0xa80
[ 1239.847522][T10005]  __do_page_fault+0x536/0xdd0
[ 1239.852299][T10005]  do_page_fault+0x38/0x590
[ 1239.856803][T10005]  page_fault+0x39/0x40
[ 1239.860977][T10005] RIP: 0033:0x4533a0
[ 1239.864871][T10005] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1239.884471][T10005] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1239.890535][T10005] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1239.898515][T10005] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1239.906483][T10005] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1239.914443][T10005] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1239.922403][T10005] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:42 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x10000, 0x0)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r2, 0x6430)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r1, r3, 0x0, 0x8000fffffffe)

01:38:42 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r0=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000080)={0x7, 0x200, 0x1, 0x7ff, r0}, 0x10)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

01:38:42 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x1800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:42 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:42 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x48000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xc00, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:42 executing program 0:
r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = gettid()
syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/247, 0xfffffffffffffff8}], 0x100000cd, &(0x7f0000121000)=[{&(0x7f0000000480)=""/231, 0x40a}], 0x1000000000000309, 0x0)
munmap(&(0x7f00003ff000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x117, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = getpgrp(0x0)
setpriority(0x0, r2, 0x100)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r6, r7)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f00000003c0)={r5, r6, 0xfdc7})
r8 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r8, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c)
r9 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00')
sendfile(r8, r9, &(0x7f0000000040)=0x100060, 0xa808)
r10 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r11 = dup(r10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
r13 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r14 = dup2(r12, r13)
ioctl$PERF_EVENT_IOC_ENABLE(r14, 0x8912, 0x400200)
ioctl$FICLONE(r0, 0x40049409, r14)
mq_open(&(0x7f0000000000)='\x00', 0x2, 0x40, &(0x7f0000000040)={0x5, 0x1, 0x23c, 0x81, 0x1f, 0x7, 0x80, 0x7fff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r15=>0xffffffffffffffff})
r16 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r17 = dup2(r15, r16)
ioctl$PERF_EVENT_IOC_ENABLE(r17, 0x8912, 0x400200)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000080)={r17, &(0x7f0000000180)="17e626d8d37f997982298f676dfd06f15785d697425bc910d780d86679e0ee800125e5fc7d4f77382894021b0b284e5017439a3dbce796d390c774d58709bbd4df8ea3547884402efc12724c9dde26d91daeffe4ca82191d585f6b224e99b62e73a7064cd7b731f754b9687aa51681796cb08b5edb2cc39c49085857ea78ca1d800408b00303e55d544494e4ddb811225a47dc7bf1a7c3ef850ac4b7d61eacb46e8a931c3ffe7919664d29ef99e02bc5ae56daa35d776255d5bf4f099f076efa7146ce25f0d2a3c94458c5dbd8551bf98aa887e8f3efcfd3ac021e1472785b2be01f79226bee8da7544b060c528b27f584a44135880f55c0125ede6c0a8e60", &(0x7f0000000280)=""/216, 0x8851deb5b9b2242}, 0x20)
ftruncate(0xffffffffffffffff, 0xee72)
r18 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uinput\x00', 0x802, 0x0)
sendfile(r11, r18, 0x0, 0x8)

01:38:42 executing program 1:
r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080))
read(r1, &(0x7f0000000100)=""/68, 0x22)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00')
sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)={0x24, r3, 0x121, 0x0, 0x0, {{0x1, 0xf000}, 0x0, 0x4, 0x0, {0x8}}}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x34, r3, 0x10, 0x70bd2d, 0x25dfdbfc, {{}, 0x0, 0x4101, 0x0, {0x18, 0x17, {0x17, 0x3, @udp='udp:syz2\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0xc0013)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r6 = dup2(r4, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = dup(r6)
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r8, 0xee72)
sendfile(r7, r8, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r9, r10)
fcntl$addseals(r9, 0x409, 0x2)

01:38:42 executing program 3:
socket$inet(0x10, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x4805, 0x8)
ioctl(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0)
ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
bind$inet(r1, &(0x7f0000dc9ff0)={0x2, 0x4e20}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
socket$inet(0x2, 0x4, 0x6)
r2 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x1)
r3 = socket(0x10, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000046c1d09af605ce95099cb91363f40d9bcad0219fadeefdc09a778ba06e1d9553e2838b78bdc2967d82568025c2d6d35bef73abd264cbef880957ace353bb4c90b549c87a2385ebccbc502820b635106294145c0143094d53c9f287f22c9b8f51607c0a8ba60813c423056e93cbce89f4157012cb514444415d503e783b1dc5c40f3bd21f7b501594277d1e4d4f3c23411df8241a393ffd7aa8b58eab928cfa24889f3d37359b7eb89ed94b7aa4ec109ef95b94f0f67639c042703e7a5d9f38f711c9491b539365bb5d7a74aaeb9200000000000000000000000000a0cb1135dbf884fb9002ec89582070d6e36c1c516e204d75cbf1183d4a6cfea87effa294a234bdbab30a1f526da32793db6075bd89ee8a483b603a70a56dd23bf29795f9d1c4082b665659df41b9bd9da1ff1e91d63d5b2a6076a1338b19b1e7efcbbaa13c4c08504cbe90ae87fe2d3909270afd38cf1e07407615c2ed5cd61bca6a5d2a78a11a0502bd5ca59f314974bc1039da6d59417c53aa29b39aeba431231cfb17ac951676b44a066d5c1fa018bed12658ae65a0da19f607f8cb4d49fc97a32334bc2ffa6c0fe302c926e17614f4a814ea192ceb770933e4c0aef3d69ebe9d641044a4501fabeb8d051e7f4aed99e4299d496962b8b8e4be6174a3439f96de6614d3e119f91471a4a2c51493ff8635fe3cedc03fc8e7afda6be779e11f15fdc7e2a6642784cbc468d4dac9b7b0cfc480e6aa2b5f13fecfe309c19d92b9d683265f3c492405f09fa55d253235", @ANYRES32=<r5=>0x0], &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x70, &(0x7f0000000080)={<r6=>r5, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000200)=@assoc_value={r6, 0x101}, 0x8)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000000c0)={<r7=>r5, 0x80000000, 0x53, 0x5}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000140)={0x6, 0x1800000000, 0x1010f, 0x6, 0xcd, 0x6, 0x0, 0xffff, r7}, &(0x7f0000000180)=0x20)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r10 = dup2(r8, r9)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r13 = dup2(r11, r12)
ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r14=>0xffffffffffffffff})
r15 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r16 = dup2(r14, r15)
ioctl$PERF_EVENT_IOC_ENABLE(r16, 0x8912, 0x400200)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r16, 0x2405, r10)
accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
syz_genetlink_get_family_id$tipc(0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(r1, &(0x7f00000000c0), 0x38b, 0x404f7ed, 0x0, 0x0)
ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000))

01:38:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xe00, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:42 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xf00, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:42 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
r3 = msgget$private(0x0, 0x100)
msgctl$MSG_STAT(r3, 0xb, &(0x7f0000000280)=""/64)
msgctl$IPC_INFO(r3, 0x3, &(0x7f0000000180)=""/193)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000040)=@v1={0x0, @aes256, 0x0, "a2fc3056d05c09d0"})
setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000000000)=0xfffffffffffffbff, 0x4)

01:38:42 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x4c000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:42 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1100, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:42 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:43 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x4, 0x184)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1200, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1241.098474][T11415] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1241.107857][T11415] CPU: 1 PID: 11415 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1241.115446][T11415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1241.125494][T11415] Call Trace:
[ 1241.128786][T11415]  dump_stack+0x172/0x1f0
[ 1241.133118][T11415]  handle_userfault.cold+0x41/0x5d
[ 1241.138227][T11415]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1241.144475][T11415]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1241.149757][T11415]  ? find_get_entry+0x535/0x880
[ 1241.154620][T11415]  ? __kasan_check_read+0x11/0x20
[ 1241.159643][T11415]  ? mark_lock+0xc2/0x1220
[ 1241.164064][T11415]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1241.169789][T11415]  ? __kasan_check_read+0x11/0x20
[ 1241.174826][T11415]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1241.181077][T11415]  ? find_lock_entry+0x1a7/0x560
[ 1241.186007][T11415]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1241.192150][T11415]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1241.197279][T11415]  ? shmem_unuse_inode+0x1010/0x1010
[ 1241.202567][T11415]  ? lock_downgrade+0x920/0x920
[ 1241.202582][T11415]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1241.202598][T11415]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1241.219875][T11415]  shmem_fault+0x22a/0x7b0
[ 1241.224298][T11415]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1241.230294][T11415]  ? find_get_entry+0x880/0x880
[ 1241.235142][T11415]  ? pmd_val+0x85/0x100
[ 1241.239306][T11415]  __do_fault+0x111/0x540
[ 1241.243638][T11415]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1241.249872][T11415]  __handle_mm_fault+0x2dca/0x4040
[ 1241.249891][T11415]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1241.249905][T11415]  ? handle_mm_fault+0x292/0xa80
[ 1241.265438][T11415]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1241.271670][T11415]  ? __kasan_check_read+0x11/0x20
[ 1241.276688][T11415]  handle_mm_fault+0x3b7/0xa80
[ 1241.281469][T11415]  __do_page_fault+0x536/0xdd0
[ 1241.286234][T11415]  do_page_fault+0x38/0x590
[ 1241.290746][T11415]  page_fault+0x39/0x40
[ 1241.294898][T11415] RIP: 0033:0x4533a0
01:38:43 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:43 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x8000)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x4, 0x590, 0x0, 0x0, 0xf0, 0x0, 0xf0, 0x4c0, 0x4c0, 0x4c0, 0x4c0, 0x4c0, 0x4, &(0x7f0000000200), {[{{@ipv6={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @empty, [0xffffff00, 0xffffff00], [0x0, 0xffffffff, 0x82e09d48ee77d470, 0xff000000], 'veth0_to_bond\x00', 'bridge_slave_0\x00', {}, {0x7f}, 0x32, 0x80000000, 0x4, 0x1}, 0x0, 0xc8, 0xf0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x4}}}, {{@ipv6={@dev={0xfe, 0x80, [], 0x16}, @mcast2, [0x0, 0x0, 0x1fe, 0xffffffff], [0xff, 0xff, 0x0, 0x1fffffe00], 'hsr0\x00', 'irlan0\x00', {0xff}, {}, 0x0, 0x5, 0x2, 0x2}, 0x0, 0x158, 0x180, 0x0, {}, [@common=@srh1={0x90, 'srh\x00', 0x1, {0x0, 0x10000, 0x8, 0x41, 0x4, @local, @remote, @dev={0xfe, 0x80, [], 0x1c}, [0x0, 0x0, 0xff000000, 0xffffff00], [0xffffffff, 0xffffffff, 0xffffff00, 0x1fffffeff], [0xffff7f, 0x0, 0x1000001ff], 0x91, 0x10}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ipv6={@remote, @ipv4={[], [], @multicast2}, [0xffffffff, 0xe5554594a67435a8, 0xff, 0xff000080], [0xff, 0x0, 0x0, 0xffffff00], 'bond_slave_1\x00', 'dummy0\x00', {0xff}, {0x80}, 0x3a, 0x7, 0x3, 0x32}, 0x0, 0x228, 0x250, 0x0, {}, [@common=@inet=@socket2={0x28, 'socket\x00', 0x2, 0x1}, @common=@rt={0x138, 'rt\x00', 0x0, {0xff, 0x9, 0xf2, 0xedc, 0x20, 0x2, [@remote, @empty, @dev={0xfe, 0x80, [], 0x13}, @ipv4={[], [], @multicast1}, @mcast1, @local, @rand_addr="702975721c6345b6973bc57d3a541989", @empty, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @remote, @local, @rand_addr="e762bec2a23c6981300c3debe906e9e4", @dev={0xfe, 0x80, [], 0x25}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @mcast2]}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5f0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
ioctl$SIOCGIFMTU(0xffffffffffffffff, 0x8921, &(0x7f0000000180))
r3 = getpgrp(0x0)
setpriority(0x0, r3, 0x100)
write$cgroup_pid(r2, &(0x7f0000000040)=r3, 0x12)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r4, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r7 = dup2(r5, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
ioctl$DRM_IOCTL_ADD_MAP(r7, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ffa000/0x4000)=nil, 0x0, 0x4, 0x10, &(0x7f0000ffc000/0x4000)=nil, 0x6})
sendfile(r2, r4, 0x0, 0x8000fffffffe)
ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000080)={'syzkaller0\x00', {0x2, 0x4e23, @local}})

[ 1241.298790][T11415] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1241.318515][T11415] RSP: 002b:00007fbdc8f557a8 EFLAGS: 00010202
[ 1241.318528][T11415] RAX: 00007fbdc8f55850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1241.318537][T11415] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f55850
[ 1241.318545][T11415] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1241.318554][T11415] R10: 00007fbdc8f569d0 R11: 0000000000000246 R12: 00007fbdc8f566d4
[ 1241.318562][T11415] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1300, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:43 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r0, r1)
fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, <r2=>0x0})
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0xd3aa6fe65cb44f5f, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x20000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x80}, r2, 0x0, 0xffffffffffffffff, 0x2)
r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x101000, 0x0)
ioctl$TUNSETLINK(r6, 0x400454cd, 0x183)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:38:43 executing program 3:
socket$inet(0x10, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x4805, 0x8)
ioctl(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video1\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000080)={0xc, 0x1ff, 0x7, 0x80000, r4})
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0)
ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f00000000c0)=0x7fff, 0x4)
bind$inet(r5, &(0x7f0000dc9ff0)={0x2, 0x4e20}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
syz_genetlink_get_family_id$tipc(0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(r5, &(0x7f0000000180), 0xffffffffffffff9a, 0x4007ffd, 0x0, 0xb4)
ioctl$sock_inet_tcp_SIOCINQ(r5, 0x541b, &(0x7f0000000000))

01:38:43 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x60000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:43 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x5000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:43 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1400, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1241.765337][T11629] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1241.770694][T11629] CPU: 1 PID: 11629 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1241.778221][T11629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1241.788278][T11629] Call Trace:
[ 1241.788303][T11629]  dump_stack+0x172/0x1f0
[ 1241.788338][T11629]  handle_userfault.cold+0x41/0x5d
[ 1241.788357][T11629]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1241.788380][T11629]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
01:38:43 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x20, r3, 0x701, 0x0, 0x0, {0x13, 0x0, 0xfffffffffffff000}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x5}]}]}, 0x20}}, 0x0)
sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r3, @ANYBLOB="00042abd7000fcdbdf250b0000001400060008000100ff070000080001a48700000064000100100001007564703a73837a310000e9ff08000300ff7f0000380004001400010002004e22e00000010000000000000000200002000a004e21000000080000000000000000000000000000000108000000101001007564703a73797a3000000000"], 0x8c}, 0x1, 0x0, 0x0, 0x20000811}, 0x4040011)
r4 = dup(r0)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)
r6 = getpgrp(0x0)
setpriority(0x0, r6, 0x100)
r7 = getpgid(r6)
syz_open_procfs(r7, &(0x7f0000000000)='net/tcp\x00')
r8 = socket(0x10, 0x0, 0x0)
r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r10=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r9, 0x84, 0x70, &(0x7f0000000080)={r10, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r8, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r10, 0x80, 0x6}, 0xc)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f00000002c0)={r10, 0x7dee3126}, 0x8)

[ 1241.788395][T11629]  ? find_get_entry+0x535/0x880
[ 1241.788411][T11629]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1241.788424][T11629]  ? ___might_sleep+0x163/0x2c0
[ 1241.788442][T11629]  ? __kasan_check_read+0x11/0x20
[ 1241.788452][T11629]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1241.788486][T11629]  ? find_lock_entry+0x1a7/0x560
[ 1241.844174][T11629]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1241.850330][T11629]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1241.852835][T11828] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
[ 1241.855463][T11629]  ? shmem_unuse_inode+0x1010/0x1010
[ 1241.855481][T11629]  ? lock_downgrade+0x920/0x920
[ 1241.855497][T11629]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1241.855511][T11629]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1241.855531][T11629]  shmem_fault+0x22a/0x7b0
[ 1241.855552][T11629]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1241.855572][T11629]  ? find_get_entry+0x880/0x880
[ 1241.855589][T11629]  ? pmd_val+0x85/0x100
[ 1241.855605][T11629]  __do_fault+0x111/0x540
[ 1241.855619][T11629]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1241.855636][T11629]  __handle_mm_fault+0x2dca/0x4040
[ 1241.855655][T11629]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1241.855669][T11629]  ? handle_mm_fault+0x292/0xa80
[ 1241.855695][T11629]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1241.855712][T11629]  ? __kasan_check_read+0x11/0x20
[ 1241.855730][T11629]  handle_mm_fault+0x3b7/0xa80
[ 1241.855752][T11629]  __do_page_fault+0x536/0xdd0
[ 1241.855775][T11629]  do_page_fault+0x38/0x590
[ 1241.873924][T11629]  page_fault+0x39/0x40
[ 1241.873935][T11629] RIP: 0033:0x4533a0
01:38:44 executing program 3:
socket$inet(0x10, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x4805, 0x8)
ioctl(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0)
ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
bind$inet(r1, &(0x7f0000dc9ff0)={0x2, 0x4e20}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r7 = dup2(r5, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
accept4$inet(r7, 0x0, 0x0, 0xc1800)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r10 = dup2(r8, r9)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200)
getsockname$inet(r10, &(0x7f0000000040)={0x2, 0x0, @loopback}, &(0x7f00000000c0)=0x10)
socket$packet(0x11, 0x0, 0x300)
syz_genetlink_get_family_id$tipc(0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000180), 0xffffffffffffff9a, 0x4007ffd, 0x0, 0xb4)
ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000))

01:38:44 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r1, r2)
pwrite64(r1, &(0x7f0000000000)="0ebba6f44bb546f0b98cabbdd37126bad1da2777e98eebd9145c60942f2c2c8b48077c37281f817e7992d1dfee6e5383cb268bc4ec0d6071b0d099336427ed7e8b819df9a2cca38631", 0x49, 0x0)
r3 = dup(r0)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r4, 0xee72)
sendfile(r3, r4, 0x0, 0x8000fffffffe)

[ 1241.873949][T11629] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1241.873956][T11629] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1241.873967][T11629] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1241.873979][T11629] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1241.916341][T11629] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1241.916349][T11629] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1241.916357][T11629] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:44 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x101, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x3e000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xca, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x80000000000000c5, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
getpid()

