? do_raw_spin_unlock+0xa7/0x330 [ 213.938789] ? do_raw_spin_trylock+0x270/0x270 [ 213.943391] ? __might_sleep+0x95/0x190 [ 213.947383] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.952940] ? futex_wait_queue_me+0x55d/0x840 [ 213.957534] ? retint_kernel+0x2d/0x2d [ 213.961432] ? refill_pi_state_cache.part.7+0x310/0x310 [ 213.966817] ? print_usage_bug+0xc0/0xc0 [ 213.970895] ? __sanitizer_cov_trace_cmp4+0x1/0x20 [ 213.975841] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 213.980866] ? futex_wait_setup+0x266/0x3e0 [ 213.985214] ? __lock_acquire+0x62f/0x4c20 [ 213.989464] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 213.994582] ? futex_wait+0x5ec/0xa50 [ 213.998452] ? mark_held_locks+0x130/0x130 [ 214.002703] ? retint_kernel+0x2d/0x2d [ 214.006611] ? trace_hardirqs_on_caller+0xc0/0x310 [ 214.011560] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 214.017028] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 214.022489] ? futex_wake+0x304/0x760 [ 214.026314] ? __lock_acquire+0x62f/0x4c20 [ 214.030563] ? retint_kernel+0x2d/0x2d [ 214.034482] ? mark_held_locks+0x130/0x130 [ 214.038726] ? graph_lock+0x270/0x270 [ 214.042536] ? do_futex+0x249/0x26d0 [ 214.046272] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.051039] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 214.055634] ? retint_kernel+0x2d/0x2d [ 214.059536] ? find_held_lock+0x36/0x1c0 [ 214.063629] ? __fget+0x4aa/0x740 [ 214.067109] ? lock_downgrade+0x900/0x900 [ 214.071271] ? check_preemption_disabled+0x48/0x280 [ 214.076301] ? kasan_check_read+0x11/0x20 [ 214.080462] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 214.085755] ? rcu_read_unlock_special+0x370/0x370 [ 214.090711] ? __fget+0x4d1/0x740 [ 214.094189] ? ksys_dup3+0x680/0x680 [ 214.097916] ? __might_fault+0x12b/0x1e0 [ 214.101991] ? lock_downgrade+0x900/0x900 [ 214.106184] ? lock_release+0xa00/0xa00 [ 214.110175] ? userfaultfd_read+0x2c0/0x2c0 [ 214.114512] do_vfs_ioctl+0x1de/0x1790 [ 214.118410] ? do_vfs_ioctl+0x1de/0x1790 [ 214.122489] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.127258] ? ioctl_preallocate+0x300/0x300 [ 214.131680] ? __fget_light+0x2e9/0x430 [ 214.135667] ? fget_raw+0x20/0x20 [ 214.139131] ? _copy_to_user+0xc8/0x110 [ 214.143130] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.148687] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.153464] ? security_file_ioctl+0x94/0xc0 [ 214.157889] ksys_ioctl+0xa9/0xd0 [ 214.161373] __x64_sys_ioctl+0x73/0xb0 [ 214.165270] ? do_syscall_64+0xca/0x820 [ 214.169257] do_syscall_64+0x1b9/0x820 [ 214.173159] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 214.178549] ? syscall_return_slowpath+0x5e0/0x5e0 [ 214.183489] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.188349] ? trace_hardirqs_on_caller+0x310/0x310 [ 214.193383] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 214.198415] ? prepare_exit_to_usermode+0x291/0x3b0 [ 214.203449] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.208316] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.213511] RIP: 0033:0x457669 [ 214.216720] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.235631] RSP: 002b:00007ffa78f02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 214.243346] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 214.250630] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 214.257917] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 214.265195] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffa78f036d4 [ 214.272468] R13: 00000000004c1703 R14: 00000000004d32d0 R15: 00000000ffffffff [ 214.279782] CPU: 0 PID: 7837 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172 08:36:49 executing program 3: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0xddcbc2a23a49d0f0) r1 = socket$inet6(0xa, 0x803, 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x2c) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) [ 214.288302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.297656] Call Trace: [ 214.300252] dump_stack+0x244/0x39d [ 214.303898] ? dump_stack_print_info.cold.1+0x20/0x20 [ 214.309197] handle_userfault.cold.30+0x47/0x62 [ 214.309236] ? userfaultfd_ioctl+0x55d0/0x55d0 [ 214.318477] ? mark_held_locks+0x130/0x130 [ 214.322779] ? find_held_lock+0x36/0x1c0 [ 214.326862] ? print_usage_bug+0xc0/0xc0 [ 214.330945] ? userfaultfd_ctx_put+0x830/0x830 [ 214.335553] ? print_usage_bug+0xc0/0xc0 [ 214.339624] ? trace_hardirqs_on_caller+0xc0/0x310 [ 214.339644] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.339665] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 214.349340] ? pvclock_read_flags+0x160/0x160 [ 214.359273] ? mark_held_locks+0xc7/0x130 [ 214.359300] ? graph_lock+0x270/0x270 [ 214.359325] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.359355] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 214.376622] ? retint_kernel+0x2d/0x2d [ 214.380531] ? trace_hardirqs_on_caller+0xc0/0x310 [ 214.385478] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.390249] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 214.395710] ? find_held_lock+0x36/0x1c0 [ 214.399785] ? __handle_mm_fault+0x4d19/0x5b70 [ 214.404375] ? lock_downgrade+0x900/0x900 [ 214.408532] ? kasan_check_read+0x11/0x20 [ 214.412683] ? do_raw_spin_unlock+0xa7/0x330 [ 214.417111] ? do_raw_spin_trylock+0x270/0x270 [ 214.421702] ? do_raw_spin_lock+0x222/0x350 [ 214.426037] __handle_mm_fault+0x4d26/0x5b70 [ 214.430459] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 214.435312] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.440073] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 214.444673] ? retint_kernel+0x2d/0x2d [ 214.448569] ? trace_hardirqs_on_caller+0xc0/0x310 [ 214.453503] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.458278] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 214.462874] ? find_held_lock+0x36/0x1c0 [ 214.466945] ? handle_mm_fault+0x42a/0xc70 [ 214.471189] ? lock_downgrade+0x900/0x900 [ 214.475339] ? check_preemption_disabled+0x48/0x280 [ 214.480366] ? kasan_check_read+0x11/0x20 [ 214.484517] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 214.489798] ? rcu_read_unlock_special+0x370/0x370 [ 214.494741] handle_mm_fault+0x54f/0xc70 [ 214.498814] ? __handle_mm_fault+0x5b70/0x5b70 [ 214.503413] __do_page_fault+0x5f6/0xd70 [ 214.507490] do_page_fault+0xf2/0x7e0 [ 214.511300] ? vmalloc_sync_all+0x30/0x30 [ 214.515452] ? error_entry+0x76/0xd0 [ 214.519174] ? trace_hardirqs_off_caller+0xbb/0x310 [ 214.524197] ? find_held_lock+0x36/0x1c0 [ 214.528261] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.533119] ? trace_hardirqs_on_caller+0x310/0x310 [ 214.538158] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.543013] page_fault+0x1e/0x30 [ 214.546474] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 214.552362] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 214.571268] RSP: 0018:ffff88818c27ede0 EFLAGS: 00010206 [ 214.576633] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 214.583922] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff8881ad403000 [ 214.591193] RBP: ffff88818c27ee18 R08: 0000000000000000 R09: 0000000000000040 [ 214.598461] R10: ffffed1035a807ff R11: ffff8881ad403fff R12: 0000000020014000 [ 214.605728] R13: 0000000020013000 R14: ffff8881ad403000 R15: 00007ffffffff000 [ 214.613042] ? _copy_from_user+0x10d/0x150 [ 214.617289] mcopy_atomic+0x1bc2/0x2cd0 [ 214.621271] ? trace_hardirqs_on+0x310/0x310 [ 214.625700] ? graph_lock+0x270/0x270 [ 214.629526] ? mm_alloc_pmd+0x2f0/0x2f0 [ 214.633510] ? perf_event_update_userpage+0x7d3/0xcd0 [ 214.638721] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.643492] ? retint_kernel+0x2d/0x2d [ 214.647396] ? lock_release+0x51d/0xa00 [ 214.651386] ? __might_fault+0x12b/0x1e0 [ 214.655455] ? lock_downgrade+0x900/0x900 [ 214.659633] ? lock_release+0xa00/0xa00 [ 214.663621] ? perf_trace_sched_process_exec+0x860/0x860 [ 214.669076] ? hrtimer_try_to_cancel+0x21c/0x6f0 [ 214.673879] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 214.679424] ? _copy_from_user+0xdf/0x150 [ 214.683587] userfaultfd_ioctl+0x29f4/0x55d0 [ 214.688006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.693552] ? cpu_clock_event_start+0x12c/0x180 [ 214.698312] ? task_clock_event_start+0x111/0x1f0 [ 214.703165] ? userfaultfd_read+0x2c0/0x2c0 [ 214.707497] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.713037] ? perf_pmu_enable+0xd9/0x120 [ 214.717195] ? event_sched_in.isra.108+0x6bb/0xe40 [ 214.722140] ? __perf_event_period+0x5c0/0x5c0 [ 214.726761] ? check_preemption_disabled+0x48/0x280 [ 214.731806] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.737347] ? perf_pmu_enable+0xd9/0x120 [ 214.741502] ? print_usage_bug+0xc0/0xc0 [ 214.745569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.751122] ? group_sched_in+0x17d/0x400 [ 214.755286] ? print_usage_bug+0xc0/0xc0 [ 214.759350] ? flexible_sched_in+0x11f/0xc70 [ 214.763765] ? pinned_sched_in+0xc90/0xc90 [ 214.768013] ? __lock_acquire+0x62f/0x4c20 [ 214.772266] ? __lock_acquire+0x62f/0x4c20 [ 214.776512] ? mark_held_locks+0x130/0x130 [ 214.780751] ? __lock_is_held+0xb5/0x140 [ 214.784827] ? mark_held_locks+0x130/0x130 [ 214.789080] ? __perf_event_task_sched_in+0x897/0xb60 [ 214.794305] ? lock_downgrade+0x900/0x900 [ 214.798492] ? kasan_check_read+0x11/0x20 [ 214.802658] ? do_raw_spin_unlock+0xa7/0x330 [ 214.807078] ? do_raw_spin_trylock+0x270/0x270 [ 214.811680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.817236] ? check_preemption_disabled+0x48/0x280 [ 214.822263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.827810] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.832571] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 214.837252] ? retint_kernel+0x2d/0x2d [ 214.841149] ? trace_hardirqs_on_caller+0xc0/0x310 [ 214.846136] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.850902] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 214.856354] ? graph_lock+0x270/0x270 [ 214.860170] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.864954] ? find_held_lock+0x36/0x1c0 [ 214.869027] ? __fget+0x4aa/0x740 [ 214.872486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.877260] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 214.881849] ? retint_kernel+0x2d/0x2d [ 214.885744] ? trace_hardirqs_on_caller+0xc0/0x310 [ 214.890680] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 214.895987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.900750] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 214.906202] ? rcu_read_unlock_special+0x370/0x370 [ 214.911161] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.915927] ? retint_kernel+0x2d/0x2d [ 214.919829] ? do_vfs_ioctl+0xd1/0x1790 [ 214.923815] ? __sanitizer_cov_trace_switch+0x40/0x90 [ 214.929019] ? userfaultfd_read+0x2c0/0x2c0 [ 214.933364] do_vfs_ioctl+0x1de/0x1790 [ 214.937256] ? do_vfs_ioctl+0x1de/0x1790 [ 214.941322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.946128] ? ioctl_preallocate+0x300/0x300 [ 214.950545] ? __fget_light+0x2e9/0x430 [ 214.954526] ? fget_raw+0x20/0x20 [ 214.957983] ? retint_kernel+0x1b/0x2d [ 214.961880] ? trace_hardirqs_on+0x310/0x310 [ 214.966305] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 214.971072] ? security_file_ioctl+0x94/0xc0 [ 