[ 1242.089968][T11828] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
[ 1242.163327][T11952] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1242.171365][T11952] CPU: 0 PID: 11952 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1242.178913][T11952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1242.188967][T11952] Call Trace:
[ 1242.192263][T11952]  dump_stack+0x172/0x1f0
[ 1242.196600][T11952]  handle_userfault.cold+0x41/0x5d
[ 1242.201719][T11952]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1242.207975][T11952]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
01:38:44 executing program 0:
r0 = getpgrp(0x0)
setpriority(0x0, r0, 0x100)
r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r3 = dup(r2)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x401442, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r5 = dup2(r1, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0)
sendmsg$FOU_CMD_GET(r6, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x58, 0x0, 0x408, 0x70bd2a, 0x25dfdbfe, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e20}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x87}, @FOU_ATTR_PEER_V6={0x14, 0x9, @ipv4={[], [], @multicast1}}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast1}, @FOU_ATTR_PEER_V4={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0xc}}]}, 0x58}, 0x1, 0x0, 0x0, 0x357c12cb0a6c980d}, 0x10)
ioctl$SG_SET_KEEP_ORPHAN(r5, 0x2287, &(0x7f0000000000)=0x7fff)
io_setup(0x81, &(0x7f0000000040)=<r7=>0x0)
io_destroy(r7)
ftruncate(r4, 0xee72)
sendfile(r3, r4, 0x0, 0x8000fffffffe)

[ 1242.213261][T11952]  ? find_get_entry+0x535/0x880
[ 1242.218119][T11952]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1242.223853][T11952]  ? ___might_sleep+0x163/0x2c0
[ 1242.228718][T11952]  ? __kasan_check_read+0x11/0x20
[ 1242.233759][T11952]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1242.240009][T11952]  ? find_lock_entry+0x1a7/0x560
[ 1242.244950][T11952]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1242.251128][T11952]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1242.256239][T11952]  ? shmem_unuse_inode+0x1010/0x1010
[ 1242.261500][T11952]  ? lock_downgrade+0x920/0x920
[ 1242.266333][T11952]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1242.272558][T11952]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1242.278778][T11952]  shmem_fault+0x22a/0x7b0
[ 1242.283173][T11952]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1242.289167][T11952]  ? find_get_entry+0x880/0x880
[ 1242.294028][T11952]  ? pmd_val+0x85/0x100
[ 1242.298184][T11952]  __do_fault+0x111/0x540
[ 1242.302522][T11952]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1242.308775][T11952]  __handle_mm_fault+0x2dca/0x4040
[ 1242.313894][T11952]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1242.319431][T11952]  ? handle_mm_fault+0x292/0xa80
[ 1242.324358][T11952]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1242.330575][T11952]  ? __kasan_check_read+0x11/0x20
[ 1242.335622][T11952]  handle_mm_fault+0x3b7/0xa80
[ 1242.340378][T11952]  __do_page_fault+0x536/0xdd0
[ 1242.345120][T11952]  do_page_fault+0x38/0x590
[ 1242.349600][T11952]  page_fault+0x39/0x40
[ 1242.353735][T11952] RIP: 0033:0x4533a0
[ 1242.357617][T11952] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1242.377214][T11952] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1242.383382][T11952] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1242.391387][T11952] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1242.399381][T11952] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
01:38:44 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1}, 0x0, 0x800000000, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
shmctl$SHM_LOCK(0xffffffffffffffff, 0xb)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x9, 0x3, 0x2d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, &(0x7f0000000080), {[{{@ip={@multicast2, @dev={0xac, 0x14, 0x14, 0x13}, 0xff, 0x0, 'bridge_slave_1\x00', 'bridge0\x00', {0x4a4302d8b34c8c7a}, {0xff}, 0x20, 0x3, 0x10}, 0x0, 0xc0, 0x120, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @empty, 0x1, 0x0, [0xd, 0x24, 0x30, 0x18, 0x1b, 0x29, 0x3c, 0x15, 0xf, 0x2, 0x7, 0x13, 0x1e, 0x21, 0x1a, 0x18], 0x0, 0x6, 0x7ff}}}, {{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x26}, 0xff000000, 0xffffff00, 'veth0_to_bridge\x00', 'veth0_to_bond\x00', {0xff}, {0xff}, 0x6c, 0x3, 0x1}, 0x0, 0xc0, 0x120, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x8dbf99cc36decd5}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x9bb, [0x0, 0x4, 0x6, 0x0, 0x3, 0x1], 0x80000000, 0x6}, {0x7, [0x20, 0x62aa, 0x20, 0x4, 0x8000, 0x741], 0x4, 0x3}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x338)
fchdir(0xffffffffffffffff)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r6, r7)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r7, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r8 = syz_open_dev$dspn(&(0x7f0000001e80)='/dev/dsp#\x00', 0x1, 0x4000)
setsockopt$inet6_opts(r8, 0x29, 0x72, &(0x7f0000002040)=@hopopts={0x3b, 0x31, [], [@generic={0x3, 0x2e, "6ff200121d6f17a6d42dac81a840fb7bce7c52f9503f8c68011f06bcf6c2d0cdff9c17fc9348acad2afeb6a80ac9"}, @calipso={0x7, 0x48, {0x5, 0x10, 0x242, 0x0, [0x6, 0x2, 0x2, 0x8001, 0x8, 0xf3, 0x0, 0x100]}}, @hao={0xc9, 0x10, @mcast1}, @generic={0x5, 0xf5, "b9ba19b20b15ddab6ea6e77aed8d4c9392dffbc9ed8a5b42c15147e06fbe9b455e89e135dcd0204fa0589a52302f3c96aaadc1887eab59c65fce7b55ea105d48592e4701a3cbbda407dc8702db422b1dbe232b13f60fecf097f4ab903c02fa0229d42f49123551b09e7a951d16fad8ce0916de5539cad7e02f9d5995514aaa395288747ec786baafb66f6a2931cef286d237882d0de9f5996474aa5b181262e04f5732a4eac9153a9e73e170c71eed6f93865500e9fc075797d37c9974daee52f3f2032e32ca54e123c7020d7b1803651aaf59e06a6b40f95af19bf90aaa22fe4f7e7ee8d5e1112dfe6201c9ae3628f57ea568cdbf"}, @pad1, @pad1]}, 0x198)

[ 1242.407345][T11952] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1242.415302][T11952] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:44 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x68000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:44 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000))

01:38:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1801, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:44 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x7800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1242.770497][T12275] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1242.778598][T12275] CPU: 1 PID: 12275 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1242.786151][T12275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1242.796206][T12275] Call Trace:
[ 1242.799499][T12275]  dump_stack+0x172/0x1f0
[ 1242.803838][T12275]  handle_userfault.cold+0x41/0x5d
[ 1242.808949][T12275]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1242.815301][T12275]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1242.820585][T12275]  ? find_get_entry+0x535/0x880
[ 1242.825437][T12275]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1242.831148][T12275]  ? ___might_sleep+0x163/0x2c0
[ 1242.831169][T12275]  ? __kasan_check_read+0x11/0x20
[ 1242.831203][T12275]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1242.847290][T12275]  ? find_lock_entry+0x1a7/0x560
[ 1242.847302][T12275]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1242.847318][T12275]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1242.863462][T12275]  ? shmem_unuse_inode+0x1010/0x1010
[ 1242.868746][T12275]  ? lock_downgrade+0x920/0x920
[ 1242.873597][T12275]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1242.879837][T12275]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1242.886076][T12275]  shmem_fault+0x22a/0x7b0
[ 1242.890507][T12275]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1242.896509][T12275]  ? find_get_entry+0x880/0x880
[ 1242.901364][T12275]  ? pmd_val+0x85/0x100
[ 1242.905521][T12275]  __do_fault+0x111/0x540
[ 1242.909852][T12275]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1242.916094][T12275]  __handle_mm_fault+0x2dca/0x4040
01:38:44 executing program 0:
r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x3, 0x2)
r4 = getuid()
r5 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video1\x00', 0x2, 0x0)
r6 = getpgrp(0x0)
setpriority(0x0, r6, 0x100)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r9 = dup2(r7, r8)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
r10 = userfaultfd(0x0)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f0000000080))
read(r10, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r13 = dup2(r11, r12)
ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$inet6_sctp(0xa, 0x10000000005, 0x84)
perf_event_open$cgroup(&(0x7f0000000680)={0x1, 0x70, 0x3, 0x59, 0x7, 0x6, 0x0, 0x81, 0x400, 0x4, 0x3, 0x0, 0x3, 0x1, 0x1, 0x200, 0xff, 0x4d0, 0x4, 0x7, 0x2, 0x1, 0x6, 0x13d, 0x20, 0x8, 0x4, 0x100000000, 0xc4e, 0x0, 0xffffffffffff0001, 0x57, 0x4, 0x51b, 0x5, 0x7, 0x1f, 0xff, 0x0, 0x7, 0x4, @perf_bp={&(0x7f0000000640), 0x4}, 0x20000, 0x5, 0x200, 0x2, 0xc0000000, 0xffffffff, 0x8}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x4)
r14 = userfaultfd(0x0)
ioctl$UFFDIO_API(r14, 0xc018aa3f, &(0x7f0000000080))
read(r14, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r14, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r14)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r15=>0xffffffffffffffff})
r16 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r15, r16)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r17=>0xffffffffffffffff})
r18 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r17, r18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r19=>0xffffffffffffffff})
r20 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r21 = dup2(r19, r20)
ioctl$PERF_EVENT_IOC_ENABLE(r21, 0x8912, 0x400200)
r22 = dup2(r10, r21)
ioctl$PERF_EVENT_IOC_ENABLE(r22, 0x8912, 0x400200)
sendmsg$netlink(r3, &(0x7f0000000600)={&(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0xe0001}, 0xc, &(0x7f0000000540)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="58020000160000032cbd7000fddbdf253c012f0008007b00806927c724b9943b452c1999fd140503b37c0c59aac1717553b078f6cce1f0a0ae77f693e82261b60c9242988c01a9b4376e9cb827c0c513cc", @ANYRES32=r4, @ANYBLOB="140009002f6465762f7572616e646f6d0000000008009200", @ANYRES32=r5, @ANYBLOB="14005b002f6465762f7572616e646f6d000000001400960000000000000000000000000000000000948a18f3acf83c8c2f804b6fefbaaec3bb37a358be0044ba286ee170bfa7d80111aaa62b840e1fb96d98824ca6b59d22b28e1c2a35fdf3ec8c73f86dc656d4cfb180da8623c7620cb6dc41b5b94eb7a01b5ef281d3cc0d2b914d9908226e7b95343ae851c6ce2c9c09d28ca5c8587427015bb00b128557b341b566806575b03787de578d65c1a8ddd61da0ff767dd1109e4ed7a66b7aef5e63d9448e6ac54524f4f4614395eb2a902bf1bb39abd0eed53c89976b7e0307f3558695d53939c886faf9d493cfa983fd19383ccf020a33f4acc9297a8232f342011823a851ad1e52e91bf9b4fc0ec7ce92df4e000800410000000000140085007d124985ffdb50c11d39cba660ca86746995e6ae9140d2437ff370107f64b6efc1589417d52ad62f9190b99b8705f5c3aa033ee2618eaeed882aa10cecfb500a3396c86879baa4e70086ded7ec0150e4ad3ee23cb831f64cefe14ea0e36f6c9903f6d79042aa50d70a8fe00f5520af954eb4d9e0ff017f884205ae7c52e9af6f7fadc7a51aac0c703a65439c25cf4858cc3d007d6c6448d3b801cb066e779ac37d4eb38ab82820a4b45582ecb4fa90f28fa649408c94a502558b3baabe85453e4fb7cca18fefda324b1654aacbfcd8b189353d8c5e5369cd81109d131109ee66af2201b44fb62f5fe9f48f9159e246f607cb317b57f6e11018dc33958e530000"], 0x258}, {&(0x7f0000000400)={0x110, 0x1c, 0x20, 0x70bd26, 0x25dfdbfc, "", [@nested={0x14, 0x54, [@typed={0x8, 0x1d, @ipv4=@broadcast}, @typed={0x8, 0x48, @pid=r6}]}, @generic="c74edffba3588aa47cd81f7a0c313e717523e96320635dacd9391c1027ccf1af6938819518c443c71c85fe6034cd77577649c6d6b2ad55f275677b1a18b74216ef4a1e96da704ea9f3103eb49d368c74bf6b33545edf0e55e3c25923f5745e40e9b6de0ef322d7b36eaa82b66a05163d67b95eb60df0578ec52575252ff5a8779366f50d858252782446a0deb6e68f4216b2ee5e44363a8eb735f2efefcabb32468c0305ae9a5f323abb5421a03c294d962ca323317bc3ede33b0aa6405b53a551aa2c2726b9ff4e4bb8879f357b8f4b3f44277977b69c2295756807c3e39f716a59a9e6b2d3", @typed={0x4, 0x3}]}, 0x110}], 0x2, &(0x7f0000000180)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32=r9, @ANYRES32=r10, @ANYRES32, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="009b98ce13e8fa437f0035000100000063d60e9b0cb27b00", @ANYRES32=r13, @ANYRES32=r0, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r22, @ANYRES32], 0x70, 0x2000010}, 0x8000)
ftruncate(r2, 0xee72)
sendfile(0xffffffffffffffff, r2, 0x0, 0x8000fffffffe)

01:38:44 executing program 1:
r0 = perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1020, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = syz_open_dev$vcsn(&(0x7f0000003ac0)='/dev/vcs#\x00', 0x7ff, 0x8100)
r5 = dup2(r4, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = fcntl$getown(0xffffffffffffffff, 0x9)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r9 = dup2(r7, r8)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
r10 = getpgrp(0x0)
setpriority(0x0, r10, 0x100)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r11, r12)
r13 = socket$caif_seqpacket(0x25, 0x5, 0x0)
r14 = getpgrp(0x0)
r15 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r16=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r17=>0x0)
keyctl$chown(0x4, r15, r16, r17)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000001a80)=<r18=>0x0)
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000001c40)={{{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r19=>0x0}}, {{@in=@initdev}, 0x0, @in=@dev}}, &(0x7f0000001d40)=0xe8)
r20 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r21=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r22=>0x0)
keyctl$chown(0x4, r20, r21, r22)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r23=>0xffffffffffffffff})
r24 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r25 = dup2(r23, r24)
ioctl$PERF_EVENT_IOC_ENABLE(r25, 0x8912, 0x400200)
ioctl$TIOCGSID(r25, 0x5429, &(0x7f0000001d80)=<r26=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r27=>0xffffffffffffffff})
r28 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r29 = dup2(r27, r28)
ioctl$PERF_EVENT_IOC_ENABLE(r29, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r30=>0xffffffffffffffff})
r31 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r30, r31)
r32 = fcntl$getown(r31, 0x9)
fstat(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, 0x0, 0x0, <r33=>0x0})
r34 = geteuid()
r35 = getpgrp(0x0)
setpriority(0x0, r35, 0x100)
r36 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001e40)='/dev/mISDNtimer\x00', 0x700, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r37 = userfaultfd(0x0)
ioctl$UFFDIO_API(r37, 0xc018aa3f, &(0x7f0000000080))
read(r37, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r37, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r37)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r38=>0xffffffffffffffff})
r39 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r38, r39)
r40 = dup2(r37, r38)
ioctl$PERF_EVENT_IOC_ENABLE(r40, 0x8912, 0x400200)
ioctl$TIOCGPGRP(r40, 0x540f, &(0x7f0000001f40)=<r41=>0x0)
r42 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r43=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r44=>0x0)
keyctl$chown(0x4, r42, r43, r44)
r45 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r46=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r47=>0x0)
keyctl$chown(0x4, r45, r46, r47)
getgroups(0x2, &(0x7f0000001f80)=[<r48=>0x0, r47])
r49 = getpgrp(0x0)
setpriority(0x0, r49, 0x100)
r50 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r51=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r52=>0x0)
keyctl$chown(0x4, r50, r51, r52)
sendmsg$netlink(r5, &(0x7f00000068c0)={&(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbff, 0x400}, 0xc, &(0x7f0000001e80)=[{&(0x7f00000002c0)={0x64, 0x17, 0x400, 0x70bd25, 0x25dfdbfd, "", [@generic="f48341eab13459f5eec8075616eeff0041b6c49b131b60e6b0b2796beeda3d482f30f099be9a90be28bf3dcdada679d5e124510576eb12c400f362b90b04b7918b8b04b8ef9f1e872c9076e3855d9e1107a1"]}, 0x64}, {&(0x7f0000000340)={0x240, 0x2f, 0x400, 0x70bd27, 0x25dfdbfd, "", [@typed={0x14, 0x28, @str='/dev/urandom\x00'}, @nested={0x34, 0x19, [@typed={0xc, 0x51, @u64=0x9}, @typed={0x8, 0x50, @u32=0x7}, @typed={0x14, 0x3e, @ipv6=@remote}, @typed={0x8, 0x38, @pid=r6}]}, @generic="7c9bd6e69413ca58461e30ee62091777d6fc505402499677efdf3825be15ec2714a11476f3ad7bdde36bc278fe38bcd8ba5fef776e46e010811bfa7b820edff3f6c4ad24d5ce83010f4d952a6de95130fa7908de93fcaf048f2a99524690cf6cd97ce6ec1f90cd330f1cd1ebdbebba04f968a770d8663dc33b9fbf77c0878eda1c0a904c2e1dad61c9752b369e797316aaa0dbeda56b7d6e395246919b55655a865d7d741fd373c8dca1028392071beb33a1d489f1107f71aee65a732c84290172e212789e8518274c14974f4f3c382f9fb1b1793ac23af068ee6dd385c9a17c55", @nested={0x104, 0x8, [@generic="0074e6f4cf4cb4bf9742bbad086183f74d7f4933069b5e6daabd7905632adec9d501a49a74625a6515715431c22a7c8d98d5d04eefba6235f382e6461661ae66c0ec4c0a8d5e5c14ff07f111909ace6bc1ca653d3f698ef6a45a4f5609ed950a459fb7e1f8a708b54e6752ddd96319322099a5916f8989550280ecf8e9cc6235663e6375821bbd01f26e143ced069af97fbbae7bf8a74e15970d21c986aaf5bf305f250f9f22a1ef4c7aa9852c8c427b6dc08fdaeee622420a4c6da6784b07dec57537bbbd4f0363629b3c9242bbc658b9e0474d5ed335d07624d16d372c788bbb7ee7c90929101de03bb4b6d67cccaf12240e4f8a42643c14995710ba"]}]}, 0x240}, {&(0x7f0000000580)=ANY=[@ANYBLOB="5013000015fedbdf2530026499d36c2700", @ANYRES32=0x0, @ANYBLOB="52b38230e42111bed6ae1a18e78af733aea0062100a9587244d7944865d56b3656c3dbebbafebd1ed0e128365dfdb7bf80b04fc5281907f4b56570cf12a61b854bf5c2004ed47e55b4e7f0dbf02e70eda7db060178343ba6ab0dd5f476d77ab45623fef8a06db5e71374a9df55586e321dc2d9b7cf309288a4d8669eec84dd83fbdd2224b03de2a5166e7dbc3df4759f22d79deab16da39eb43747b8e15bac61574c8a82127f3486177efcbfc0c160511fb49b977170369c92f5c60794964bcb15e7b78bda920b72522f4a937750ee12b4ba08b19e8f5a2af3651f7e80b87b3347ee89ea2f3fb569ddbfb108e4cfc36eda55c7ca96bae6eae32808005000e0000002d82eba5e25104f9a3515ee7398d38fe4449f4f966e7b3960623a1ebf0229998b76b92c9249d9bb5f05a3779b82fcba6a2631652083dc46ebc61b0fbc6fe5930d57df4439a5134bb6f9ae4f2815bf28b018df647d73c6ffbedc613d3cf4fb1a82bc0cbc3bb463238441b57f13f7a85ec777ad4315a020bdac728750cf5c2a80e892916d71e48b3bbe7ca2e6d8721890bf7e7988b0dcd69a070eac60f2ed315a9c8881997d1f1fbe22e472098b75811e19f53e7b70dc49c702b12e7e9200233deb8637f3bb5b6a3788a7d7553b909edf72c60038dfc8009bdd4abbeafd01a33e6dfd44f5ef37f096f2ec4cca7b48ab988509c1c51611cdad8b9840bb8c542210a0393bc343bc340d06ef3a3ae22e8554fb69714a1f9e25777a2a87312b9f9e6899aa9476848cbb72e8745120936a5b812ec100a85e8c4c27f9b45eeea503df013521b7a5f8cd299cce6d858e8765a3d7c60e9e697cde344a267efe5f32f74b086bf9ae5ee3833de64c6d5f595155211020997a481da03a11b01057005cc14c78e9641f354e02607f18001187b33fa234acf06e44a66e5579de4dc341e215aed92629d805aa5d75105499d41445e36baaf82a68a7e51efd6f4d9e237fd2e1c00736d88adbd70a1577b6388d5b39e4b9fa52ff1c9cafbb76d702a09d858eb85f89b138eaf74e58f05747837a19056c805193c7a85745cb221636c56844fc0877581e49e91734cf868e58a3eb98e18245ac355dcfe772ba5f5cd3592d2818bae25c1e05bee71962105fea44ff6ebcfa27515110d29c4f2a459d9b566f2823060ee498869b25473cf46005ad7852cc57147d46b448e58bb3266143b357ef7707d90bc39eafc966c642cb5be87da285677fd8e41886e49efacc809f1dc0b82336cb1fed600ec1667d5a43a6596b7ebc5e7c717715923b059364b60b350367b7f3d5a186240becc93fde0ba0a22052a2d441ab951266992973771e16cac5f6625357f1e05429339e8f0b582115eef2dbfd62a999c745fbbf6246d3f3591f66ce51747878cc88cc7986557ee6af008f73c012fc1132d268166e17123cb98d068e8600f1c5b1e09d95c13bff60fdc81a737b9a777c5b346f4f288ae1f9902c936f36bdd64a14d096e8aa9a285d6e3678e403b7e3ff5d72bb2b0e52474f8036ebbb867670fde996dc5e1441566b49e10769de936206a926d5610b80b19412b4688c063a43029aafb257d5d2c587bb2d8277a83279aa2b37595e92699842e07538146edbd1f87783e266cdbccd28fdaa0ce01deb290e9363edc39c9f12e99e27951b8bcc0200fe7b3613cca1021f871437b1de72d300b91c56f534398c6984265d38ef42a105e66787aa4a0df167336bff07181a869a8137c947f76f49b5e36267db3f1c97f79c28c514bf74cd8733fb5312bfbfb91fe72101abc6499661fc5dd9b69c9817a66fa7e2bcb0422c571f2437ffb8efa7d7e3af4feb426fc99d837c9bfb3482d14f06370c7a649f411a87ec6578283010d567b07f515f829cc8faf4c530438c681cea54c0141b6699cac99a3b573cd70937a540dca7812b771cd38ede10e037b2acefc15ba4e799d85580aa95ead2b36fa0d282216cb732a61fb4e4463c5a05517e681250bb6ef153dc414e31333cbf2de2cb14d20cab6a57239726cd13ee0283afaab9ab2ab8fca4bf61f1f3ed300812b648e406e9392de5b677778b3f8be93572af82821c38009575e726abc4b8c726ba8ccb068277caad0f27ec8f35d23808e6a8429e47a13a15a320611ec658b193ad8ad82d5978757f038b9ab347e76046dd2ad4ea4189d1ea39814e00aef7472d290d09d15633cf59f61c15878b56aacffc00174ddff79b91de8c7658985edd1c989502f66ec038939a39edbab7eca1a9dc5e332905a6dd694cc88a6886423f9e9aee526b2e2b2ea25357d028c2582d9dbb1843d69de2808b75e5ee0159aa58b40de15f10842fc8936981131acca8a9fe8371686bcc06df8f15552dc849f33d04aef0243e5f0eb541d4122c09b8aaadbd1678a772e74d01d5a1059f8faba651092cd67f1ab6aa6991b774c97efa27730aad65fb3cdcbcffb4a0e4f9ef3372049461a909e01486d04275ea1f3b19a089c09e3d6e31d33e44f2abb933ccac20fc469c4a95053be6b424b4cab67daa925ab19228c0ebf9fa7b950617c24c92b9bb61fff980c91f7a153b6e5fdf86f0f1994d149194b41b6425368c621c1ca0a5dd445033c95e454e41507440f45198b5f5d5b9c15b16b6e28ebfc6968c007a76a6c191fd5fdeef4f3d3e65a9a240041e5ae60e42d10e1c715885c2788fcfe1b10004806a682f190dab1d0ff280e935dc7ba8bb45edd9742371e31a56e78b43fcb87f6534f0b9ca4fa3a78a091b5e0cd65c59ee03b0385ac5a77f0a6e4e84458fb3e46357554ef312c51ea92fe3af70e358fdf9ed3224015082be11610ab450ad9714dc308768f30f631e69852a364938c383fc74fac44e06d9ac84c31c5378d9cd6b8bb2107adc3e96688ad18646bbaea4abf055f5c0be388a7385a5bea3adb2a411fa772faa2527e0310c7ea202d87cee2e11817c9d021f0f8a22950aa33fb71753d9df97172be511355e79f152efd8aec4ec93d210008064e471d65fbaaa4949a35f91eeb48f2b62924b614ad4e8dabc84eb65e8a168c13a76bfb3a951384c4c84f317132842ebca4fa2d7001a268b81fc0497b84726b49e8aaa854a184812f9143ebd3b5c9aacb60b1c08119e78e5a694dd985ef660a8b8ef701472a1a14c75f648406fdf648868fad7db9710dd732c6efca62ef231739e3b0398313d5ac99766df58feb654cae3ec40257cd65cf9ac1b85459b546fd29e7874964d7429873d727320b259d30447adbfb0cdd4fd2597e4e43324f7c8de14376d296132ed0cb7d0827070ac6a27c941e84f23b9ca21bc5276f5b30b6724db8016066ed674dd104fd81a629023d262847542d12443c878b59147116b5570d8bdee91469d72eb1e4a0e82990df6b4a418af2753094d04fadbcb207de8af0ac068aa0eaddc8da33cbb7e6c2f071b7efca9d59e3a9942d199611688cc2e8c682257b1bff4a0c004d0d12fcef6fd95670513cb9fd7e2cd3de8b2d59ad4f13f296c7ca2a9088b151fa637923d774e469de61d99125476c0fb3283391a4f8b51bc0e2a7367aa78c1dd78add864d64700dd91ae2d83826619d67252abcc3272d9c5aefe4228b1bfd31579114f76ff66a4137a28828ff5594a85e12c7624590c1f7a84521c0e351364b10afa3b3981170a8efcbe6751d9d216450ab0beb49472fcede6dba3f204746762369982fe5ea61aca434506413cb70f38600cc4d2dfb196fd7fe64891964afe11340468a1c2eda9ebd9628f75d8014c17970fa00442574581282abe6dcb01bbf115f452facba3108f3ccde74d1086587cd14d3dfa0a31272a091f3ee042795159247341ad9ff8149e9d80d0a211e4786fc8bd6501dff67dfa4c77e92a59812c16e14844c44e641da1bcb8ddec7df065d2a3929c7adee00f8014a6d142638cc30d80259b4c4292761b0bb1017382d10443d97d4491acfdfc9f673b34789cca7913eab010e629cd1f90d1cb0753c62aa479a956aaad6c5f0e5c02ea3cf43096a5c07c296de603bd9487755c2db31e1286911f07a16a2cb38ba9ca0056988e339caeabe909bc6be93de0d927001fc9606e137dbbdf1d53cd79b942b7dc53b5663f4dabd32c762cb2b5ddab3f971565936f95f519378c998bccbe22468cf1a8c50e04e81a7f10b0ad7e0ec3117ae227952378438cea050632c7ec1053d35523856368cca967a08b2d0489af7e6110058642ca0fb5ba5219f469ec5c8c12173f83d097b9d740fe0fd6ab2113fb9f3d34a68626f2ac68c1adfe6ede0a66c68bc80b94a18d22fecc82f95e0c29ea450cdca65d5d6e96ad687bcefa9973bc70f61343d5d514094c3b8e416402b233db0b5b690761c6c04ae5d868f68c0d737510dedc494ab03c9322fcb3fdf57a9bfd916bf191d844b543bc71557aa3b2e8c3d82be0f0ff3ef86c77b22c901d58f784d8ffa8090e0056b63b2f44aeebdf1c4fb2df9c76e724cc31de84f7e0f3e1c446d1ad00eb207922f785834c2d3930c74dcd28ca457a8f3152b9a4a41ac97c8a9765c3be0a18b5a7cf1482ad9a65ea66037e578ef85912c68b48ac20fd0a3116940f0d33bdc475907c4651212b8370f710f75a039776ce77577d40c2df424eeb02ea188c9b67a65adc83555458d44cd1696a3ff0989b1b44a73465bd8dababf1b3d612208766eecb1c08fda924672b68ca87852eff82d0af444d608f6d971a445f81da8bb29e92790b2b310c3bb17a9c5e348d8780e8a90a849949f509b344eb5ff30044aeeddc4db771020b34129b4bde611d2efe12fedf02864ee8708654b45b46aa3023c97c838a1874afcbf8598c7020a279bbf4be113ddf084fd57fb6e66f16dc8316203dcf7a9e3e9254e3dd1eb8776753c1684ae608fb4317d3a2955d7b6bdfaf5b6581319b7f6c304de4c9d2222699606cb602be633afdbf8d738ceb86cddfc5a17514f2e3de1525d93fc20d6a4a764c806997a106a9f806ffd6c2070d768bca998d900604f0090c800289dadcaab027908382256a8c30d4631be5c6b490006269dc28064aad672ca99efe7f47d75b76895410566ba7360133d3e58d79d00ec8f80f388b025d41c97cc9242c5b9e05ab226c75d3771a02dd2e4eac19d992db13ae729512cc3197b8d314190a7727fe95e63c0fdb19396b60185efce058bb077b8c6ca8ac477d544881e443c4aa6e897f0538d2c8be185ad9b17e2b3497cb8aaadb81b409f61647ffdce2f32bf64ef225cec65cd1f177523c88ce7fdbb02468f92b051e8ea27950bebb858b5935a74ccfaf995eeda94dabfd4da5dc4dab21cea36e6d0db8fa937facaa6d90db9d656955adc64246d068d6f618bb0408df174b616df98b8f278af5253f2f9e0fd43640d04528bee2bfa89523d5fd8d2040a069bb3f462a513aec3aca394d81e8440b1ff8bb7ca2b34ef7cd6437dbb4938f550a193afee48c9cbcc96285a3cbf584d4d4a63fc6878f094220210bcbb42617742ba012c8c65156cd6f5ab17a201583198373aecab73c4731ef24637f06cde1894886fbd5082ce416e38fc743c6c768dde907fe5c1cedf9a80dc2e09b28a24585fa3c1d98b2ddf4f025958b2b1a896825520a93858c39a23f0b51b220cd521ef793a012ab141343f383864e231a5d3ccd52670b29e52014f162c1440f39e69fdfd76f992b1de8061efc77f5a6324c6e4d9b89972d7e4b9802e2542b615300f179e98075ea95bde50ffb2ad9f6dabd80476a0ccab7e0938b6ba1c9c8d58d197bb4e59b36c65a59612cd9e3079fcfaf47da00d57142048e8b37acc83ec53808b624d1c16dd06e8692641ca7a3fae91edd05a28b83d1a0eb3595c3c93847abd86b109f6d33cfcd8b80124fa12494a691d1c79bbb2495ee30de87a1d2759641d4a6837bed50d7d002eaae5e99c262fe4da43dffd2da0b2b73d41b181663add0409777a6e11636e81f4a3b71898c05c883414b301da8936b2af7f6ce53e43744f41c4438017d2897586b39f7df65cb2b447a1d8c79dd22872d4dae539be44b0472184449dfd3b4d52c9d693ae3a688d4e455285fdca86bf4db0160f8aef521dac917f8f7760b4c367561e002be361f8d4a4ee49fb846d1bc8734374b83f958d28ae1e9409611e846820ddc295d4f532ec3c0c784953594b403a60d292688e3ec7bd1157d6f437ffaff210ae35735cea1d66d20797e87af173fee685b3563a703c93528670f840e61c8752bbb03f9d7577f0eace0e496f1b28c341535249eb1b5e6313a82da024ee6281d1851da20f77f85e0c57c3769f28a1ff9b712967577f58ea3af5739d1be98c7309e7d9dba2ea255146c1de5a89ec6f1616b5d7d54402cdff86ceb43e66fe4c1f766517fce054dc80da0b8e7cb3465df8a5a5e5b5f6c990dcec2a3884ee54f6b44313e1bdfab126d50024b483cf0a1cfd5ab2b1b7fce2a196a50657d755a49e9cc26f683d910ab43ef69028bfb9785d9b56d31b4df0471ac42e185b2645be5ff7ab7bd9aa613b60f5834504cc0f6085a746f9e6e6c893acda298371dc0527cba21a3851fccbb2f5ac86c9f159cc2ca9201045e0fb889ce934f57a0ee691d6dfc4ee993342c3d658310a03431c765a2ec3317f483d886f1d234f44717aaf04b14b90df83dc36e61fcc03210f41d06dd7160cae190a059ff35aab186e908d8781d84165fb6905e95d293453ada0b71aace5df467b6e565060e65b3d951b575294604b10d8111fbd2fda693280fd8d4a0c3489839c7160fdaf44c888d08be9c374f8de8f421bd5eb93d4bcd957e93795923865d48a1c8b0ebaae47f240fec0a4634b72048526b649a6d0d10e08441e09a7adbba1e04c887276b80b493f0f112ac4d97800b48ebc9ce5b62d4eb8833aece52a1e5ab86cf53a21324019623a6c3ae5344f6406d90f60275df89b52e7e1a19517b41a6854752c0e2ab61d308005700", @ANYRES32=r9, @ANYBLOB="04002e000008004d00", @ANYRES32=r10, @ANYBLOB='\x00\x00\x00'], 0x7}, {&(0x7f0000001900)={0x144, 0x35, 0x300, 0x70bd27, 0x25dfdbfd, "", [@typed={0x8, 0x54, @u32=0xffffffffffffff81}, @nested={0x12c, 0x1d, [@generic="a7fd8372372fa2456aaaee87bab685c92ab74f4ce7372fa370f2976562079641134f0e86a631f47a649b594f7923e31bdadbba05fec4ea40757d1ce32b0de910747dd0c20b5bb76a0519d48ac2c64d9f129abfabb653b17b729cccd06c315a2f9b3364e1fac0cc7915ca86665f05ed4c64f21880255582593e59083591b426", @typed={0x14, 0x69, @ipv6=@rand_addr="f26c41f965b087c139e41517480fabbf"}, @typed={0x8, 0x40, @fd=r0}, @generic="be01abb0006f6cafa243fcb7c13af05cd8237005215a097c7e878ac613671308", @generic="c1fdb9747c77c03c67d1fe65ce8a0e4defbdd305334e4ceb2e4f0ffc4deeb1928a3a29a539228f58765711acfcf6c5d329e98c11764f9452d866051618fb74395559992d9c249ab841919075f0a5d505ccb9", @typed={0x4, 0x86}, @typed={0x8, 0x2e, @fd=r12}, @typed={0xc, 0x0, @u64=0xd5e}]}]}, 0x144}, {&(0x7f0000002040)={0x15ac, 0x3c, 0x100, 0x70bd2a, 0x25dfdbfd, "", [@nested={0x48, 0x28, [@generic="8b45df8360db4ac177a41fe40292fad4d0e9a284eeebd569854114641f275ffc5286b0c8a5a5f7105ce44b1856e56cf66ae17af453288a", @typed={0xc, 0x47, @u64=0x4}]}, @typed={0x4, 0x6f}, @nested={0x2b8, 0x87, [@typed={0x8, 0x6a, @fd=r13}, @generic="96abe80a5870ff4be800de2f8b6da7f0a695c966b814791f521cb164de2a9e8efc1bb01125bc5e2c5ed82ecd3106a66065d0225c7b88909ab08492665f6f1016a00078a276bb0a79d2a6652d76c8228b34b0b7dea1a88aef5c2135a3196f1d3da19059b2ffe690637c0f0365b27dfd330b75f108607ad5bf036f2312", @typed={0x8, 0x96, @pid=r14}, @generic="8ae4459f5c6b82dd0bab786faf7ee466d1addb92a4db5d8cdf312687c6f66713d8b859991577188e2bf71774419537a8d977f81e4ec79c88c078a90db7ae22502b05a3929b6f28cfe9993a8c41efcb670ac02a9167d04c604810e66832035bca69538b7c2387c2dfdd24be3ba0e83080531869379961cde36e441e1ef7084892bc15a2bf716ccde73876603e36fc84a9ec5ef95cb1ffa16e91c191ff51aa4aa5f4c676f8dd457d24d1c6e391c93586e31dcb8ec202ed225f9cf5d82edec339acfd33afe3397b81dd60d03fa07eb9d74a76ef91e302", @generic="fb4be482bcb232da83ec6ae71946eac99af2a0e703c28530364c47c61d2c19acc8a9e2e38cf8e7e9126180aedbf8ab71375bc271e92683ef032f1b0420313d757b2308a92d1637abca26e8e1e8af52e3c0f74425ffad90986fad7441b7010c8b0ca86375f7014676813d7d1e100014c25f99d35a238edf1aa7a3fcdb1de14fac2fc4e4fb04e50eaf6a9cbbfe625173d04f34e54fee7418c0ea90b2", @generic="378a84831bce97853449d739845fa17bdbc23696cf86129ec46e5578dda8b09e15a7062dce07b06bafb854ef5d822e17dabe8cf0daef438ef41f305372b85c92ef9c556145757ff7462bcfcd251f55bae154dc32a0c138373438f8e5338d13c5e928ce0666080637cd5069c90b4348e0a8dd2af7679594e26f9006e1c499b54b4d912900c2c2437f4b15cbe6d1da2d7d9b2ac269aa5a8503b4f163e407e5dc51c1cefd6b0c7a508bcf", @typed={0x8, 0x7d, @uid=r16}, @typed={0x4, 0x82}]}, @generic="6f734e234637100f82ccc640fa862bd083e74b7470dd635ed150cd", @nested={0x218, 0x16, [@typed={0x8, 0x6e, @pid=r18}, @generic="0036632f6068707330725c0ae454c97c13ac3158351da130386387e833a25307db2637d3f2f466fd6a8542980dde319a8ebdedf81be718dc73740202770fd52c581bff2934df840dcd8f3d577c013b28540e4be5295b86ebabaa9cd87e658aff4a93eaff1603e25ba2468aa70b2f6e7fae54b83ce3e476ea24717d3da1e7052c417a98287f51afbfc8d59f9aae7ba7b60d5b162508fcd133af657b531b2f8eb6139d6e6645b0ebcc8b7e8afe313ee56d4f92", @generic="2e33a257abd8ffdfb1896e6f07a5139c483b64a5dbba30dca0cfb937b5a8efa898af263ff04b26f7bcc40cab4d358b8336ef855dac74b57a51cb47803b4ee1da9f0b8374c36033a04d5060ffa21069c422fee553f982af2d2dd51f5cb681ad9473a7ff29736110ee982652da70db45ea6cc878324894ce21afb456e1868b18318865bd59de6e0048ff141c14125a4fc749ea3ff717c32d45abfdd85b1f35ae6356b04102e9b7d2ced972e85ca8bdba8a734a2f9eede21e09ae3fe86b0595a8f4d24a6574a11a89ead912ec6cebaf81a42263b6f38b6799b4ce6fff86ca37", @typed={0xc, 0x58, @binary="c545049ed17c"}, @generic="4a2ea8ecc0e68aaf898b5ff412ae8e750d10809def757cf026b995e690a8a807ff77c84172e6f0b2db2dd685a5a9f7717095d2e495d385bb169921376d4445cbc9c28daf55ea5cbe90ed329abcb8563b05436c48ca19935d783d65204104a22226935f973108acf8bb300cfd30a6"]}, @generic="d695558d188881a9cbb87826f5fcb7bade0f39f62dd62f93ad7daaf4c2915fdca6dc9019e49bf9c574f642a63547511d60549694031e237813ef34c8f29e3abef2ed165ca979145efe0ebf4e9617d3c9e1b45ef49b27975686958d00f3d82ca4829226d615c15cb51b0fa3d8889d5bd0b5eab73927671b73a1a959e3ca68bcfed62af58ddea889fbc81a86f36c1d122d23e124d2baa442ee9a13eab6a60e1259f5d944c43e4b15aed31f4af328b171d0af560a45fba4ea6fd40d4d23748c1ff123e9457f14cef6df1da86fae24faa731396a717e444f2c7124f4385d754017fe79280803701aeb74a48aa0010168410791c2f746fc5778cac7cf39471f32d5c57e3e379611b936662b38b211ccef0003b2b14f856ab8583be0816068cf8dabdef9cf5a5fedea9b3b3efab33577f980e43a5350469435674045b0442381d453d49124b4c935516f8377b5009d8d149d2012eb6fc58ad64f34bab5906de20abed2f354156ee2344de930f671d3ea60a0a4d6ca26f5f7c575b296a19bbc0a100318299458b882277c3888b304a8ab1352fcf6eeed23d38aa66257e7503457c3ce542f0d99f6a193172a4a42d0a4411a5841f8e3bb63cdec8bfe1ad9b4f3e7fbfcd6445171942fd4b7d6dcc0bccec797f0d5e5ae50de34e33df565e7dfad3c4450f918b4a8138509943110f571ebe9e48b46a665e8ee8d20a476d3989c4e8f767652882fb16dc2ec7e3260ae60e1ef26314d8dbfb11d87c395633db1dd5b083e6095d59747230b25cff15d18efa5ad9a566d6ca92445bcab7b886ed9b66b8cb2fec451821d69d9f1aea4a566f148c5a4fae6342856bc762d0d9f9074e5a7622c2273b56879884d0b7f1bec32db85699ac49ce22d4a434412c7fb67daea33644a3d478067e40b90f08aeaa8d848d0035b2d636cbf295cd6a69f9028bc7cf647e5d244ea0d4b979ce8e8a4711635e64b2a8caf088d01341e38e99dc0d842c47c6dbedbd41fb9d1252aa2a60dbdb23c9042cbb2c0fc8b98fb4b48588036a386378496c600db3c2f87bede050febdb4bca4e7174da3d8762b8c7f72f44faab18f9fc3d811feb29273aa3ce78951e8bc500004726a89374ad12ac5c533fadd1d56e0e185436d33fc6eb7da2b20bac5f0155af6f990046158b733796f3e6957565e6c598cf9674ad955fa8201f120edab8d4ceba908648c81ac152bc7574dfad107a9b6979256bbf6775ac9438d74285b297622fd52505eee340a646609c4d9aab131478be6b3d8d382edf4e06f51b10622ce42e779ad0ad7840f830cf9aecfccaa45630bf8721895fad452a17452959090ae405e53059d3d56dec1ca259028417f109fd80031efce4686b22199332ac2d241d1295a6fb14b0969bdc3848a87abd4d945bf54618b40dbf7784d10b84df4e9a89818cb4eefe10ba2d2035ec6020320e98a3a181733328f6cff24271159fed32513e3664db4ff714c5a1e8514a1273c0fdd78b771927a482c9833913fb7c996c5ee3fd0387b173a92973089aeb5a9b45a6a8874ea95a9a940868a7e858815f49710b3f357f633ab5031ff4b7af5d6a2f4a2043bf38b68b073f841c24d5c19d37ace8f739d689472b0a10d2eab59d8ef0f7f8056c6c29f9081097a4788cf248456982e468908249e4a968bcdfab879c152ba980f9b83a866aef9cd5368c35c16f9f3d64e8dddeff8cbae5ba8c2bd1bc352d58bb4ea9e121e1ed0709d53588edb2b5a6e0ad4e6141f630678af47e651077616492fc8a06a4a02185851191797e197bf7c8b570758bb45f08ac8d877a26346cce6b9aff859bf8a2d2914c22476b5d9b47ab2f83a85161e06cb31bb4d91c5af12d12551dad7421b66caea60487a3b58caf978802b223efcb21046fb782b31d0225e4d940b73931882e82f3753725eab71a83c4d60c12628c37ada194717a5c87f22b2b5ea69ddd847cb41243745e6b7671c9d634e5c8386392c3caf6aa2fab50011eca789c75c5cdbd1c7f49b7f33d5f90f94c82f89d319f047e39eef1d80dde3918591525e2f104c97acbb9645b6ad0bc2fc9c2d2fbd9266511b5e39cb05cd91862d0a84553ac21f3bdfd11de681e65027ec13c8c22c7284da4566fe09b022b74121d3a878f2044365ca504e092f5a6d8ff63aa03479dd1f020720d5c1dd5493b7fe93ecf22d1de764dd6e690850b3a52fec46dd5f38714452b94d03a38755b1c4bc92b6711bd84fa00e5c7e1fd3a6c86d30d69cd430ffeeeb45721c1d5371181f6b03d10729b749c2d884e051c3d9f8fd9d2d750716752be1be313a846bd8d589cf7f8fe02e254cfa9c24181a3cc9bbd56067a56ba637e6ccdff24b6355b4202e8e3fed86891bc9ca5bf478f168d8f4e04a67cec469e38d65707d9e5fc99e6e7dfa2a61c8ca59a46edd7bb4d3b4a191e6e98bd50dae610f9812a292493a68b137b677f4ed93a5d4389e67681d45c45d051395aef705ebcf3dd729aa0ce5f176a6feaea3695335fccc63049b82505840fdca2a0846c39890115082da1f6be9e26d2b79e316d3639a627aca8cfcbbc12ae235dc73e5cddb6990279a7a2c6b363f5a0a8a68eb6e08f1e1a611cbeecee1c3bca9a2a6c5e42250eee7f4ad7595e9eff835e140e6e659583ff46d09fda512ed9376625c8c4d2a32129b403743a890b0a29d95773491339e40a3d2a7f06e20539871fa04a60e34f07ea5d9b5ddc95f9ad1373b3ee7770cf2d13d287c76cc20bda8aeb9521c833b3c00b5c41fbad19b37327455db51ececdbac9cd3ffed0b4b46aacb5aeb97e19dd47e8824835aac33c4549cd3e5a2e5e62c50cc49f878f091854eab04d47863dcc210d7f90a52c245d649bcad6cfb43e1cd97227298dde2ef010b7f1e287673537dd06b42222c6043f9d69f1c78276710304cccf6c890cc67aceef958a990a939b4b5c0a49582ca4d5757fcba21bea7ed0749614570fc12bb6e1b6dd35c856df2e33758a41b7c017622e580522ba8da37881b4f360ddcd00379e632e615bab3f55b6f60da2ee74248cadc376364899a349f1f71045898074dc0ace97ae4afa5e596578db7763f461ff5102b287b108e4dd4fecb13e9897491ccdbb7c41f7fe755f848534935dff7d44018bc7fb08bd3ccfe0485a625e384ca88c46fe95ce1c708de99edd7686bc5e0c5061a5b4b19bd3e886092a04ec024581924bc323f8beadcb30c5307bd4e3d20c0037e888b6d942d972e0550fa633bc72620a17b61c6eec1473e14c0c2627c416d0b25e0e6f2d017c25b4c1015e6cdf22ae352642a269876a842ef5f4002f97d9f6366fe363d467d62431d28b1eb4717427aed9ba127aa771ade630b5266fd99625cca113cafcb5abf464be4267bd45273ed0f8898ef416a48e8ae195569b6c270a55015fce91e5e67c639edc6dab87d2af0a8ab49325503c4c6a9fb30b3ce36a7db27526652b8a7c74c6949a6451119dc9ec2d1fe5f32df3cccf378898f736499f2bd08aaf5c94f95eca56d46eae2d567b68b090c0da605df9954ccf9ce74456d2669d71dee256549827c95c7c68c297947002f01494ebdad2e3a488e081fbf39406ffb29b698ddbdf024df8e797eeac96eccd0a51ea8d02e5cf2150bdbfe6309aa767cdd4eb3ba7de41204adddadb2fc38561178d890b4864a7fdf6ab22a8256b7b74817000cb4d7649cd7d830947ecc3a684b76aa0a189e4a4c178b84311d50ff185a86f519680e4d410be935560ea4d16af297bff3392b1a887e1086cfce39030987b00fff71a715ef66aa11c163a179fdf9b6a622c304287adf6081181fc527baca69e11f5c4d260c2af7536f2c5215ae73e7c445abdf1fe084c5b7bb33ff6ce0ee8ac896cafa7c02f1456982fd4accd8d2b36efb24bf06c6c4548923adb19f19ff929642352550adbd54f11c34e256a15e86c3d3cbbcc739e2c51de67149a47f8b4f8f9713ac783223d1f2a9dc9af1147f7b111c811601495aaf864dbef385ee8d6c88dba6e4b3f31808809687376983d36e944782545bbb7a6063ce72c91683a12b3607191528fabe9f8f1a33b702f9f6d3f1dccfc12a7c5a26056154823ac2f3a90ad7a146939b368ac75b674df27a7a2165b650a6230e137e5586b309dab251f567d7b584773aae64ee88eaa19b7733ae487697c486752f79a38f60c718683436fd23951611513cbab7a86a8ab2b36bf214683a2ab0316e91e4ecd1892c26eb13a31f04f22b0417009a1a3f20fef589cddc32dfb39895585b0c2bf392aad2d5cbd1bd52fae8f48d9f0cf65eae5a4a5321e7aa16fbdf4bde612337b41009a907b14f6b9b082610e027e627b3100c766dda726ec3e09fe0cba3556743df57f9bf753450b27dbb7e8045825bb5658e9eea9b028ebb304970ece67cd603bda140a1c194099104c0e18330fc9d37b9c93584ea69e3b4475f6178c6af4e4384170e13bd6cdf8abfe60a0ac394e03ac34f1b780251eb060e38b89712892a5501b47f47c8e5202434b827abe11c0872eb6fec3b2a861c5e0ff44695608f70dfa268e38e33ab0d4dfc616e4d600e225bab3f53dede4115b1ef6238dcc0fbd4f969930d3a510b8c76777bcc1a93e7f391a2e42ebeab16dc4a2f8aa924add05853323a76a589cd5dd9f5930f3f6a2c6fdd6d80a4897beea4b18b75c8651eb71ccb766924b4443143e73d07fa3321d05f99d9be8d90cc06fb4aaaf8bad697e31a271ff0faf136714d693fe39136252642b200b82aad1e70690fb9348fc31969300d548f7e2180dd47b40bddf6d5ee02b1b86a5effd775955fb6684eb3b691176dd6ec29447514818d902c7973437b608be93498967924c9fde59c0940a9811143e3b0a1cc77f0edf8cfba0140b127a90061ce9587edec0067848fe022981faf9ec1896f010771219f31770ab2d6247ac327e29c6fb780107ace7868bb8442c162b4866e230ce9b5f25c458aa8b3941c5312fbd40d3ea0176c2299858f3a601a9b0d6c5536142672dc60b15a290e0326bb09eeb96e24fe005512606ac278e2f98d36f5c5c4db869f83bad2dcb2831cc721977e29c526c8bc7b6ea77e668c281ea1d8b5f0a9a133eb0bed75bf1fbb60a2124b26058ac8dd6940f0f1d53bec325129d56ce38de68edbc353f8adc21ec01fc7ee679ee2a0092ae4438347bc67f915c6d1c21356a126e12067ec793eeb9cc8da7dd352972ef783456e301d451698d2a45b312e581bbd857c6ba10a89862bdcc6b9724f9c578a8f9929093afe373dfdbcbe031f474981e5a17c4571736384ace7489acef3fb7154d5d680e873798572be474ee0b01d145f9b2ab472637f1932fc35f3a1e6355ec4bbf084fe21bb3cce7164c77b2bd613d04b90dac1316056789d866d4890609a42d0ec6507ff999d74066d62c237a1cffb5e5173cea822870545386649a4a31cac41732d0bb9737ee1c08b3a8b6416324522e2da63890a741bb054ccd4bf44b800253b681ed3bd8bb8f55485acbb14862b43369401049618a23e8766017d09d5238d5ed9b102e0d5ecdb4e479c4336e14d12214b7d8aee3848af90804fa422b8123bdb60974fc6ceb6efea7ede53cd9044ec8541c1437a4ceb94b5035bdb768c169535a020dda2ff6bea2b48e0612d34c233a5070000dc39ffb6270d02e6bceee1ac09cb0928048af283c371ef34187cfef50250043beeda015bf2efe569d4e712453733f51bf4905d26ace7c019d71347946601d5bf49644d304ffa5f6907d68b64cb810d59411fe54a26f57e400182398447e717de2414509be8f9c289c7b23ac9c6ca2f42faf3f9b9dba6995", @typed={0x24, 0x1d, @binary="4cc6f47ca142d9e67cc68699df9250f291cba02f8d5b79470e685911cd6d44"}, @generic="de3c1a914eb3db3a16679e79fa5d9245d2adcf3a968ee503b8c342fa7f78459780cc31be35cbbc99fb209a30cea21658139e0d80db3ffa19a7052a078e0f205f"]}, 0x15ac}, {&(0x7f0000003b00)={0x174, 0x2b, 0x20, 0x70bd2d, 0x25dfdbff, "", [@nested={0x150, 0x44, [@generic="cb367f9f200c1783a63b41dae0f498872f9e4c4dd55605726091e3b9bc25d351f952ac4c18e6c8d113801276a637df641bd8b47c1671698ec84279456bc70ad90f01cfd47110b335f31a8eafd8807aa4d0470edfe073de4e5e969c166681015306a816396d2a7ead9a9efae275d6", @typed={0xdc, 0x67, @binary="cceb553050f8d951f70fc1c1136cc378b1dddf4693f428d99d9f471b29586554a6383289880d5ee753aba5aeaa425b645858194633cb172498900fcd4de3f7df1cdf9affadc0b6be50fb3017872bed4ec230551164f962d28cc7dcebd3eee3a408ea8e832ef57b06e2dee697e3587a2ab1e1d4c7a27d9ef6f23c61809fe26f315ab177ddfbe444ef653258a8e0581fe0d6271c76a4a513467919042919151c7ee866c2fd9eaaa1fb2c0b37bbd4fef2579d6be707857aef6531f67b056437fe8ecae9d3dffa92e271f608ab3bb825f895da16c668a5177ad9"}]}, @typed={0x14, 0x94, @ipv6=@local}]}, 0x174}, {&(0x7f0000003600)={0x498, 0x24, 0x800, 0x70bd26, 0x25dfdbfb, "", [@nested={0x338, 0x5f, [@typed={0x20, 0x1c, @str='%keyring.