214.975497] ksys_ioctl+0xa9/0xd0 [ 214.978960] __x64_sys_ioctl+0x73/0xb0 [ 214.982849] ? do_syscall_64+0xca/0x820 [ 214.986830] do_syscall_64+0x1b9/0x820 [ 214.990720] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 214.996105] ? syscall_return_slowpath+0x5e0/0x5e0 [ 215.001037] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.005887] ? trace_hardirqs_on_caller+0x310/0x310 [ 215.010911] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 215.015933] ? prepare_exit_to_usermode+0x291/0x3b0 [ 215.021221] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.026077] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.031278] RIP: 0033:0x457669 [ 215.034480] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 215.053401] RSP: 002b:00007f37bfb27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 215.061125] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 215.068394] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 215.075664] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 215.082930] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f37bfb286d4 08:36:49 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x5, &(0x7f00000001c0), 0x0) 08:36:49 executing program 4: syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x800) [ 215.090201] R13: 00000000004c1703 R14: 00000000004d32d0 R15: 00000000ffffffff 08:36:50 executing program 0: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0xddcbc2a23a49d0f0) r1 = socket$inet6(0xa, 0x803, 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x2c) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) 08:36:50 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x12, 0x0, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x40086424, &(0x7f0000000080)={0x0, 0x2}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) init_module(&(0x7f0000000180)='/proc/thread-self/attr/current\x00', 0xfff2e, &(0x7f0000000100)='ppp0em1cpuset\x00') 08:36:50 executing program 4: syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x800) 08:36:50 executing program 2: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x14, &(0x7f0000000180)={r1}, &(0x7f00000000c0)=0x8) 08:36:50 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) 08:36:50 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(0xffffffffffffffff, 0xc0105303, &(0x7f0000000140)={0x5, 0x4}) r0 = perf_event_open(&(0x7f0000940000)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000340)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000013000/0x1000)=nil, 0x1000}) r2 = fcntl$dupfd(r0, 0x406, r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f0000000240)=""/84) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000300)={&(0x7f0000013000/0x2000)=nil, 0x2000}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000500)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x0, 0x0) 08:36:50 executing program 3: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0xddcbc2a23a49d0f0) r1 = socket$inet6(0xa, 0x803, 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x2c) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) 08:36:50 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0xd, 0x17, 0x4, 0x7, 0x0, r0}, 0x2c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000540)={r1, &(0x7f0000000480)}, 0x10) [ 215.557668] FAULT_FLAG_ALLOW_RETRY missing 30 [ 215.564280] FAULT_FLAG_ALLOW_RETRY missing 30 [ 215.575436] CPU: 0 PID: 7875 Comm: syz-executor1 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 215.583992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.593353] Call Trace: [ 215.595963] dump_stack+0x244/0x39d [ 215.599618] ? dump_stack_print_info.cold.1+0x20/0x20 [ 215.604860] handle_userfault.cold.30+0x47/0x62 [ 215.609581] ? userfaultfd_ioctl+0x55d0/0x55d0 [ 215.614180] ? mark_held_locks+0x130/0x130 [ 215.618438] ? find_held_lock+0x36/0x1c0 [ 215.622536] ? userfaultfd_ctx_put+0x830/0x830 [ 215.627143] ? print_usage_bug+0x51/0xc0 [ 215.631241] ? graph_lock+0x270/0x270 [ 215.635076] ? pvclock_read_flags+0x160/0x160 [ 215.639619] ? graph_lock+0x270/0x270 [ 215.643431] ? print_usage_bug+0xc0/0xc0 [ 215.647516] ? graph_lock+0x270/0x270 [ 215.651346] ? mark_held_locks+0xc7/0x130 [ 215.655507] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 215.660282] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 215.664915] ? find_held_lock+0x36/0x1c0 [ 215.669048] ? __handle_mm_fault+0x4d19/0x5b70 [ 215.673668] ? lock_downgrade+0x900/0x900 [ 215.677845] ? kasan_check_read+0x11/0x20 [ 215.682026] ? do_raw_spin_unlock+0xa7/0x330 [ 215.686475] ? do_raw_spin_trylock+0x270/0x270 [ 215.691074] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 215.696943] __handle_mm_fault+0x4d26/0x5b70 [ 215.701379] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 215.706230] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 215.710995] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 215.715594] ? retint_kernel+0x2d/0x2d [ 215.719494] ? trace_hardirqs_on_caller+0xc0/0x310 [ 215.724438] ? bogus_uaccess.isra.2+0x180/0x180 [ 215.729168] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 215.734670] ? graph_lock+0x270/0x270 [ 215.738484] ? graph_lock+0x270/0x270 [ 215.742303] ? find_held_lock+0x36/0x1c0 [ 215.746380] ? handle_mm_fault+0x42a/0xc70 [ 215.750629] ? lock_downgrade+0x900/0x900 [ 215.754789] ? check_preemption_disabled+0x48/0x280 [ 215.759817] ? kasan_check_read+0x11/0x20 [ 215.763977] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 215.769274] ? rcu_read_unlock_special+0x370/0x370 [ 215.774224] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.779778] ? check_preemption_disabled+0x48/0x280 [ 215.784813] handle_mm_fault+0x54f/0xc70 [ 215.788890] ? __handle_mm_fault+0x5b70/0x5b70 [ 215.793493] ? find_vma+0x34/0x190 [ 215.797054] __do_page_fault+0x5f6/0xd70 [ 215.801154] do_page_fault+0xf2/0x7e0 [ 215.804966] ? vmalloc_sync_all+0x30/0x30 [ 215.809139] ? error_entry+0x76/0xd0 [ 215.812865] ? trace_hardirqs_off_caller+0xbb/0x310 [ 215.817889] ? find_held_lock+0x36/0x1c0 [ 215.821982] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.826839] ? trace_hardirqs_on_caller+0x310/0x310 [ 215.831905] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.836777] page_fault+0x1e/0x30 [ 215.840245] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 215.846165] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 215.865069] RSP: 0018:ffff888188146de0 EFLAGS: 00010206 [ 215.870466] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 215.877743] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff8881ae97c000 [ 215.885048] RBP: ffff888188146e18 R08: 0000000000000000 R09: 0000000000000040 [ 215.892354] R10: ffffed1035d2f9ff R11: ffff8881ae97cfff R12: 0000000020014000 [ 215.899656] R13: 0000000020013000 R14: ffff8881ae97c000 R15: 00007ffffffff000 [ 215.906974] ? _copy_from_user+0x10d/0x150 [ 215.911226] mcopy_atomic+0x1bc2/0x2cd0 [ 215.915220] ? do_raw_spin_trylock+0x270/0x270 [ 215.919832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.925402] ? mm_alloc_pmd+0x2f0/0x2f0 [ 215.929387] ? find_held_lock+0x36/0x1c0 [ 215.933469] ? graph_lock+0x270/0x270 [ 215.937291] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 215.942065] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 215.946680] ? retint_kernel+0x2d/0x2d [ 215.950581] ? trace_hardirqs_on_caller+0x20/0x310 [ 215.955530] ? find_held_lock+0x36/0x1c0 [ 215.959614] ? __might_fault+0x12b/0x1e0 [ 215.963708] ? lock_downgrade+0x900/0x900 [ 215.967869] ? lock_release+0xa00/0xa00 [ 215.971871] ? perf_trace_sched_process_exec+0x860/0x860 [ 215.977383] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.982932] ? _copy_from_user+0xdf/0x150 [ 215.987116] userfaultfd_ioctl+0x29f4/0x55d0 [ 215.991537] ? graph_lock+0x270/0x270 [ 215.995366] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 216.000162] ? lockdep_hardirqs_on+0x2d1/0x5b0 [ 216.004764] ? userfaultfd_read+0x2c0/0x2c0 [ 216.009116] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 216.014599] ? perf_trace_sched_process_exec+0x860/0x860 [ 216.020059] ? retint_kernel+0x2d/0x2d [ 216.023978] ? __might_sleep+0x95/0x190 [ 216.027973] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.033526] ? futex_wait_queue_me+0x55d/0x840 [ 216.038132] ? refill_pi_state_cache.part.7+0x310/0x310 [ 216.043530] ? print_usage_bug+0xc0/0xc0 [ 216.047635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.053184] ? get_futex_value_locked+0xcb/0xf0 [ 216.057866] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 216.062899] ? futex_wait_setup+0x266/0x3e0 [ 216.067262] ? __lock_acquire+0x62f/0x4c20 [ 216.071509] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 216.076737] ? futex_wait+0x5ec/0xa50 [ 216.080563] ? mark_held_locks+0x130/0x130 [ 216.084829] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 216.089953] ? futex_wake+0x304/0x760 [ 216.093775] ? __lock_acquire+0x62f/0x4c20 [ 216.098055] ? mark_held_locks+0x130/0x130 [ 216.102329] ? graph_lock+0x270/0x270 [ 216.106155] ? do_futex+0x249/0x26d0 [ 216.109899] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 216.114487] ? retint_kernel+0x2d/0x2d [ 216.118402] ? trace_hardirqs_on_caller+0xc0/0x310 [ 216.123345] ? find_held_lock+0x36/0x1c0 [ 216.127426] ? __fget+0x4aa/0x740 [ 216.130905] ? lock_downgrade+0x900/0x900 [ 216.135063] ? check_preemption_disabled+0x48/0x280 [ 216.140121] ? kasan_check_read+0x11/0x20 [ 216.144283] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 216.149576] ? rcu_read_unlock_special+0x370/0x370 [ 216.154530] ? __fget+0x4d1/0x740 [ 216.158003] ? ksys_dup3+0x680/0x680 [ 216.161731] ? __might_fault+0x12b/0x1e0 [ 216.165809] ? lock_downgrade+0x900/0x900 [ 216.169975] ? lock_release+0xa00/0xa00 [ 216.173982] ? userfaultfd_read+0x2c0/0x2c0 [ 216.178333] do_vfs_ioctl+0x1de/0x1790 [ 216.182234] ? do_vfs_ioctl+0x1de/0x1790 [ 216.186329] ? ioctl_preallocate+0x300/0x300 [ 216.190755] ? __fget_light+0x2e9/0x430 [ 216.194744] ? fget_raw+0x20/0x20 [ 216.198231] ? _copy_to_user+0xc8/0x110 [ 216.202246] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 216.207825] ? put_timespec64+0x10f/0x1b0 [ 216.212001] ? nsecs_to_jiffies+0x30/0x30 [ 216.216164] ? do_syscall_64+0x9a/0x820 [ 216.220153] ? do_syscall_64+0x9a/0x820 [ 216.224137] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 216.228730] ? security_file_ioctl+0x94/0xc0 [ 216.233154] ksys_ioctl+0xa9/0xd0 [ 216.236637] __x64_sys_ioctl+0x73/0xb0 [ 216.240541] do_syscall_64+0x1b9/0x820 [ 216.244440] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 216.249816] ? syscall_return_slowpath+0x5e0/0x5e0 [ 216.254759] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 216.259619] ? trace_hardirqs_on_caller+0x310/0x310 [ 216.264649] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 216.269677] ? prepare_exit_to_usermode+0x291/0x3b0 [ 216.274710] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 216.279573] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 216.284772] RIP: 0033:0x457669 [ 216.287976] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 216.306898] RSP: 002b:00007f37bfb27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 216.314617] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 216.321896] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 