#lo\xbdvmnet0)system\x00'}, @generic="6c3adf8300d47cc5e3a06e0c5347cfab6a084c8d48016f89881c9c12b329f850634e1f69f0040a3c8e2a7ffcb21e18ce7c9e8f12326364d591974f8dd4502351c62436b644433088a2dc9306956b37bf12e4b51d01954806c2fe9d083160b1d0ed78d8eb11945ce8333ea033e1a9e8a73f7228bb8b694202f7b752a626339947dc34fe8ccab0dafb666b23cb3d8eade7157ec112b36f0ecb88d8c9076bd1341fe1d3c8b19c7f9856c313e2b059bce4", @typed={0x68, 0xd, @binary="204cc9839d65140d8f0b8e2459db91d808a0544311af9c18fd6dfd16ae93a3e62c656feacf3a5dfed799bb52bba8e7d950c016041aff6448fb052c48b807c610371c4c0d4e8f117a0bf746e66a26ddcc210d27f103021c2d1ad47d7de249531cc7"}, @typed={0x8, 0x29, @uid=r19}, @generic="27e1f2364b64ecece3ef7fa2387afecd9421898f0f5e8a6453ba012c97a43985a209c4d1fc9b94f5c779bced03627739fcdbc69a1b67a6c0e195102dfbbd94bb96", @typed={0x8, 0x0, @ipv4=@rand_addr=0x3}, @typed={0x8, 0xb, @uid=r21}, @generic="ee1ef0db3cfc25e15999e3cb1eb28cfbde1e4e596d8880a651d1322656d3ef742bed76fdf6e1078b1ff00adce093c920f5aee421c26955e1cc6195744d148a6af1e89be2ef77dc42be6f25dfafd75edf45ec6c51e6996b4cc651cef5b765c7b284bf8479d7b27f88d4601da98099e46c8d0f9d43332a155c4cbc2dbf50840bbe0e96784c92c56f46348f784e59ddabca56cbcc2e58838fc08cefc4a388b4c5fc8456a67392279cf045285d058550564554f766a950a5d1b39ec883bfafc06b5e2b814c393fa0971270eaf0cd88dac597f47dcf7e2024427b8d41c385b1b6838ce457", @generic="cc991fc924abea23f32e222e2cb6db6611fb06f7ce4ba1425e82a123b428b280ae4f8ad649fdb18577390b", @typed={0x94, 0x65, @binary="1c7690e1ce1635f031a69b44b2b244d16b0db938683f4aabbcbe1195ea68397853d6043fadb9482c7796d4ca715d6afe0c2f9fdab48fe2371fd04b1dd9961d699f697316393078080186c3485def3fc3fcbf1e264bf524ba480da8158ff3b3401ea7b401e623c4fb7b30b4316c8992ae0d2af3a7f66ce7cd104c79acf588851ec4718709aa9360c8f09fba70a400de"}]}, @typed={0x8, 0x48, @ipv4=@loopback}, @generic="5e957026e13e1a3a57cd6b95b98759c4d3e6a1d1e762f7c3d6a50ba3822be8250d25650968fbb70b60333e5b8130057ffdc17531c64c846168af86e1690be32001822ecdf5903517b65a717c40285d86", @generic="3f33c2d7c736c33bd15539019ecc8105bbe5275dd16b9b0a4c1fe236acca6b8c75377aae62dd4fe51e371feb839cd0924b1b3977e24c449d0c49ae683a5060c3131874f56c39fb223d8a94144296c0898b18bda3aed2125ccc70fe332f0135be1bff11174fc7626e0e43efafc172e953930d9b76e29ab83feeafa1aee4bd1dfe3a7e22dbd1a81d3d9a0a1339eb27225b3e7d12e75583afffc355eeb4f7abfe7448e5e9ef80cc19d73826bc6b52ad3f8722199450acc8cd50ed1218e8d76d07160a0b4ecb2ad89a0196ab15d415f2923607dca627e6a1133101d8e760779d5c7f42b4325183d88f8bc2eb41bdf443a14a2af6c2d1db08"]}, 0x498}, {&(0x7f0000006900)={0x8b0, 0x30, 0x100, 0x70bd2b, 0x25dfdbfe, "", [@nested={0x390, 0x17, [@generic="2e8e9b70786f4f1d42f9c35e068de97bb2b757e90f2e87f386793d68a39827aaae0850a63786f1a32196b998aa95ec7bd18c146a5e3f474601c524a8d47c7a261019aac3c34c78c69fea154707806dfdb3c0f634812c7fa38cfc4de5219f59c9d5d817da273893213ee8376a08493ff1080c687d37f756c235f30cf41e7554fb1c9dec0c1e9715718a811661f88152dc209615fb2e4e6c5dae6e0fb90bf4d575667c06cb29f614bc18f02e12c6a6094f330234a782231d86defe498e", @generic="8cdef6606c7e3c0fe389ec48921974784afb66eb2006c501f42df6e2072555436fd2c1f4aaaea1ee2deabd3e753cfae9f5639ea7b99a0d8c2c33d0fabab5f84fd8a407518db711f4a372db39887c0edf463d5e941a6e3ae581e48e7d25c7b513cae4bd9b77ea925d55e816af541efe0aa3ebd666d642d37d30d6e36d81ce6ed1bdd10a8db336e044032b2822f5146f87c745f24f578d2ed8eefd1998782457668c35d3ab79d151becbbec5732f31653c65138341522a88fba739b3dda4a4036b7d7b9c21aa13f881e2daf396bbc630d1216b1bd01b0e535531719c9965285bf061201045d66d18a2ff6b4ae4f153", @typed={0xfc, 0x64, @binary="4f3a3accffbbe3e4a35a463c1fcfa57e5b03f0e59e11a4f7b1e2ccab58187cb058c972dcc85f324cb170b7d13dcd454d240dc1478ecff2a53082eba9cc17b6b7f8383888694dd7fb7fa07973bdab2d449409d9f7e15cc82a50b18b68c82b13913658a52cbc610c99a1317e1c885d0f841077a660592da3f7c1473f0da6f6f19bdc7923fcdbd27ea820f1df9e8ce09d1f34db67d1c6953e71ad2639b37941d0ea2584a844fd96ff2bb556e063c8c7dd4c1ae7c1789e050dd218448cbcbba858444445fc2d17c75810ea6e632978d91b2b1c3df24c8839907f3d0990077fea5b3e82a7ff9b6b384156e23a16de93678619f51b87e3a1"}, @typed={0x14, 0x36, @ipv6=@rand_addr="fbb82f0691ad8d099d3ce153231d6734"}, @typed={0x4, 0x5a}, @generic="68b44f10e403146597144eced9c1f02dee3bdadfd48abe1fca89d68782d44ab10f6c4785b3008c39a3fb921c7b52c5b5c1cfabfd67e5f5be77c46a7a11ec9f600d577e917e043d1e965572e023a6e969a333cad5907d5db551b55a5d8a8f47741ef637361c76f36d733e8fff7d18634573a06c86b462fde08ee1d3c9ea180dfc4ce79f91150a2312079b2e23a1f763c56c1eb9822a4d2b71cde1cf857b89bb5f20535494a14af848aa6d8ece6fe6b4fcbce0f08f463012569daf65109a9a4d9d1e5ac11a5ba130968d4c8df9"]}, @typed={0x30, 0x52, @binary="72cfe9664a4f0f56272f82d521f5e0c8b322935268ecd94a55084612f8e6043af71a23a0374630d95694071c"}, @typed={0x4, 0x72}, @typed={0x4, 0x37}, @nested={0x1c, 0x94, [@typed={0x8, 0x8c, @u32=0x2}, @typed={0x8, 0x49, @pid=r26}, @typed={0x8, 0x88, @fd=r29}]}, @nested={0x3e4, 0x58, [@typed={0x8, 0x93, @uid}, @generic="02a0526457d763c8419dcfc8cdb59763eb51f4b92d52663ffd0160b20de0e28d852cba06a48c2712cd91eff138d468669353e3e92fce31dcc3093289a23f2e16a3695421c4e72cbc6aa02ffd61f0e395abf5bb14f1c7f4a5", @generic="75077e36a98bdd9d1b45cfb9e0552e119842f600466bde37be54c8b42df4fe8d08c90595c5b0a7698ea26a3fbcd0960dc5e63a9aa644bbc2932cd9a2c6f22b3504613ee277c5c0862f113481a742dcc6fece7b3158a2d9770a71c1eb99b29b17d3", @generic="ecb0d3fe2a8c4df2ca37fbca1e9acbb7ce43ad7f80bcb591545dd48d45e30a82ebcb996996b9262e11e7bd48f9604dcee69915ae620cd5b86bcf24e93f2dd31d3c5bacbfe76dce382e2a9d42f081503c66f9143e0ee05e23a1c7b37398ecf8662e68615710f3899950825025250f458de40581e6984c999f1540056f513c9a886cabe074b8d8c382e12752fc340e7a53ea70968110be35ef12c52f307eeed6a5652496f8a18e600f", @typed={0x8, 0x4c, @pid=r32}, @generic="e97a0dce8e0bf709da2f511c02a57a1143d5728b66dbcfa37878232274f0345afd65a388827646738c7354070508b4cf99e5ab161b2936e7ce073e4040a422a1335c44bc88412ff9bdf03d8d9eb3a2bccfafedd896ea", @generic="87cb4415921a2081dc44fc0490f7353a6c8486695f5c3f368dc4a85b97220280eb1b7e39570203234ab36c9e84a53f8d0c9d76dc985004ecda7ed668275f1289280293e498a7c5b22d7ebd95cde36e42884da86c6b376481daceae9a1dc3a131e0db37241ecd23dc74011ff611a0970ab48aaa6b025e550a19f643b6d63ca29be229c563b636167c27c45b37c3b83b918ebbe801043195d59c2570bf91e48eb00d64d2de1c6e3763d3fc1c64eeea779d39fecd598a47c40d226d921ea054c33a27bcf2859882acae91503db7a1587dd05dd76cddd7c806a01cde9bbb44e3b3f5e429428d54f9a5e100968629563b60e79592e1f14789", @typed={0x14, 0x95, @str='/dev/urandom\x00'}, @generic="c07d62fde7f83e783acca8d58df657afc87918895731ba9660afa354c7b10d501e40763f0bf09671386e7fd56f0f6138426b5065da4409f39cccf21e33cb4c8afd9e7e25eb8acf5cf312a1086322f80add0cb516afa281209baae99635d913e1028e5d5357637cfeaf677c2fe7769b380e1efb74382ac1c34cb54c11a64d9b94fcf092f9738c2db4950745fa742bfc8a2be01c5101e22f54d80c833b12c4f4929bb56ddb1402d66fd4292402a37e73e4d13d478b37a6bb12d548c3df3b70844348e548bc6522605b6d3950c103e293a30a78d773b94caab845355cca2788b3084277cb19", @generic="d730e234f1222b4f2ddeffd312a2164ee1943465442d79602e9d72ea86c39e085498f067f16f77b92ff603"]}, @generic="4ed40e1cb344ccf702e78b09c6debb12daa80109ec22f85cccbac220b8262156261acd590776be15b0b383da75c89521628539ed59bd30acd17fef47cc4d6bfd81749eedea9a6c4d79b5122a5fe9fa13b3327855d6166e1c9e386f21381c22fcb2fa9e00305398ae21cd9e3b3168aee1d7ae6703d9c1e98882e6ec98e8cb11cfdcb38cc71f30478d58", @generic="de0d9b0e97af13c31a94d1e37e2f2cf61c903c8aaf1f9910060a0039c79d4107adb248ab2eb75caadffd4e89a673e29952ff3fff1bf89dfd091b7a876698c9b987a09bcff10f62f4d6c318b2298de5"]}, 0x8b0}, {&(0x7f0000004300)={0x2a0, 0x35, 0x20, 0x70bd27, 0x25dfdbfe, "", [@generic="18e23f5d17d31824e4f5103cdba594a41340f02c8bec101c38d5d9af92aae2bc56ce1e8cb4ffd04c3be921b46701b8bca7807c552d409d08a006f73cf2536ad8937ef19c708dac324461b63f6caac934633bfaaf6a95bf", @generic="287d8b43e9402bce499227f92add202aef57b0977727129323330c8005c2a70f5a100a8b9642f2ebca4a33f5f8f4b5d40de38a160db69b9f39a79f6827946a8563a2b005f5bd3d8fb74bbdadb1caaaf76032ba5470e7a006adcf018d35f277d5ffab600222eb726cf10411f6f1a39b253b6fd22b4c72cc2dd08ea4430390a683f0c4aad6d8a27efe46e86e7811d6dca7bb289a0bf428f260a3da398be3921738e518fcac", @nested={0x17c, 0x38, [@generic="4c8d3b67fb7a783dac9768941b0678981ab4b3194ef0bdf93562e8b638a4ecde1c275dc3573182a64f6ee8f1f3778a17ffb33b145bd3f66111899384ca81003594afdcd92e769cd3898dd87f1baafe91ac43c07f538237491762ae61b72a4a2f32446afefc1ad4cf537f4af186aadaec0f0fd6b9ce4e2c607d3b833f1b735b933585d221b8a57824b7a4f126a4c634c454afd8810a380f3d26913ad5740d1f988d0199ff087070080d21d31cce69e366816ad6766d999ba5aeff5425e41344733bdcc9b103c221d3f4dd", @typed={0x8, 0xa, @uid=r33}, @generic="b871e73a2e110a030349f5540cd3b2452b477fd712f9b4e1438b1c5ab57aedc6aef578382e47c3b97e6a9a514878639f8c7a671772163bb5b2e21b819f4252a2554fe8400020ed0b2500686132d17c343c4d4d8b37910c305e81b5f5bf497c41860b4261d82eba43f8f7975185a8283f4534f110b6f9ea5da5fc6410ba3a6d52d76493937364d50372ca9a8d03fac2dc272655ca3960845250962c70cb8e5411c89360"]}, @nested={0x4, 0x4f}, @typed={0x8, 0x63, @uid=r34}, @typed={0xc, 0xd, @str='ppp0\x00'}]}, 0x2a0}, {&(0x7f00000045c0)={0x22dc, 0x2c, 0x100, 0x70bd25, 0x25dfdbfc, "", [@nested={0x12c, 0x55, [@typed={0x8, 0x5c, @pid=r35}, @generic="880109515c2d0bd6c5199d3eb25b524a130b5085539162a1013cbd08edc59f26dd1c1a723066ebdf4b27d8880b0de00e596250dfa9d4322fc58c50241021c3b3d17c6ed5ab021351360213b8aee4c31dd3a23509ce86cf5eac44a90cc5a361846641abed85a43e0554da7d381934a4fa81fb87a9520044a4f691f42f23a865acb77a2ba56aaea4028ca379dc8c90838cc93fb08e49a1af794b69e189c53f7a8d5c9f158b959420ec9c38d4", @generic="9fcafb5aa59dc20bd87a3d6a0c37f827", @generic="34af77f7f88a43b4acb6e26d9573d697058ba67ac4d3237198cda4cf046fd73cc6958447a6392e444ce4e9e8f489c49e6fb096d31ec238c77fe40615897c57ec413012682a979ec56b02b2cd678311f5b48b1697b77e34bd2822b7ae712eb6210314c4"]}, @generic="5a923862a9512d8cce660a1a537c3a9ce56c2fe74e169feafc8885873248df14996c", @generic="56837da64de4fee7ede66751eaa114bfe9dea2e7a0bc081b658613339fc581842cbbb3a148b9f42f39a74d5d055e54a57bca572cf0c08038ff29821772a77418a5c705d6a1e00960db8ce177241af9e9e5a3423f3c4d7831fbaa3b4fa0b7f7fcc1502202a1fd760921f968099b29f69926157e57ee3e", @generic="88ea5634c9a586315e3ca30432", @nested={0x10e4, 0x29, [@generic="c6fe00be16fead2403d676ea243d0f98cdf7fc01a333e6a372a1972a288401c7dc6d58a814b93647c28c855706c787af54d40ba319494380e9aac14abdc83654dcfcb7b9726675cc08e836fb0918262b150e08284d858572ddb4e393f7ec270a7a01ccf2751b4f5ee6c2eede4d3899", @generic="539b326a161b0bc4459132d1d62f05a756355b15f8bd2c6a88dfc71b3b29b6f3f0425bacc82814705dcd6f49cce191be622c249524869885dee660b25bd8b08f409f2a0d325847a4c2cc853a687ad6530fb5b462eede177a38d3a7cea9c016e2725747b7ca09e8944ac4bc9f23d489444cebfcad60ffbce319610fcdcb0fff5376e72d1c512ce1e829f9c92e970bf41e2fd7daed0258f4bbde253d4307c23906af8f08b7ad27706db7ffaf63b79cf56d0c88963753d240aa75fcc13923ccc23613f56a1f92b1842c99bd4f2ea61a128983839b11d386349561a3b7523b0dece1875e343639993da0b5dacb0d87fd67dba38d6ff4bfb4b62a98cd7cec75eca9eab163c594de872665a6f5f4d6b5f01aebed65035d01b4e076c7f75f9a55e824b9336dcd12942c7a558d3f8e3849f14bba08b4a6c6cf22ba4dd2061e9dd69b489bd9b6a85f320af2c76d2dfcff9c5861361672e70922cbc4dbeb392209b70ec8bb51f6a29bca3fc8b98ef8bc86719060d3ea8dbccdcbfea8ad16cef17753c51d43387c24a3fabe051a38bfdcda24f800c0d3aee7579f699f895d419e90336dacd4278fb367cf797c0eb5c80ae08647fe877fe08bb3f3fdc72764b4c10086b93df3e415aa909f5d6e69a10e23d7b87bba00112f02f30ae9e64ed21fefae6b4a1e45f9c2e1f17aecec7c471427eec2010beda09e5ce15b3d6fb38ada17daa654f463dd47c0569731554e55c1527eb3525a0192c61dfcdba013abbcadbc7b8609c4268f07af47ddeb5ea2c184c096ee31e4dc73a5d342de9c14b1509757b4645f0053e2563a2b38add79ee1caf346a7519c158d4ed1f7be19cce1a6ba66952d4715b4d149ddfe242d8f0a6c1e0af938bdb61ff1ac0b9a58f7aa50995513f8b027845016463a84f5df6e067a8517be59e483806f5d11482a9243e301987238b2d587405ffebc19b0e60d6155e37b070b0ac0bc89dcf2a245e7f4b4e15d96b3a19d2970dec69855bcdb9212ec2053e4d50ffd8adee0c30a905c4087cbb0dceee7b8cf30e83f4c5420ebd10f489b4e86ba5f684d1dd4b0e3496ea7caa184582fb0fc08ba7ca8550a08cbaa27b33a3ecf779cc101ec747f1428d7dccb4b17fb764a76886ef7fce6b0ae60cdac690cdc6395999348a92b1883ce1181c04579d7fba3da126b3aa7dc0ddb1c3cca8b1ba4deb2cb3aa3e1514afadfefd8706c5db76933513b4e7853e3af7ee47e73d79b911b864833031ad5a6dfb205a45702ccb85fe15d76e98cbebf9fc7d34c388f278e5de9fbe18c05bc0c0aa7b02d410c9922ee59a1805c3617bc44521d5ab110fd980e91140c9eb34707dfe475c1f99a78ec3316d4c512b32b77bde20da082ac9de40744017114fe9a9363536589a8e0de98a6a9f35236060283bdc995767946a78a01e7e778a3dfcf97ebbdbf752f51e72c81f3673390ddd03c7f5dc67c5c93ac65df77af83879b075c4908d0f30fdc743bc488b58fa51796051f7197417eda6eeeb3f104769a9dfaeff09994af9fcc58bb47adb4de8d0a8b1c926fba8dc8d56d679afdaec7b20a9789374b4bcfc7a4a3f64b33a62f18eba2a8e12c343e2d31bedb6bbb8d53ce149650be4f928f3b21941718254b6fc30aca1d83ca11a866dcc262a791c639ea8e5f019e3cdc849dcfe7dcf2bce94fc3e240e845b87e4f0e0c00e0ca3ff5b60eab080f7a5d1fff016b7693c656a7c9dee790452c0c747f2e17a57225f0cdf3b7bfbec6cfb48c5e39d8c095942fc852875a381f8943c26b032df89cf18b2d73c293184bae4f0d787811b8e03dd76f27d8a19be847d2ca20ca12cdef388cb423bc6cd0728166517b5eba2a60067da11f614d345d18249ae2df302f5910d4863f6d85daa1957bb21e0c2eb65dd56bc1355edaea4f0fdc6ba4f83a1ade76a61501fb62ba6e660116852f4d2d9d18960569445b5fa29202f6738201e2736ee7f5a81b8c6ab6d1b9080089452d3425e144fc4acbfb46fe1f1c3ff948fdf7adb1b99318ef234deb944bd2eddfb3bd0582a33274916b6dddba78a610b974c68ebef78d31152c3ac73590eebc6bc369131b7b442f628eb78e5edc93d69cfd921a0e8aaae3b48e6ff832b0cb81fad005538267b67f757e5e8ea201c5ee61671e7f90105557446742c73a7004789d50e7f5930c89aad94f5d9ecbaabe8975a9c77252e30ddb1fa97accbc93c4bb43ff00050c52c6d6e8e38d548f06d428fc9e31a408eeb51dfce197b17eae42c3bec8d6020326bd467009976a2af22b65b4b9b844bce464142e71d50ccf519af5df679cd1ddd9a6dfcb9e39cb2c7e7318dcb30d14c71a8d054cb7a9ab63f5054ff73ca7fc23769bbfb191892768fb86daf833e0262a58df9945bbebdf93cebc0b510444a4618f469ea30bb6bca52214a75b474ebbb44a563c0c1ba2b8288a404bb4b0c0fa35ed0f78d3bd0e66fc73be207b462f25a16e4959c5b24d0720ee18b56ab315b7667d4eb4add1113a09da17a7445c77961abc5145df761d9a6a279e95d53d5ada69e0d437972cadfa458a7f10787e1a26eb491a34b2e9cababecaac2900096f1e191bc2f56b65d687413cc2db60b524f1d2ff098595afb342e1ed40ade89232616d5a7610561c6bdb73e9b270bc5aba622f77e8505ebbb7e777a26a3c1e95f78fb3e4bc05b016b9a7d7ef1cadc2cf9f2885009512af3e1fa01da7dc2e423cb98ab6e77cda39a9cfcd4646d5357f504d7b8263e42199522604d98707b59156094ce75fb7b98494cbc84a37c7f7262f7aebba638aa8591272b7d32a5261d4f860e5c11d8eb19caeada4ae9c0d412e271ea7efdd089ce3898ec86ffcfd034daf6c10699db914540bb16c245fe760b26261c670fa963dd7fbbca686dbc8f65b0262f93a4c31e3b04d53d8131137580a9ccc18d2f711ea64d1f4e28b3446ead4e29135a22f787cc36a77289751a1482692247ea9c3ff7683db5d08380dbebcab6609a759897f7e03f43d5643a7dca1140611c372c2b1bb7899e3a64c77624fc0a3504d6eb922c2a0bc5a8292352ce0e5e6074973c1bfdbaf2ae3753b9bab60acc3d4ab7b4cd77ef63d93afa7f1cfd8cc74e0c1786b0578bcd15a4e7b880993fe565351a13fa9542a31bd50f704ecbb6f499bc6304c73e52b59a19a1ae52ca75ec20157c46042564793de9f3547422e14e20d27ff4e23da68455a1099b4eb057ed523411e8b9cb92e6cb0f7c3f6d6f6372dd696694837ffd040eb443be06b3864f706c255b7983a498db762c99a83243eaabd164390883dfe53067c63535deb08ca960105e270e4a87338f0564954c131030733a4ec883e2e11729816af070cfc3c4a8afbf777ad47951667e34fb4021923fc2364abcf5ef5218ea87de23db1df6fe17ba347fa49e725942930cb88dbcddaca3c9689eed5ac6a76184d3e5f2ce95505206535b62b4085b224b2fd770c15d0b5a7ab84d16c2daa7f759de79fb86bffd54e1cef7c5c9527accd372df9c5eeb8b883c88a900810e21835f361410b5166d94faaec5223fce401798a3792ee76fdeb87585a73f2946733fb471275856ace6cc30f7b295c843813a0566ee96b55cc50a5a502ac360c54718a7ecaab674d4079bef52102bb949b08367b03d89168dfe2c125e060f24dbb448b8d1bfc571c9e8f7e34d24124ecabf7b41870958b12267286df0d7f536d373ba7ec544da1719d1471d15e00dd4ae07e96f8fd10ba6e5d02bb8492344ea8043b9c43ac4610047c1c366f958e7fac49f9a2bab53a474eab87b472b5315f1bdb081f5d77b55cbd5f106c6b0f05b13f24930e6aee8786bf0dd3aee364ab3a079e8eea3270ba22721f780e302a03d5616b01c31c7989b4bf7cc24711ceaaf4f578cdf8459a7db9693e05273ceb4d30c46b65aa6b1f4127f258b04c106ac8014edf5a3d1435973eb24ba966d32fd8692f2816dbed17eb42f94b90e52f15f4e52dde878e296002e7c1a81df2e54f57d767caa5698e6a861bb1e807aa0a69062d153535231ba7aa36546936a7216836a7852b5a7ad3d04911392ac68fcd57adaa6946bc916904761461356890117bc7adc01e2efe9dc34b84cf48347eb9085dd01d3524b977643675b1752058721dcc7ddc60670437c6d084bac19260c7f8d38cd3b2c55cf618a14211e4ac8d96e299dad253cc5f69b139e760c593b558f44d34c3b1bca9bd71fa83c20998cfa55b11f3cf1d05723ae672d3466e42dcb90089f8f6f0147fa6592a6823a1f8668f0c17921a89a2fec4cd754b94337a9cb02ac0f99b3b83b2e8ca4c2b7cf7791581c795098700040c3a8b41ad0f67f254eba49c0614af9db3c38dcf5641ce99acd4ab71890cdaacbebc2226f09f7a2ce67c765768b980ff99cad076d7828a37b1965d8c021117aebf5aae9620343ff18f01945acb0eb927a18c4955b4e0a6eed60af6b431e37ce61200526fcbe0b1db0d93beb2d40232a8acc9492a98c54907299fbbc4f16c256c9fbd4ff69e5494364538d20f1a3920ebf520341eed234a40c732091cbf38ca67decd8ba4b369836b8b9b153607110dfbb8b3b753ab847536641359d197144148b5a7cd2b69e1c5c41c61daaab9f80bba481e80f7764f62a5b27148803541ef92ce34e0a07914aa556b1cc06b326e22a9ff76792a33aba5a0e6abb6dc001d2e49eea16f510b384fa55d792d019da715eb367cf4aeb4cc8775237fee79fe711573b92c4c418fd30416ab7b7ea06602dad3f2593adc8f2fa5a168d1c9a71cd31f2b6ab80bf7683033d6481c5e5edbe26c54c3f5f2ed486bdda6c4bed9fd89f3249415b9778b4eff718b1eebffdbe20f6a0b0f72023a3174fea3c15ceb95199ea89b37175065db80ccf31292a6e9da27a149884767864a088a3b57ae6f7a9445949abfc569465817ead90d1ee0b48606f45bd0e243a005e9d1147d0762c3f626400c987bfe3c22f4b8f4f06d702aeecd38fac019de42ddde021d363a2e5786195f10f20eee05b238e2c36caa44d553e8074c88e6d523b25dc038ec4db59b3e863a8113b1af618bf83e5af9dbf9eb9fb2dad807609bf31414d11e4bb88b21d1bbac87251defc8f4220f642f2308e770ee8594191357b56430cb6aa5b79210baf0a4d897c0ce8670c3aa42529392c3425857d2133504377360a948580fb267e5dce6788f4e379ffcb05e3291695be0123991d857a288cdcc1d991e5fca5c89e8bcbc29c83298f2daaba0e52037b4544f9a9e4165088d28e766b87e896f1fa8faf2d561a336dd87ba8af9193ceb083b884d6c3626081b1e27fe06c0e404d3119702ed075b23520e81b6c5dea73bb937c528cfecd6e2a696026bfbe293ac3162961439d8b8100f7c977114485509494890a6055530272cdb28fc78a9f676c6040d1d4fe519148a898c35c94cd30283bdac4c81f335ca045be5012fa26e52ad9100e0fa8f80d48c04d5d9d8ed8025624419dd76f4a5a614651857c8c1d677a33e295f8054c8f9b4d0c90f8636866622c57fdd9aa44e11ea0231166391ee097092e071a2467383870f6fc30606c286114f0ffbc71cf583fdeb6c842682b180e3595127ac4b05a4e318a0d0344499de6ac38bc390ae82030e28217f4d09b7eadfd1276fc509fa71fff6591a3c009ae8cefb8a67469957962326f39830bdd816e9922fade281ef9e936a1e988924abe3e0b521020efd7a5e5d83837f5a863b93d1d3d66dc4070327478217cf5e0e7539950c89385ec21f1f965a8522ad6bf6c583de8d2541c51a9a6d84f313d686c8d62a4c0a02791fc75cb490725d4a465436c57ae4", @generic="6f3407264f9ef51f0fdf7d9c5f39dbbba95e1769e3d7f60f28ae", @typed={0x4, 0x5e}, @typed={0x8, 0x10, @fd=r36}, @generic="a9a70f779b2441e151bf4da7e30abb82ed39e44bf20e7be955a5ba685347d7bbc55e5c5947486c3bd9fb2bef25b3309b276e51897eebccc1a09c49ad22297f41d93fffa87256026395"]}, @typed={0xc, 0x35, @u64=0x6}, @generic="fbcbc0863923776b5f88b7b6e9ee076dc872de2cd62f1350372f24647bbeefe7216d75af290f91502fe8cf4de77d95e290fe5f9901f8fda750e47e3cea57fe000c2cfa5b68cd36b89483f9d3ba8b9be7c24ff70ad5421a6b3547373cf1810e6d8ba2b3d92ffd15cb09924b8188cc414114b0991193cbb9dbafdbf7204c1971f70e9064ce1e90306fd4c317a411ab321f5a147616c51dc627a99cf7d71a7508faaeadccac93785a5958772a11dfaf1979f4f13f4aca7e33134d74fc2e61772192c0c080b028944e4a6449d73dbfcc49f992b3c82c84bf132d2357cfa2c2401ef16e024dd4ea385953ba954e5dafa90cdc8d93cbc6b45cc60f18355c09251c219c5faf9f8dd559e57aa2a5fcd47c430a8e4823780b8bdd07900c30bcfb50c859caf88b028cafda3d3b72b77d2d1b659dc10f90327ea99b0e88a94925cfe8d04c906df745f8f1981c239ae9153c150041902fba0e7c4a0661a1d62d0d1e7e9e6b5009c45ef48433a09defb5a2be778453e244f866badd574498e2d8f059f6c2624dcb4c0f5b31b3611360d1896316119d508433d12ae9b9feb563e7999d6ce7d57f2a5c8e95de21d2569a07e63e2c503a82de9a05e71bc88080a9f66d4921be2cb6d82ecdfbf428969df6246b0c5610f40bf13aaee9b4bd3f15e85e640ca8da19401fc35fd16722dc7a5bad9e4227ff417f3c2861fb2ae9abd04e2a06aac9979e1c2048dd756dc3d461335917aec873c304a71a328cc7baa5d7881e8f527a37ab5dd620de3d6ae7374fd9786c96f77bb87e7e292729fb0163bc263e791dca6512bfea8fd10cbda84481deacacbbdf35200067ded71be07fce3dfaedb3d7634af73d5cef4047a0c272c0298ee4f70c860b34c2e7f135249784d7cd131a1d7c676b744fb9a790ca6fa77381b226d8d78ca4f24c2ae610542e5ab2f8de0d73bb1411a97c7f8e3af71f7192385cba542907cf97ce226663d8f88c089dd143d8bf3abec524927435e431938912f478f51662ff4067713f61c6ae044579ee44b725c807039b5608cc7ae42d14d8ff0375b8dbf9735495da24ef2d4a85165385b9b72ffaf02c09d4f57484430347783ce55ae311930d6093a7f3a0d721d630887925e90684c527cb5a20160409215f5b4e1fc3303e109f4c62fc7d145ba6a81b2ed7166c2681ccfe126255541e51759b29c6d741a053b655866884b75db73bb5d2d701d17faf076cac74c6f971e3f7c1301a6dd84060d4fbcb25a7527ef1e68a34bf655104c0c474a00f61d2f78e4a4136821a287b048237512cd8f750bda6820ea8231c11ea9123d7a97152f59b0d1b2374fca540648afbd84158c048c0467a39f29458d85c2c17eb9778967bbe3f8fbb5d121c02be8b4d518c29c97561034e6fb878b0ca8d76cd701428c1641702515bc9c2188c366d81f185789a90fc729d6f5d8d5a24d0e32bb845c284e48dfd91b10af1b1d88b32f0efbdf405ecfab4c25da38699e9c1db5b88d0893ece46413cdf891af5f8be73117f17602bed68856c0428380350016f70b385d9f7700845ea422e1996a94ee2c828fc0d25a348571f65c065f362e9302bc2493ce5eab7cee97d469a067899e1943366199d828f72493b67c6caaf603f1265b35df62bf65d7c82b078e4cf2de8ee6fa1721df93508670b9b95da130ad68ef5f9705ad6fc69616244c82384f0c1ac035777ae4ce24fe47e6d6b3a0230a4d29c9ab319ead7a43d87c0fec81bc04d613b821b50648fd85d0c23c9876cbc661c17c0349c4a2787dc25fb5c6afcf57487219f6edaba4325750c6fda6c940cc5a77811f70bd2edb7c6c6772c252846374604b1d2ca22b6d1d551ecc9b7d56bff68d521507d18e172aad8bfa3c7005b003c2136d4cfb7bc8bf962a8911d904fc7408b64457504ed6bfb24df22ac58e6dc9460e1cf5f0ec48efea1712809c2b223d73cad3f116d1c843c7a49d2f801c27cd81f63205ebc1b3f480f674d1fcba0653cb44a6b22bee2ebc068fe9704db4eada20fe3c8b89dd3118c53981d9f659c2cfa51c5f6916e6ed1312ee2dc352dca5f5cf779b1cd1112b13c39631648d28b5c6e20c951e89244a37fffeb45ac9ad62b70f743ed320bd061d8fded110288df34ee719c5512dfaed00ee0264c448beff4b748f0b88559f1aa968449186e558d184c3092f16375c75e48e909151bd01f079de8d1d240cb1968f0b95bd00582555d22dd7d484e8962458d326408cb7561b850f4feeac5df1b2fe16251706d55762971504af839e6b90ee6c225c11e53fdd0b8c604fed571778adb58b239467c3b1194d92266b4ec0b563f0993220194f5a3139531b32c0b22dee2e000e2bcb9dc1e04a8a9a1eea4fe571fd2295c45de3fb2e4541575588a444eefe9a102e7064bbf6027e8da39c1e2be53ba6d2ec6ee486455f75fea9ad9c58e37f293d63e1e5ef622a5345f9c84e0fc2f82d36a8ee2b41f90d53a67d378048ddfe6c6b6f50cdae99024553a1829694de38875d1e13070cea490e3b94e48e716dcaa7501604e617ee9b0b84a8e82c3530cda4d6d9c5e173a1ca3a7413d46c5abddb55544174b75f1a4389cebbc176f57efb0b823ebc5d0b798a5f9ceacdd61bf52b0fbeb7588db7dcf11299b35ed67f755ddbfbc6c63c9fd4b10be24b27d0b2f1b559d91552a18a449cabd0fd1c2283d515284d8628db3821646aced886abde1a82bd24af86c935d7934e5afcb0d7ecdb7a183c8e317ba19403a7d7859ab2ff7bac86347ec95a57f3e48998a7a46f63f73ce0c4d5acee3df1f42f747e9fd4fe160c5e376f1791120a102367057b65e020880c48bd8019b361686c6921bb7c4290b96cff3352f47f0d4da405d26b563c5f6dd7ecb9143b97cf874ec0dd8ec3bf6a17ca515377d5c6b1f6a877528bc191844be86ab2e2badbd766362865ca034ff8c70f1954028ba855be6f490d381e944abc8fb01dfee77e6e9e826cef68d794754ddc2bbaccafabe2835fa0cad5bae709f79fd4077657c92c5bfc9aef42797fe7c9ef52d11f97b162edd01229a79dc5319256bb9627432b68d1a9cfedaea2b19f7ac228a5ab8ebd660938ffa76eab04b130d349ebf5924e452771fab8fe73d602f0911f01d5a412c698a33b65f13b915badf89829bea655e4542466efcf1d0d198260853c996df77b942a8ac34f4548feaf3e7e40ae61d24b5d2b5637c7a9540e209638045b51fa0dfbf27b537190ee4fb35f215d174e22c44ea5099e86a0452af97e066d1dc021aa4e04f26cebaaa8fb10eaa6c0380e1b1637e54214fee4a510ad895c5ca8d21d063abc2fe0b3d9c638260da7f78f4484a5a954dc808d80fc82b717ef00eb9d7080a3e223ef75fda5cd0caafa3eb1d999f4f0cef495495718a1a147a5e8ed9e365437e0a5830b87aa4d9ca0c928b283498b9d51f3f695f25b9096f698305d866d6ef2906591549411acaafd00e502b6f837b59613bd8d8a902fb0ff9aa269bd7f3f67b125599f6df923defc57e54e7588c3c28aee5336b42d46b5871dfacb48faf2803511731252f22231dfe6ae07d18f6be65303116f1d5fcbabd3edf509e4396599b828170fa474de265d14698ffce5fda5c3881606611c8ac5f7cdeaa76f42074dd75cadfdeaa7821bbe53b34b4bc225d9b2838241e9c0a5494849be514a082b499eeacd8adf053d1cf646dc765c337562a3ddeb5d066a8f951530fafbfe41c249af2747e6b9d05a6aa3c1033c835d07cf74cfa2a32567cd875e0e6204889b809d68117066eaeb549a1c0a9893c975ac9a50567f864b80614ca604cba46ae8f7eae66f2c152a4d081047048717cbf4fbe16f7fce68e9196f78d6b7cd94aea97b976660f968648487bf950700fa22e9db3bf29077c31f55b31321cd678cffd866a3e4b495e10be5cfad611d454de6b1cc9c4012b025c3e26ce46a75923cb53788a4d5fa71bc73ce909ef5bfd387483950e79461168ad5a7756f456efa1d92c37e90e1297941a7ccca835e117c810d43a63bb4c71bbb0af439e2a0eaed1142c756506485c2d78ad87fe3b788f82023956556afc6b266deed25c344fa922e706a2f77edf75f8c3b462ddeb67248491eb28077534dadf82be4d9d86110eed36e2d9b1cb1d1ab5d5c1078a83e1e36702faec365ef7d00551bfb98ede678a36ab0cfb058ba410a495c73a66ee4ad84002900824cc766fcbd01bd04100f47e014984ca8de154ef5cc1eb6161a730569a72ea39a4a8c0baa50711625df557de4af308721bbe175ac0f6d5ce263dc4a8ffac68b75c897eb4a884c9c8cb635a16adbab45a46d01d1775447709d69e54f785924fcfd2eb89387fc5c938f9039982990f68791120cee008474097661b72aad7fa65686098f34602d6efe72419158dcb58bffc3db4d37e96ead2d3609d95ee2cea0aebda95375e4e027568443c1ac82ec59993f1d7eb6d656ebad1382e7be7a9f146e1fe2fff40db098c61c25aca119a79b260067c3f13b889fbe00882c245c3a9594075d903413951e0159b0f1ec7f70884ae86250acf7ef6a49188f24c2ef0f9e36325436a59e10b3dc18cb9fdf998251fb5a31741f4db69d6c27a7e112846371a01c1d9db7f21b23dc3d7418d519f232af40f25c0c62953bd5a041e9fe11be14dd118212510be78fde99886897fefad3be765c27c3f074d544bcc3babcb926c0972703dcc04a607da6f96411b2d426f2a084638fb1fbfc70e45324973a825c7ac1b393a284a11fda371ca83f2ea7ad580d0a7abe15256c133e9be35ee696c367489c13fe0d6dbd511a11907f7b8ba7f6394393a3d52258bec7f57a03a533db15ba70c38e8531bc0e511c58e1d1dc1d52830ef11c7935b57d53597a37193216eb3151c52edfac468cd990a1631945af01ebe46bd3530bae6d8de51139fa0ca315eda198390313d6dc900c6d79c6e15f79cdae105b8621d966e1bacf3de828b834e262bd7f2207799b674498b8cfe5e2911cbccdff49155e3b9c847b924f5539910615206f6c618e90d4b396ba9d58c27dc525dbc31caa586b263d7e25fca817fb560b4dc32470f231d964cc0baad1517369753c52d29c591683c16c698b6a02ca8ceb106f3a127d02a6b3b8a28be9b2d39c8d95094e840e6cbcaaf8f2cf197e28cdd59255f8ad6208afe4c184b9b232091ba59df56561a52dee7406eff7c4a094f3680c272bc17efc4e682f123d363a52a6cc7da19f19b5b584b2c3839f517263e88c8e258ca6a4a3ffa4fac313debe06bf1c9f0d084e5963b2d37a0055d7e65dbf8547d1c84332f4f1d1a6bdccd6663c450b104f0f69ff83e012e41bf455f5cd89a0ae045946baaf73075770478fc3de454a36aebabaa727abef60bd14fa7b76986a4d0202ee335f955d765801cfdd74896875dd675bcbc7a953e859a9ace6f8a0295c71513d5e3483f1dd5dcf7efa1355977f5d10db0e6e597145de801e42f19f8712f454fdc0255407ea41837d9ca21b7f371cd1cf4e52b2e8ada6b439fe9ff51e9ff6153603ed06451380e1b9ed2c9f2a0d56466d72b6b563af8e4de072c9202f826e3fc5df5c275295c9c41eb7412956f7ce232842534f630f69a489b0fc163a7f0242aee3fcd22cf1f23b3ca98f6e633aa35af8c9d34fe2f3d159d73606a2c30aac6ab59f63855352e58bfdde2fa143391d0410f20aea7be55be1a7ec20ad0899a580bb7840904904c5f801b888dc7acd273a1ec41df8fd4e60a26e7af5201a79064af13770c85d5289f2c40c676b044da01db15bc144a6976064a4e5cb26219178e13e385bd406ddaf4b0916a", @typed={0x8, 0x33, @ipv4=@rand_addr=0x2}]}, 0x22dc}], 0xa, &(0x7f0000001fc0)=[@cred={{0x1c, 0x1, 0x2, {r41, r43, r48}}}, @cred={{0x1c, 0x1, 0x2, {r49, r51, 0xee00}}}], 0x40, 0x80}, 0x4000080)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r53=>0xffffffffffffffff})
r54 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r55 = dup2(r53, r54)
ioctl$PERF_EVENT_IOC_ENABLE(r55, 0x8912, 0x400200)
ioctl$BLKSECTGET(r55, 0x1267, &(0x7f0000000240))
ftruncate(r3, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r56=>0xffffffffffffffff})
r57 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r58 = dup2(r56, r57)
ioctl$PERF_EVENT_IOC_ENABLE(r58, 0x8912, 0x400200)
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000000)={<r59=>0x0, 0x8, 0x0, 0x6, 0x2, 0x40, 0x7fffffff, 0x1, {0x0, @in={{0x2, 0x4e21, @broadcast}}, 0x2, 0x1, 0x6, 0x7360, 0x401}}, &(0x7f0000000180)=0xb0)
getsockopt$inet_sctp_SCTP_MAXSEG(r58, 0x84, 0xd, &(0x7f00000001c0)=@assoc_id=r59, &(0x7f0000000200)=0x4)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

01:38:44 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1f00, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1242.921214][T12275]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1242.926761][T12275]  ? handle_mm_fault+0x292/0xa80
[ 1242.931711][T12275]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1242.937951][T12275]  ? __kasan_check_read+0x11/0x20
[ 1242.942981][T12275]  handle_mm_fault+0x3b7/0xa80
[ 1242.947761][T12275]  __do_page_fault+0x536/0xdd0
[ 1242.952563][T12275]  do_page_fault+0x38/0x590
[ 1242.957074][T12275]  page_fault+0x39/0x40
[ 1242.961234][T12275] RIP: 0033:0x4533a0
[ 1242.965132][T12275] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1242.984727][T12275] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1242.984739][T12275] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1242.984748][T12275] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1242.984756][T12275] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1242.984765][T12275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1242.984773][T12275] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:45 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x8400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:45 executing program 3:
socket$inet(0x10, 0x2, 0x8)
r0 = socket$inet6(0xa, 0x4805, 0x8)
ioctl(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x300400, 0x0)
ioctl$VIDIOC_S_TUNER(r2, 0x4054561e, &(0x7f0000000180)={0xa2, "9bd5f3d0562a74c7504d5649c868b27e4a68b8e87d68045549b607f80e809b8c", 0x16ad80c2ae3ab0d2, 0x4, 0x2, 0x6, 0xc, 0xd5b345044ee514b4, 0x8, 0xeed9})
ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
bind$inet(r5, &(0x7f0000dc9ff0)={0x2, 0x4e20}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r8 = dup2(r6, r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r8, 0xc0a85322, &(0x7f00000000c0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r9, r10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r11, r12)
setsockopt$sock_int(r12, 0x1, 0x29, 0x0, 0xfe98)
shutdown(0xffffffffffffffff, 0x0)
accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
syz_genetlink_get_family_id$tipc(0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000180), 0x3f46bb1408470170, 0x4007ffd, 0x0, 0xb4)
ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000200))