216.329168] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 216.336443] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f37bfb286d4 [ 216.343716] R13: 00000000004c1703 R14: 00000000004d32d0 R15: 00000000ffffffff [ 216.351188] CPU: 1 PID: 7877 Comm: syz-executor5 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 216.359705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.369062] Call Trace: [ 216.371669] dump_stack+0x244/0x39d [ 216.375321] ? dump_stack_print_info.cold.1+0x20/0x20 [ 216.380537] handle_userfault.cold.30+0x47/0x62 [ 216.385239] ? userfaultfd_ioctl+0x55d0/0x55d0 [ 216.389840] ? mark_held_locks+0x130/0x130 [ 216.394105] ? mark_held_locks+0x130/0x130 [ 216.398357] ? print_usage_bug+0xc0/0xc0 [ 216.402449] ? userfaultfd_ctx_put+0x830/0x830 [ 216.407053] ? print_usage_bug+0x51/0xc0 [ 216.411146] ? clockevents_program_event+0x158/0x370 [ 216.416264] ? lock_downgrade+0x900/0x900 [ 216.420437] ? print_usage_bug+0xc0/0xc0 [ 216.424508] ? graph_lock+0x270/0x270 [ 216.428327] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 216.433103] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 216.437699] ? retint_kernel+0x2d/0x2d [ 216.441611] ? trace_hardirqs_on_caller+0xc0/0x310 [ 216.446565] ? find_held_lock+0x36/0x1c0 [ 216.450655] ? __handle_mm_fault+0x4d19/0x5b70 [ 216.455255] ? lock_downgrade+0x900/0x900 [ 216.459425] ? kasan_check_read+0x11/0x20 [ 216.463592] ? do_raw_spin_unlock+0xa7/0x330 [ 216.468033] ? do_raw_spin_trylock+0x270/0x270 [ 216.472632] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 216.478281] ? preempt_count_add+0xc0/0x1b0 [ 216.482670] __handle_mm_fault+0x4d26/0x5b70 [ 216.487135] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 216.491995] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 216.496778] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 216.501379] ? retint_kernel+0x2d/0x2d [ 216.505312] ? trace_hardirqs_on_caller+0xc0/0x310 [ 216.510261] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 216.515738] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 216.520517] ? graph_lock+0x270/0x270 [ 216.524338] ? graph_lock+0x270/0x270 [ 216.528157] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 216.532927] ? find_held_lock+0x36/0x1c0 [ 216.537012] ? handle_mm_fault+0x42a/0xc70 [ 216.541265] ? lock_downgrade+0x900/0x900 [ 216.545420] ? check_preemption_disabled+0x48/0x280 [ 216.550451] ? kasan_check_read+0x11/0x20 [ 216.554622] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 216.559947] ? rcu_read_unlock_special+0x370/0x370 [ 216.564901] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 216.570449] ? check_preemption_disabled+0x48/0x280 [ 216.575481] handle_mm_fault+0x54f/0xc70 [ 216.579558] ? __handle_mm_fault+0x5b70/0x5b70 [ 216.584188] ? find_vma+0x34/0x190 [ 216.587746] __do_page_fault+0x5f6/0xd70 [ 216.591834] do_page_fault+0xf2/0x7e0 [ 216.595645] ? vmalloc_sync_all+0x30/0x30 [ 216.599829] ? error_entry+0x76/0xd0 [ 216.603585] ? trace_hardirqs_off_caller+0xbb/0x310 [ 216.608624] ? find_held_lock+0x36/0x1c0 [ 216.612692] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 216.617546] ? trace_hardirqs_on_caller+0x310/0x310 [ 216.622589] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 216.627463] page_fault+0x1e/0x30 [ 216.630966] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 [ 216.636876] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 [ 216.655781] RSP: 0018:ffff888188e66de0 EFLAGS: 00010206 [ 216.661153] RAX: 0000000000000000 RBX: 0000000000001000 RCX: 0000000000001000 [ 216.668426] RDX: 0000000000001000 RSI: 0000000020013000 RDI: ffff8881a2c37000 [ 216.675701] RBP: ffff888188e66e18 R08: 0000000000000000 R09: 0000000000000040 [ 216.683004] R10: ffffed1034586fff R11: ffff8881a2c37fff R12: 0000000020014000 [ 216.690309] R13: 0000000020013000 R14: ffff8881a2c37000 R15: 00007ffffffff000 [ 216.697623] ? _copy_from_user+0x10d/0x150 [ 216.701871] mcopy_atomic+0x1bc2/0x2cd0 [ 216.705923] ? mm_alloc_pmd+0x2f0/0x2f0 [ 216.709914] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 216.714518] ? retint_kernel+0x2d/0x2d [ 216.718444] ? trace_hardirqs_on_caller+0xc0/0x310 [ 216.723389] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 216.728177] ? retint_kernel+0x2d/0x2d [ 216.732102] ? lock_release+0x51d/0xa00 [ 216.736115] ? __might_fault+0x12b/0x1e0 [ 216.740189] ? lock_downgrade+0x900/0x900 [ 216.744350] ? lock_release+0xa00/0xa00 [ 216.748334] ? perf_trace_sched_process_exec+0x860/0x860 [ 216.753791] ? finish_task_switch+0x1f4/0x910 [ 216.758289] ? finish_task_switch+0x1b4/0x910 [ 216.762791] ? __switch_to_asm+0x34/0x70 [ 216.766912] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 216.772459] ? _copy_from_user+0xdf/0x150 [ 216.776629] userfaultfd_ioctl+0x29f4/0x55d0 [ 216.781060] ? __sched_text_start+0x8/0x8 [ 216.785656] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 216.790438] ? userfaultfd_read+0x2c0/0x2c0 [ 216.794772] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 216.800250] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 216.805041] ? preempt_schedule+0x4d/0x60 [ 216.809209] ? preempt_schedule_common+0x1f/0xe0 [ 216.813995] ? preempt_schedule+0x4d/0x60 [ 216.818165] ? ___preempt_schedule+0x16/0x18 [ 216.822593] ? _raw_spin_unlock_irqrestore+0xbb/0xd0 [ 216.827717] ? try_to_wake_up+0x11c/0x1440 [ 216.831969] ? graph_lock+0x270/0x270 [ 216.835780] ? print_usage_bug+0xc0/0xc0 [ 216.839855] ? migrate_swap_stop+0x8a0/0x8a0 [ 216.844298] ? find_held_lock+0x36/0x1c0 [ 216.848382] ? __lock_acquire+0x62f/0x4c20 [ 216.852629] ? lock_downgrade+0x900/0x900 [ 216.856809] ? mark_held_locks+0x130/0x130 [ 