01:38:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x2000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1243.231434][T12347] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1243.245485][T12347] CPU: 1 PID: 12347 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1243.253134][T12347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1243.253146][T12347] Call Trace:
[ 1243.253172][T12347]  dump_stack+0x172/0x1f0
[ 1243.253197][T12347]  handle_userfault.cold+0x41/0x5d
[ 1243.253217][T12347]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1243.282173][T12347]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1243.282190][T12347]  ? find_get_entry+0x535/0x880
[ 1243.282210][T12347]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1243.282228][T12347]  ? ___might_sleep+0x163/0x2c0
[ 1243.292317][T12347]  ? __kasan_check_read+0x11/0x20
[ 1243.292333][T12347]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1243.292352][T12347]  ? find_lock_entry+0x1a7/0x560
[ 1243.292365][T12347]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1243.292381][T12347]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1243.302914][T12347]  ? shmem_unuse_inode+0x1010/0x1010
[ 1243.302933][T12347]  ? lock_downgrade+0x920/0x920
[ 1243.302949][T12347]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1243.302961][T12347]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1243.302980][T12347]  shmem_fault+0x22a/0x7b0
[ 1243.314212][T12347]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1243.314234][T12347]  ? find_get_entry+0x880/0x880
[ 1243.314252][T12347]  ? pmd_val+0x85/0x100
[ 1243.314269][T12347]  __do_fault+0x111/0x540
[ 1243.314284][T12347]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1243.314302][T12347]  __handle_mm_fault+0x2dca/0x4040
[ 1243.314333][T12347]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1243.314348][T12347]  ? handle_mm_fault+0x292/0xa80
[ 1243.325397][T12347]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1243.325415][T12347]  ? __kasan_check_read+0x11/0x20
[ 1243.325431][T12347]  handle_mm_fault+0x3b7/0xa80
[ 1243.325450][T12347]  __do_page_fault+0x536/0xdd0
[ 1243.335799][T12347]  do_page_fault+0x38/0x590
[ 1243.335819][T12347]  page_fault+0x39/0x40
01:38:45 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:45 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x6c000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