216.861061] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 216.866180] ? futex_wake+0x304/0x760 [ 216.870010] ? __lock_acquire+0x62f/0x4c20 [ 216.874252] ? retint_kernel+0x2d/0x2d [ 216.878162] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 216.882929] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 216.887517] ? retint_kernel+0x2d/0x2d [ 216.891415] ? trace_hardirqs_on_caller+0xc0/0x310 [ 216.896353] ? mark_held_locks+0x130/0x130 [ 216.900602] ? graph_lock+0x270/0x270 [ 216.904417] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 216.909871] ? do_futex+0x249/0x26d0 [ 216.913592] ? trace_hardirqs_on_caller+0xc0/0x310 [ 216.918542] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 216.923331] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 216.927919] ? retint_kernel+0x2d/0x2d [ 216.931819] ? find_held_lock+0x36/0x1c0 [ 216.935900] ? __fget+0x4aa/0x740 [ 216.939370] ? lock_downgrade+0x900/0x900 [ 216.943528] ? check_preemption_disabled+0x48/0x280 [ 216.948556] ? kasan_check_read+0x11/0x20 [ 216.952715] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 216.958001] ? rcu_read_unlock_special+0x370/0x370 [ 216.962940] ? __fget+0x4a2/0x740 [ 216.966406] ? __fget+0x4d1/0x740 [ 216.969879] ? ksys_dup3+0x680/0x680 [ 216.973611] ? __might_fault+0x12b/0x1e0 [ 216.977686] ? lock_downgrade+0x900/0x900 [ 216.981860] ? lock_release+0xa00/0xa00 [ 216.985844] ? userfaultfd_read+0x2c0/0x2c0 [ 216.990186] do_vfs_ioctl+0x1de/0x1790 [ 216.994101] ? do_vfs_ioctl+0x1de/0x1790 [ 216.998183] ? ioctl_preallocate+0x300/0x300 [ 217.002609] ? __fget_light+0x2e9/0x430 [ 217.006594] ? fget_raw+0x20/0x20 [ 217.010069] ? _copy_to_user+0xc8/0x110 [ 217.014068] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 217.019626] ? put_timespec64+0x10f/0x1b0 [ 217.023798] ? nsecs_to_jiffies+0x30/0x30 [ 217.027984] ? do_syscall_64+0x9a/0x820 [ 217.031977] ? do_syscall_64+0x9a/0x820 [ 217.035976] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 217.040623] ? security_file_ioctl+0x94/0xc0 [ 217.045046] ksys_ioctl+0xa9/0xd0 [ 217.048514] __x64_sys_ioctl+0x73/0xb0 [ 217.052415] do_syscall_64+0x1b9/0x820 [ 217.056310] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 217.061684] ? syscall_return_slowpath+0x5e0/0x5e0 [ 217.066625] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 217.071484] ? trace_hardirqs_on_caller+0x310/0x310 [ 217.076507] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 217.081530] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.087114] ? prepare_exit_to_usermode+0x291/0x3b0 [ 217.092148] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 217.097037] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.102245] RIP: 0033:0x457669 [ 217.105446] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 217.124361] RSP: 002b:00007ffa78f02c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 217.132092] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 217.139390] RDX: 0000000020000040 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 217.146659] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 217.153947] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffa78f036d4 08:36:51 executing program 4: syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x800) 08:36:51 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x2001001, 0x0) syz_mount_image$ext4(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x100020, &(0x7f0000000380)=ANY=[@ANYBLOB='barrier,stripe=0x0000000000000401,noblock_validity,max_batch_time=0']) 08:36:51 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000300)="0a5c2d023c126285718070") r1 = syz_open_procfs(0x0, &(0x7f0000000140)='timers\x00') timer_create(0x0, 0x0, &(0x7f0000000040)) preadv(r1, &(0x7f0000000940)=[{&(0x7f0000000000)=""/47, 0x2f}], 0x1, 0x0) [ 217.161227] R13: 00000000004c1703 R14: 00000000004d32d0 R15: 00000000ffffffff 08:36:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8400ae8e, &(0x7f00000002c0)) [ 217.285250] ================================================================== [ 217.292823] BUG: KASAN: use-after-free in ext4_data_block_valid+0x2d5/0x330 [ 217.299936] Read of size 8 at addr ffff8881c531a280 by task blkid/7896 [ 217.299945] [ 217.308241] CPU: 0 PID: 7896 Comm: blkid Not tainted 4.20.0-rc6-next-20181217+ #172 [ 217.316035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.325386] Call Trace: [ 217.325404] dump_stack+0x244/0x39d [ 217.325423] ? dump_stack_print_info.cold.1+0x20/0x20 [ 217.325437] ? printk+0xa7/0xcf [ 217.325454] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 217.344877] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 217.350459] print_address_description.cold.4+0x9/0x1ff [ 217.355836] ? ext4_data_block_valid+0x2d5/0x330 [ 217.360601] kasan_report.cold.5+0x1b/0x39 [ 217.364342] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 217.364860] ? ext4_data_block_valid+0x2d5/0x330 [ 217.384095] ? ext4_data_block_valid+0x2d5/0x330 [ 217.388927] __asan_report_load8_noabort+0x14/0x20 [ 217.393860] ext4_data_block_valid+0x2d5/0x330 [ 217.398456] __check_block_validity.constprop.81+0xc1/0x210 [ 217.404172] ext4_map_blocks+0x1012/0x1b30 [ 217.408432] ? __lock_is_held+0xb5/0x140 [ 217.412514] ? ext4_issue_zeroout+0x190/0x190 [ 217.417030] ? __d_lookup_rcu+0x556/0xaa0 [ 217.421202] ? d_alloc+0x28b/0x380 [ 217.424782] ext4_getblk+0x4f2/0x630 [ 217.428501] ? find_held_lock+0x36/0x1c0 [ 217.432597] ? ext4_iomap_begin+0x1390/0x1390 [ 217.437108] ? memset+0x31/0x40 [ 217.440480] ext4_bread_batch+0x7f/0x440 [ 217.444550] ext4_find_entry+0xd49/0x1b70 [ 217.448748] ? ext4_search_dir+0x6c0/0x6c0 [ 217.452986] ? mark_held_locks+0x130/0x130 [ 217.457222] ? __d_lookup_rcu+0x556/0xaa0 [ 217.461380] ? __d_lookup_rcu+0xaa0/0xaa0 [ 217.465528] ? graph_lock+0x270/0x270 [ 217.469338] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.474892] ? graph_lock+0x270/0x270 [ 217.478716] ? graph_lock+0x270/0x270 [ 217.482530] ? find_held_lock+0x36/0x1c0 [ 217.486677] ? lockdep_init_map+0x105/0x590 [ 217.491004] ext4_lookup+0x16c/0x750 [ 217.494721] ? __init_waitqueue_head+0x9e/0x150 [ 217.499398] ? ext4_cross_rename+0x1cf0/0x1cf0 [ 217.503986] ? lock_acquire+0x1ed/0x520 [ 217.507986] __lookup_slow+0x2b5/0x540 [ 217.511906] ? vfs_unlink+0x510/0x510 [ 217.515747] ? path_init+0x1ed0/0x1ed0 [ 217.519645] lookup_slow+0x57/0x80 [ 217.523191] walk_component+0x92b/0x2590 [ 217.527256] ? inode_permission+0xb2/0x560 [ 217.531504] ? pick_link+0xaf0/0xaf0 [ 217.535256] ? walk_component+0x2590/0x2590 [ 217.539592] ? save_stack+0xa9/0xd0 [ 217.543223] ? kasan_slab_alloc+0x12/0x20 [ 217.547374] ? kmem_cache_alloc+0x130/0x730 [ 217.551695] ? getname_flags+0xd0/0x590 [ 217.555687] ? user_path_at_empty+0x2d/0x50 [ 217.560540] path_lookupat.isra.43+0x212/0xc00 [ 217.565145] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 217.570348] ? path_parentat.isra.41+0x160/0x160 [ 217.575120] ? usercopy_warn+0x110/0x110 [ 217.579198] ? check_preemption_disabled+0x48/0x280 [ 217.584253] filename_lookup+0x26a/0x520 [ 217.588322] ? nd_jump_link+0x1d0/0x1d0 [ 217.592301] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 217.597861] ? digsig_verify+0x1530/0x1530 [ 217.602175] ? kmem_cache_alloc+0x33f/0x730 [ 217.606499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.612045] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.617599] ? getname_flags+0x26e/0x590 [ 217.621698] user_path_at_empty+0x40/0x50 [ 217.625849] do_faccessat+0x254/0x800 [ 217.629660] ? __ia32_sys_fallocate+0xf0/0xf0 [ 217.634203] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.639574] ? trace_hardirqs_off_caller+0x310/0x310 [ 217.644684] __x64_sys_access+0x59/0x80 [ 217.648665] do_syscall_64+0x1b9/0x820 [ 217.652551] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 217.657919] ? syscall_return_slowpath+0x5e0/0x5e0 [ 217.662848] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 217.667698] ? trace_hardirqs_on_caller+0x310/0x310 [ 217.672716] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 217.677735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.683275] ? prepare_exit_to_usermode+0x291/0x3b0 [ 217.688299] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 217.693318] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.698519] RIP: 0033:0x7f52eaea6267 [ 217.702233] Code: 73 01 c3 48 8d 0d 3d af 20 00 31 d2 48 29 c2 89 11 48 83 c8 ff eb eb 90 90 90 90 90 90 90 90 90 90 90 90 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 0d af 20 00 31 d2 48 29 c2 89 [ 217.721167] RSP: 002b:00007ffc0914a208 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 217.728890] RAX: ffffffffffffffda RBX: 0000000000400f31 RCX: 00007f52eaea6267 [ 217.736155] RDX: 00000000000033ef RSI: 0000000000000000 RDI: 00007f52eaeaa2e6 [ 217.743437] RBP: 00007f52eb0a9000 R08: 0000000000000003 R09: 0000000000000000 [ 217.750704] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f52eb0b11c8 [ 217.757971] R13: 00007f52eb0a9718 R14: 00000000000033ef R15: 00007f52eb0b1570 [ 217.765265] [ 217.766890] Allocated by task 1: [ 217.770266] save_stack+0x43/0xd0 [ 217.773715] kasan_kmalloc+0xcb/0xd0 [ 217.777430] kasan_slab_alloc+0x12/0x20 [ 217.781404] kmem_cache_alloc+0x130/0x730 [ 217.785566] add_system_zone+0x2e5/0x5f0 [ 217.789626] ext4_setup_system_zone+0x360/0x520 [ 217.794294] ext4_fill_super+0x815f/0xda70 [ 217.798527] mount_bdev+0x314/0x3e0 [ 217.802149] ext4_mount+0x3c/0x50 [ 217.805598] legacy_get_tree+0x12f/0x260 [ 217.809661] vfs_get_tree+0x1cb/0x5c0 [ 217.813464] do_mount+0x82a/0x1ff0 [ 217.816998] ksys_mount+0x12d/0x140 [ 217.820637] do_mount_root+0x35/0x1d3 [ 217.824433] mount_block_root+0x39c/0x6ed [ 217.828579] mount_root+0x358/0x39f [ 217.832201] prepare_namespace+0x26c/0x2ab [ 217.836451] kernel_init_freeable+0x6a1/0x6ba [ 217.840952] kernel_init+0x11/0x1ae [ 217.844581] ret_from_fork+0x3a/0x50 [ 217.848284] [ 217.849932] Freed by task 7893: [ 217.853210] save_stack+0x43/0xd0 [ 217.856660] __kasan_slab_free+0x102/0x150 [ 217.860891] kasan_slab_free+0xe/0x10 [ 217.864685] kmem_cache_free+0x83/0x290 [ 217.868673] ext4_release_system_zone+0x92/0x110 [ 217.873425] ext4_setup_system_zone+0x3ef/0x520 [ 217.878103] ext4_remount+0x16fc/0x2980 [ 217.882075] legacy_reconfigure+0x14c/0x1c0 [ 217.886409] reconfigure_super+0x4c0/0xbb0 [ 217.890642] do_mount+0x1ab4/0x1ff0 [ 217.894264] ksys_mount+0x12d/0x140 [ 217.897890] __x64_sys_mount+0xbe/0x150 [ 217.901907] do_syscall_64+0x1b9/0x820 [ 217.905794] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.910969] [ 217.912640] The buggy address belongs to the object at ffff8881c531a268 [ 217.912640] which belongs to the cache ext4_system_zone of size 40 [ 217.925643] The buggy address is located 24 bytes inside of [ 217.925643] 40-byte region [ffff8881c531a268, ffff8881c531a290) [ 217.937341] The buggy address belongs to the page: [ 217.942270] page:ffffea000714c680 count:1 mapcount:0 mapping:ffff8881d4657600 index:0xffff8881c531afb9 [ 217.951708] flags: 0x2fffc0000000200(slab) [ 217.955943] raw: 02fffc0000000200 ffff8881d4651138 ffff8881d4651138 ffff8881d4657600 [ 217.963829] raw: ffff8881c531afb9 ffff8881c531a000 0000000100000006 0000000000000000 [ 217.971704] page dumped because: kasan: bad access detected [ 217.977402] [ 217.979021] Memory state around the