[ 1243.335830][T12347] RIP: 0033:0x4533a0
[ 1243.335846][T12347] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1243.335853][T12347] RSP: 002b:00007fbdc8f557a8 EFLAGS: 00010202
[ 1243.335864][T12347] RAX: 00007fbdc8f55850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1243.335873][T12347] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f55850
[ 1243.335881][T12347] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1243.335901][T12347] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f566d4
[ 1243.335909][T12347] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x3f00, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:45 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r0, 0xee72)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe)

[ 1243.655386][T12764] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1243.662326][T12764] CPU: 1 PID: 12764 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1243.669880][T12764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1243.680012][T12764] Call Trace:
[ 1243.680038][T12764]  dump_stack+0x172/0x1f0
[ 1243.680062][T12764]  handle_userfault.cold+0x41/0x5d
[ 1243.680078][T12764]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1243.680102][T12764]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1243.680121][T12764]  ? find_get_entry+0x535/0x880
[ 1243.680141][T12764]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1243.680162][T12764]  ? ___might_sleep+0x163/0x2c0
[ 1243.699065][T12764]  ? __kasan_check_read+0x11/0x20
[ 1243.699081][T12764]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1243.699099][T12764]  ? find_lock_entry+0x1a7/0x560
[ 1243.699123][T12764]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1243.714917][T12764]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1243.714949][T12764]  ? shmem_unuse_inode+0x1010/0x1010
[ 1243.742079][T12764]  ? lock_downgrade+0x920/0x920
[ 1243.742093][T12764]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1243.742108][T12764]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1243.769819][T12764]  shmem_fault+0x22a/0x7b0
[ 1243.774236][T12764]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1243.774257][T12764]  ? find_get_entry+0x880/0x880
[ 1243.774273][T12764]  ? pmd_val+0x85/0x100
[ 1243.774293][T12764]  __do_fault+0x111/0x540
[ 1243.774308][T12764]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1243.774327][T12764]  __handle_mm_fault+0x2dca/0x4040
01:38:45 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:45 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x8800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1243.774346][T12764]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1243.774361][T12764]  ? handle_mm_fault+0x292/0xa80
[ 1243.774387][T12764]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1243.774415][T12764]  ? __kasan_check_read+0x11/0x20
[ 1243.785216][T12764]  handle_mm_fault+0x3b7/0xa80
[ 1243.785236][T12764]  __do_page_fault+0x536/0xdd0
[ 1243.785258][T12764]  do_page_fault+0x38/0x590
[ 1243.785291][T12764]  page_fault+0x39/0x40
[ 1243.785301][T12764] RIP: 0033:0x4533a0
[ 1243.785315][T12764] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1243.785323][T12764] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1243.785333][T12764] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1243.785344][T12764] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1243.799993][T12764] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1243.800001][T12764] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1243.800009][T12764] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:46 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r3 = dup2(r1, r2)
r4 = socket(0x10, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r6=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x70, &(0x7f0000000080)={r6, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
ioctl$LOOP_CLR_FD(r3, 0x4c01)
openat$full(0xffffffffffffff9c, &(0x7f0000000240)='/dev/full\x00', 0x400000, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r6, 0x80, 0x6}, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r9 = dup2(r7, r8)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
ioctl$DRM_IOCTL_ADD_MAP(r9, 0xc0286415, &(0x7f0000000280)={&(0x7f0000ffc000/0x1000)=nil, 0x101, 0x3, 0x10, &(0x7f0000ffc000/0x3000)=nil, 0x6})
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000000)={<r10=>r6, 0x7, 0x8, 0x9, 0xffff, 0x8, 0x8, 0x48, {0x0, @in6={{0xa, 0x4e22, 0x7, @rand_addr="830253a52bbe640ee2368deff7a57c46", 0x7}}, 0x3, 0x1, 0xe3c, 0x40, 0x7}}, &(0x7f0000000180)=0xb0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f00000001c0)={r10, 0x9d, 0x4, [0x8a8, 0x3, 0x0, 0x1]}, &(0x7f0000000200)=0x10)
r11 = dup(r0)
r12 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r12, 0xee72)
sendfile(r11, r12, 0x0, 0x8000fffffffe)

01:38:46 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x100, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x9)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/d\x00\x00#H\xee\xd3\x80]\xed\xafZ', 0x14000, 0x0)
dup(r0)
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1, 0x5c831, 0xffffffffffffffff, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000080), 0x4)
mlock2(&(0x7f0000f2a000/0x4000)=nil, 0x4000, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0)
ftruncate(r1, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r3, r4)
r5 = userfaultfd(0x0)
r6 = userfaultfd(0x0)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080))
read(r6, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r6)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x51})
read(r5, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
r7 = userfaultfd(0x0)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000080))
read(r7, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f00004a1000/0x4000)=nil, 0x4000}, 0x3})
close(r7)
socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = userfaultfd(0x0)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000080))
read(r8, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r8)
close(r8)
fanotify_init(0x15, 0x101000)

[ 1244.068723][T13118] FAULT_FLAG_ALLOW_RETRY missing 70
01:38:46 executing program 3:
socket$inet(0x10, 0x2, 0x0)
socket$inet6(0xa, 0x4805, 0x8)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080))
read(r0, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r0)
ioctl(r0, 0x6, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0)
ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
bind$inet(r1, &(0x7f0000dc9ff0)={0x2, 0x4e20}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
syz_genetlink_get_family_id$tipc(0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000180), 0xffffffffffffff9a, 0x4007ffd, 0x0, 0xb4)
ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000))

[ 1244.123753][T13118] CPU: 0 PID: 13118 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1244.131342][T13118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1244.141396][T13118] Call Trace:
[ 1244.144686][T13118]  dump_stack+0x172/0x1f0
[ 1244.149020][T13118]  handle_userfault.cold+0x41/0x5d
[ 1244.154170][T13118]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1244.160425][T13118]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1244.165910][T13118]  ? find_get_entry+0x535/0x880
01:38:46 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x203a00, 0x0)
r4 = socket(0x10, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000180)=ANY=[@ANYBLOB="9965abf40b50d601000001", @ANYRES32=<r6=>0x0], &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x70, &(0x7f0000000080)={r6, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r6, 0x80, 0x6}, 0xc)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000040)={0x40, 0x2, 0x0, 0x7, 0x5, 0x1, 0x2, 0x2, r6}, 0x20)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
getsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000240), &(0x7f0000000280)=0x4)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0xe)

[ 1244.170769][T13118]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1244.176488][T13118]  ? __kasan_check_read+0x11/0x20
[ 1244.181514][T13118]  ? __kasan_check_read+0x11/0x20
[ 1244.186544][T13118]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1244.192790][T13118]  ? find_lock_entry+0x1a7/0x560
[ 1244.197721][T13118]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1244.203877][T13118]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1244.209006][T13118]  ? shmem_unuse_inode+0x1010/0x1010
[ 1244.214293][T13118]  ? lock_downgrade+0x920/0x920
[ 1244.219149][T13118]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1244.225394][T13118]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1244.231646][T13118]  shmem_fault+0x22a/0x7b0
[ 1244.236070][T13118]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1244.242054][T13118]  ? find_get_entry+0x880/0x880
[ 1244.246938][T13118]  ? pmd_val+0x85/0x100
[ 1244.251098][T13118]  __do_fault+0x111/0x540
[ 1244.255432][T13118]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1244.261677][T13118]  __handle_mm_fault+0x2dca/0x4040
[ 1244.266797][T13118]  ? vmf_insert_mixed_mkwrite+0x40/0x40
01:38:46 executing program 0:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x48240)
dup(r0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