buggy address: [ 217.983952] ffff8881c531a180: fc fb fb fb fb fb fc fc fb fb fb fb fb fc fc fb [ 217.991309] ffff8881c531a200: fb fb fb fb fc fc fb fb fb fb fb fc fc fb fb fb [ 217.998679] >ffff8881c531a280: fb fb fc fc fb fb fb fb fb fc fc fb fb fb fb fb [ 218.006027] ^ [ 218.009388] ffff8881c531a300: fc fc fb fb fb fb fb fc fc fb fb fb fb fb fc fc [ 218.016750] ffff8881c531a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 218.024118] ================================================================== [ 218.031469] Disabling lock debugging due to kernel taint [ 218.043189] EXT4-fs (sda1): re-mounted. Opts: barrier,stripe=0x0000000000000401,noblock_validity,max_batch_time=0 [ 218.055248] Kernel panic - not syncing: panic_on_warn set ... [ 218.061163] CPU: 0 PID: 7896 Comm: blkid Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 218.070347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.079696] Call Trace: [ 218.082285] dump_stack+0x244/0x39d [ 218.085913] ? dump_stack_print_info.cold.1+0x20/0x20 [ 218.091135] ? ext4_data_block_valid+0x1f0/0x330 [ 218.095907] panic+0x2ad/0x632 [ 218.099167] ? add_taint.cold.5+0x16/0x16 [ 218.103331] ? preempt_schedule+0x4d/0x60 [ 218.107478] ? ___preempt_schedule+0x16/0x18 [ 218.111898] ? trace_hardirqs_on+0xb4/0x310 [ 218.116223] ? ext4_data_block_valid+0x2d5/0x330 [ 218.120998] end_report+0x47/0x4f [ 218.124449] kasan_report.cold.5+0xe/0x39 [ 218.128600] ? ext4_data_block_valid+0x2d5/0x330 [ 218.133357] ? ext4_data_block_valid+0x2d5/0x330 [ 218.138124] __asan_report_load8_noabort+0x14/0x20 [ 218.143055] ext4_data_block_valid+0x2d5/0x330 [ 218.147648] __check_block_validity.constprop.81+0xc1/0x210 [ 218.153364] ext4_map_blocks+0x1012/0x1b30 [ 218.157614] ? __lock_is_held+0xb5/0x140 [ 218.161678] ? ext4_issue_zeroout+0x190/0x190 [ 218.166192] ? __d_lookup_rcu+0x556/0xaa0 [ 218.170371] ? d_alloc+0x28b/0x380 [ 218.173912] ext4_getblk+0x4f2/0x630 [ 218.177622] ? find_held_lock+0x36/0x1c0 [ 218.181681] ? ext4_iomap_begin+0x1390/0x1390 [ 218.186177] ? memset+0x31/0x40 [ 218.189459] ext4_bread_batch+0x7f/0x440 [ 218.193521] ext4_find_entry+0xd49/0x1b70 [ 218.197676] ? ext4_search_dir+0x6c0/0x6c0 [ 218.201912] ? mark_held_locks+0x130/0x130 [ 218.206145] ? __d_lookup_rcu+0x556/0xaa0 [ 218.210296] ? __d_lookup_rcu+0xaa0/0xaa0 [ 218.214441] ? graph_lock+0x270/0x270 [ 218.218244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.223779] ? graph_lock+0x270/0x270 [ 218.227627] ? graph_lock+0x270/0x270 [ 218.231435] ? find_held_lock+0x36/0x1c0 [ 218.235512] ? lockdep_init_map+0x105/0x590 [ 218.239836] ext4_lookup+0x16c/0x750 [ 218.243551] ? __init_waitqueue_head+0x9e/0x150 [ 218.248218] ? ext4_cross_rename+0x1cf0/0x1cf0 [ 218.252830] ? lock_acquire+0x1ed/0x520 [ 218.256837] __lookup_slow+0x2b5/0x540 [ 218.260726] ? vfs_unlink+0x510/0x510 [ 218.264538] ? path_init+0x1ed0/0x1ed0 [ 218.268424] lookup_slow+0x57/0x80 [ 218.271974] walk_component+0x92b/0x2590 [ 218.276031] ? inode_permission+0xb2/0x560 [ 218.280273] ? pick_link+0xaf0/0xaf0 [ 218.283988] ? walk_component+0x2590/0x2590 [ 218.288329] ? save_stack+0xa9/0xd0 [ 218.291955] ? kasan_slab_alloc+0x12/0x20 [ 218.296141] ? kmem_cache_alloc+0x130/0x730 [ 218.300474] ? getname_flags+0xd0/0x590 [ 218.304444] ? user_path_at_empty+0x2d/0x50 [ 218.308771] path_lookupat.isra.43+0x212/0xc00 [ 218.313354] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 218.318542] ? path_parentat.isra.41+0x160/0x160 [ 218.323299] ? usercopy_warn+0x110/0x110 [ 218.327362] ? check_preemption_disabled+0x48/0x280 [ 218.332385] filename_lookup+0x26a/0x520 [ 218.336448] ? nd_jump_link+0x1d0/0x1d0 [ 218.340422] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 218.345961] ? digsig_verify+0x1530/0x1530 [ 218.350197] ? kmem_cache_alloc+0x33f/0x730 [ 218.354519] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.360063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.365611] ? getname_flags+0x26e/0x590 [ 218.369677] user_path_at_empty+0x40/0x50 [ 218.373839] do_faccessat+0x254/0x800 [ 218.377673] ? __ia32_sys_fallocate+0xf0/0xf0 [ 218.382171] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.387549] ? trace_hardirqs_off_caller+0x310/0x310 [ 218.392653] __x64_sys_access+0x59/0x80 [ 218.396643] do_syscall_64+0x1b9/0x820 [ 218.400532] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 218.405894] ? syscall_return_slowpath+0x5e0/0x5e0 [ 218.410866] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 218.415726] ? trace_hardirqs_on_caller+0x310/0x310 [ 218.420760] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 218.425781] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.431322] ? prepare_exit_to_usermode+0x291/0x3b0 [ 218.436339] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 218.441184] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.446369] RIP: 0033:0x7f52eaea6267 [ 218.450107] Code: 73 01 c3 48 8d 0d 3d af 20 00 31 d2 48 29 c2 89 11 48 83 c8 ff eb eb 90 90 90 90 90 90 90 90 90 90 90 90 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 0d af 20 00 31 d2 48 29 c2 89 [ 218.469032] RSP: 002b:00007ffc0914a208 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 218.476738] RAX: ffffffffffffffda RBX: 0000000000400f31 RCX: 00007f52eaea6267 [ 218.484003] RDX: 00000000000033ef RSI: 0000000000000000 RDI: 00007f52eaeaa2e6 [ 218.491318] RBP: 00007f52eb0a9000 R08: 0000000000000003 R09: 0000000000000000 [ 218.498609] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f52eb0b11c8 [ 218.505906] R13: 00007f52eb0a9718 R14: 00000000000033ef R15: 00007f52eb0b1570 [ 218.514234] Kernel Offset: disabled [ 218.517860] Rebooting in 86400 seconds..