[ 1244.272348][T13118]  ? handle_mm_fault+0x292/0xa80
[ 1244.277328][T13118]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1244.283602][T13118]  ? __kasan_check_read+0x11/0x20
[ 1244.288650][T13118]  handle_mm_fault+0x3b7/0xa80
[ 1244.293419][T13118]  __do_page_fault+0x536/0xdd0
[ 1244.298194][T13118]  do_page_fault+0x38/0x590
[ 1244.302697][T13118]  page_fault+0x39/0x40
[ 1244.306854][T13118] RIP: 0033:0x4533a0
[ 1244.310745][T13118] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1244.330345][T13118] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1244.336402][T13118] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1244.344363][T13118] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1244.352327][T13118] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1244.360293][T13118] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
01:38:46 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x4000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1244.368260][T13118] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:46 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x1, 0x0)
poll(&(0x7f0000000080)=[{r3, 0x10}], 0x1, 0x3)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x101000, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000180)={0x1, 0x0, @pic={0x7, 0x5, 0x7, 0xf56d, 0xea, 0x3, 0xb054, 0x3, 0x3, 0x3, 0x7, 0x8, 0x9c, 0x3, 0x1, 0x100000001}})

01:38:46 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x74000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:46 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xc400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:46 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x81, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:46 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r0, r1)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r2=>0x0})
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0x0, 0xffffffffffffffff, 0x0)
r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:38:46 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x4083, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:46 executing program 1:
r0 = getpgrp(0x0)
setpriority(0x0, r0, 0x100)
r1 = syz_open_procfs(r0, &(0x7f0000000000)='gid_map\x00')
r2 = socket(0x10, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r4=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x70, &(0x7f0000000080)={r4, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r4, 0x80, 0x6}, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r7 = dup2(r5, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r7, 0x111, 0x4, 0x0, 0x4)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000040)={0x3, 0x1, 0x501a, 0x1, r4}, &(0x7f0000000080)=0x10)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r9 = dup(r8)
r10 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r10, 0xee72)
sendfile(r9, r10, 0x0, 0x8000fffffffe)

01:38:46 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x7a000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

[ 1245.035304][T13855] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1245.042041][T13855] CPU: 1 PID: 13855 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1245.049594][T13855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1245.059646][T13855] Call Trace:
[ 1245.062950][T13855]  dump_stack+0x172/0x1f0
[ 1245.067287][T13855]  handle_userfault.cold+0x41/0x5d
[ 1245.072403][T13855]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1245.078678][T13855]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1245.083961][T13855]  ? find_get_entry+0x535/0x880
[ 1245.083985][T13855]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1245.094512][T13855]  ? ___might_sleep+0x163/0x2c0
[ 1245.094547][T13855]  ? __kasan_check_read+0x11/0x20
[ 1245.094562][T13855]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1245.094580][T13855]  ? find_lock_entry+0x1a7/0x560
[ 1245.094597][T13855]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1245.121705][T13855]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1245.126832][T13855]  ? shmem_unuse_inode+0x1010/0x1010
[ 1245.132118][T13855]  ? lock_downgrade+0x920/0x920
[ 1245.136989][T13855]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1245.143222][T13855]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1245.149445][T13855]  shmem_fault+0x22a/0x7b0
[ 1245.153844][T13855]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1245.159805][T13855]  ? find_get_entry+0x880/0x880
[ 1245.164670][T13855]  ? pmd_val+0x85/0x100
[ 1245.168801][T13855]  __do_fault+0x111/0x540
[ 1245.173115][T13855]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1245.179336][T13855]  __handle_mm_fault+0x2dca/0x4040
[ 1245.184429][T13855]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1245.189948][T13855]  ? handle_mm_fault+0x292/0xa80
[ 1245.194865][T13855]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1245.201092][T13855]  ? __kasan_check_read+0x11/0x20
[ 1245.206091][T13855]  handle_mm_fault+0x3b7/0xa80
[ 1245.210872][T13855]  __do_page_fault+0x536/0xdd0
[ 1245.215631][T13855]  do_page_fault+0x38/0x590
[ 1245.220110][T13855]  page_fault+0x39/0x40
[ 1245.224244][T13855] RIP: 0033:0x4533a0
[ 1245.228118][T13855] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1245.247701][T13855] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1245.253748][T13855] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1245.261815][T13855] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1245.269765][T13855] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1245.277714][T13855] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
01:38:47 executing program 3:
socket$inet(0x10, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x4805, 0x8)
ioctl(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0)
ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
bind$inet(r1, &(0x7f0000dc9ff0)={0x2, 0x4e20}, 0x10)
getsockopt$inet_tcp_buf(r1, 0x6, 0xe, &(0x7f00000000c0)=""/171, &(0x7f0000000040)=0xab)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r2, r3)
shutdown(r2, 0x0)
accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x385, 0x761bc54f366b5a49, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x12}}, 0xfffffffffffffeec)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
syz_genetlink_get_family_id$tipc(0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000180), 0xffffffffffffff9a, 0x4007ffd, 0x0, 0xb4)
ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000000))

01:38:47 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = dup(r2)
ioctl$SG_NEXT_CMD_LEN(r3, 0x2283, &(0x7f0000000000)=0x51)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r5 = dup(r4)
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0xee72)
sendfile(r5, r6, 0x0, 0x8000fffffffe)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5)

01:38:47 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x5865, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:47 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xe803, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:47 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r3 = dup2(r1, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x2000, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000040)={0x8, 0x9, 0x7fffffff, 0x1ff, 0x9}, 0x14)
r4 = dup(r0)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

[ 1245.285687][T13855] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:47 executing program 3:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='proc\x00', 0x0, 0x0)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
getdents64(r3, &(0x7f00000005c0)=""/4096, 0x1000)
getdents64(r3, 0x0, 0x0)

01:38:47 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
bind$netlink(r5, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbfd, 0x21000}, 0xc)
ftruncate(r2, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r8 = dup2(r6, r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
r9 = socket(0x10, 0x0, 0x0)
r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r10, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="01001f00", @ANYRES32=<r11=>0x0], &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r10, 0x84, 0x70, &(0x7f0000000080)={r11, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r9, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r11, 0x80, 0x6}, 0xc)
getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000000)={<r12=>r11, 0x7}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r8, 0x84, 0x75, &(0x7f0000000080)={r12, 0x3}, 0x8)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:47 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x100000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:47 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x6000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:47 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mremap(&(0x7f00007a1000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f00004f4000/0x4000)=nil)

01:38:47 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000000)=0x4)

01:38:47 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1245.745295][T14140] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1245.752328][T14140] CPU: 1 PID: 14140 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1245.759880][T14140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1245.769928][T14140] Call Trace:
[ 1245.773230][T14140]  dump_stack+0x172/0x1f0
[ 1245.777563][T14140]  handle_userfault.cold+0x41/0x5d
[ 1245.782695][T14140]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1245.788949][T14140]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1245.794240][T14140]  ? find_get_entry+0x535/0x880
[ 1245.799101][T14140]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1245.804820][T14140]  ? ___might_sleep+0x163/0x2c0
[ 1245.809681][T14140]  ? __kasan_check_read+0x11/0x20
[ 1245.814825][T14140]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1245.821066][T14140]  ? find_lock_entry+0x1a7/0x560
[ 1245.825995][T14140]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1245.832144][T14140]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1245.837269][T14140]  ? shmem_unuse_inode+0x1010/0x1010
[ 1245.842558][T14140]  ? lock_downgrade+0x920/0x920
[ 1245.847414][T14140]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1245.853648][T14140]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1245.859886][T14140]  shmem_fault+0x22a/0x7b0
[ 1245.864309][T14140]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1245.870307][T14140]  ? find_get_entry+0x880/0x880
[ 1245.875160][T14140]  ? pmd_val+0x85/0x100
[ 1245.879313][T14140]  __do_fault+0x111/0x540
[ 1245.883649][T14140]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1245.889891][T14140]  __handle_mm_fault+0x2dca/0x4040
[ 1245.895007][T14140]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1245.900550][T14140]  ? handle_mm_fault+0x292/0xa80
[ 1245.905520][T14140]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1245.911754][T14140]  ? __kasan_check_read+0x11/0x20
[ 1245.916777][T14140]  handle_mm_fault+0x3b7/0xa80
[ 1245.921544][T14140]  __do_page_fault+0x536/0xdd0
[ 1245.926401][T14140]  do_page_fault+0x38/0x590
[ 1245.930895][T14140]  page_fault+0x39/0x40
[ 1245.930905][T14140] RIP: 0033:0x4533a0
01:38:47 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x6558, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:47 executing program 1:
r0 = syz_open_dev$swradio(&(0x7f00000003c0)='/dev/swradio#\x00', 0x0, 0x2)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x2102, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r4, r5)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r11 = dup2(r9, r10)
ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200)
ioctl$KDGKBMODE(r11, 0x4b44, &(0x7f0000000280))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
r13 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r14 = dup2(r12, r13)
ioctl$PERF_EVENT_IOC_ENABLE(r14, 0x8912, 0x400200)
ioctl$KVM_GET_REGS(r14, 0x8090ae81, &(0x7f00000002c0))
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r15=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r16=>0xffffffffffffffff})
r17 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r18 = dup2(r16, r17)
ioctl$PERF_EVENT_IOC_ENABLE(r18, 0x8912, 0x400200)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r18, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x42040000}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00043bcf4950fcdbdf2501000000000000000b000000000c001473797a3100000000dad05df5a11659f2cacf930e688ad82d96d2eb41275d2e95d15b3c7d53e59da43ff317a6cf65cdc0a58170b07c0f087853584c77ffdc40fca27763aab7c00e72404a3a71d41cd0f430a7ccc40d519a1411620582eb"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r15, @ANYBLOB="0000000000000000280012000c00010076657468000000e1170002de1300010028b60000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r15, @ANYBLOB="00000000ffffffff0000000008000100636271001804020004040600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000050022000000000000007f000000e2e3fe613ec356b937a1fa3ecf57264586d686e4fd7deda0d11c37ef4a8ee34dc6800cb08164e4"], 0x444}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="340000002c00010700"/20, @ANYRES32=r15, @ANYBLOB="0000000000000000f6fff1ff0c0001007463696e64657800c08e0200"], 0x34}}, 0x0)
setsockopt$inet6_IPV6_PKTINFO(r5, 0x29, 0x32, &(0x7f0000000000)={@remote, r15}, 0x14)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

[ 1245.930920][T14140] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1245.930927][T14140] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1245.930938][T14140] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1245.930952][T14140] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1245.958634][T14140] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
01:38:48 executing program 3:
clone(0x0, 0x0, 0x0, 0x0, 0x0)
mq_open(0x0, 0x0, 0x0, 0x0)

[ 1245.958643][T14140] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1245.958652][T14140] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:48 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, @perf_config_ext={0x9, 0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000280)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff0000/0x4000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000000180)="642a85f9e9b8aa22562b263f9a974714623116b8d4037d9451b371cf3463f6df83d7785d7e526a33a5390f5b8d368fd7ff21c9e4a80abfea57af90319104b3050a7071e3c7694c7850c58a6b3b8f45dc72a337b6f7afbebea01680d7e8a652e25b1b589b493cacb65bda7a37ef2aab94f86091d17dafe68707d37385cc4224b5bf0cfcd14d94acef59cf3e83f32f3c3149ee8600d31d220c4ae70b75112787c70baa335aa9d7a8dcd9012306485e8f8173324bf9d73d9099284fbbf71cf24f097d0beabad4", 0xc5, r2}, 0x68)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x3, 0x10000)
ftruncate(r3, 0xee72)
sendfile(r1, r3, 0x0, 0x8000fffffffe)

01:38:48 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x8100, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:48 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:48 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$IMDELTIMER(0xffffffffffffffff, 0x80044941, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='sit0\x00', 0x10)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c)
sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f00000004c0)={0x18, 0x0, 0x4, {0x5}}, 0x18)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0)

01:38:48 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x200000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:48 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x10000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
socket$vsock_stream(0x28, 0x1, 0x0)
chdir(&(0x7f0000000000)='./bus\x00')
sendfile(r1, r2, 0x0, 0x8000fffffffe)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0x40a85323, &(0x7f0000000180)={{0x10000, 0x3}, 'port0\x00', 0x40, 0x10000, 0xffffffffffffffe1, 0x3, 0x691, 0x1, 0xff, 0x0, 0x2116f68069591f4, 0x7f})

01:38:48 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
ftruncate(0xffffffffffffffff, 0xee72)
r2 = socket(0x20000000000000a, 0x2, 0x0)
connect$inet6(r2, &(0x7f000004bfe4)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
getsockopt$sock_buf(r2, 0x1, 0x19, &(0x7f0000e530e9)=""/16, &(0x7f0000000000)=0x170)
ioctl$BLKGETSIZE(r1, 0x1260, &(0x7f0000000000))
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8000fffffffe)

01:38:48 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xf000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:48 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$IMDELTIMER(0xffffffffffffffff, 0x80044941, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='sit0\x00', 0x10)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c)
sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f00000004c0)={0x18, 0x0, 0x4, {0x5}}, 0x18)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0)

[ 1246.518771][T14557] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1246.534349][T14557] CPU: 0 PID: 14557 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1246.541903][T14557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1246.551957][T14557] Call Trace:
[ 1246.555251][T14557]  dump_stack+0x172/0x1f0
[ 1246.559610][T14557]  handle_userfault.cold+0x41/0x5d
[ 1246.564730][T14557]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1246.570984][T14557]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1246.576270][T14557]  ? find_get_entry+0x535/0x880
[ 1246.581120][T14557]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1246.586833][T14557]  ? ___might_sleep+0x163/0x2c0
[ 1246.591701][T14557]  ? __kasan_check_read+0x11/0x20
[ 1246.596725][T14557]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1246.602964][T14557]  ? find_lock_entry+0x1a7/0x560
[ 1246.607894][T14557]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1246.614047][T14557]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1246.619172][T14557]  ? shmem_unuse_inode+0x1010/0x1010
[ 1246.624468][T14557]  ? lock_downgrade+0x920/0x920
[ 1246.629317][T14557]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1246.635549][T14557]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1246.641788][T14557]  shmem_fault+0x22a/0x7b0
[ 1246.646205][T14557]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1246.652183][T14557]  ? find_get_entry+0x880/0x880
[ 1246.657031][T14557]  ? pmd_val+0x85/0x100
[ 1246.661185][T14557]  __do_fault+0x111/0x540
[ 1246.665511][T14557]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1246.671763][T14557]  __handle_mm_fault+0x2dca/0x4040
[ 1246.676873][T14557]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1246.682442][T14557]  ? handle_mm_fault+0x292/0xa80
[ 1246.687391][T14557]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1246.693629][T14557]  ? __kasan_check_read+0x11/0x20
[ 1246.698654][T14557]  handle_mm_fault+0x3b7/0xa80
[ 1246.703426][T14557]  __do_page_fault+0x536/0xdd0
[ 1246.708205][T14557]  do_page_fault+0x38/0x590
[ 1246.712712][T14557]  page_fault+0x39/0x40
[ 1246.716864][T14557] RIP: 0033:0x4533a0
[ 1246.720758][T14557] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1246.740360][T14557] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1246.746422][T14557] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1246.754394][T14557] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1246.762357][T14557] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1246.770328][T14557] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1246.778296][T14557] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:48 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x20, r4, 0x701, 0x0, 0x0, {0x13, 0x0, 0xfffffffffffff000}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x5}]}]}, 0x20}}, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x202c00}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x24, r4, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x10, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x80800}, 0x20000180)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r1, r5, 0x0, 0x8000fffffffe)

01:38:49 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:49 executing program 0:
perf_event_open(&(0x7f0000000000)={0x1, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x809, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x2, 0x0, 0x1, 0xfffffffffffffffd, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x34000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1246.996094][T14843] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
01:38:49 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x300000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

[ 1247.249721][T14949] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
01:38:49 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x20000, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000180)={0x6, r4})
r5 = dup(r0)
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0xee72)
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x0, 0x0)
write$binfmt_elf64(r7, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0xcde0, 0xde2, 0x9, 0x8000, 0x8, 0x64730c3d559e5d50, 0x0, 0x9a1, 0x399, 0x40, 0x116, 0x2, 0x7, 0x38, 0x1, 0x10000, 0x0, 0x308}, [{0x3, 0x398, 0xffffffff, 0x2, 0xfffffffffffffffc, 0x1f, 0x1, 0x200000000}], "92d2af2389", [[], [], [], [], [], [], [], []]}, 0x87d)
sendfile(r5, r6, 0x0, 0x8000fffffffe)
socket$rds(0x15, 0x5, 0x0)
r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000a80)='/proc/self/net/pfkey\x00', 0x0, 0x0)
write$apparmor_current(r8, &(0x7f0000000ac0)=@hat={'changehat ', 0x1}, 0x1d)
fsetxattr$trusted_overlay_origin(0xffffffffffffffff, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x3)

01:38:49 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x400300, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:49 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r3, r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r7 = dup2(r5, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000000)={<r8=>0x0, @in6={{0xa, 0x4e20, 0x7f, @local, 0x200}}, 0x2, 0x1, 0x7, 0x9, 0x60}, &(0x7f0000000180)=0x98)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f00000001c0)=@sack_info={r8, 0x100000001, 0x81}, &(0x7f0000000200)=0xc)
ftruncate(r2, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r11 = dup2(r9, r10)
ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200)
ioctl$SCSI_IOCTL_PROBE_HOST(r11, 0x5385, &(0x7f0000000240)={0x1000, ""/4096})
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:49 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf303, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1247.649451][T15130] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1247.668756][T15130] CPU: 1 PID: 15130 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1247.676347][T15130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1247.686392][T15130] Call Trace:
[ 1247.689684][T15130]  dump_stack+0x172/0x1f0
[ 1247.694030][T15130]  handle_userfault.cold+0x41/0x5d
[ 1247.699144][T15130]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1247.705396][T15130]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1247.710678][T15130]  ? find_get_entry+0x535/0x880
[ 1247.715533][T15130]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1247.721249][T15130]  ? ___might_sleep+0x163/0x2c0
[ 1247.726130][T15130]  ? __kasan_check_read+0x11/0x20
[ 1247.731150][T15130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1247.737399][T15130]  ? find_lock_entry+0x1a7/0x560
[ 1247.742343][T15130]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1247.748503][T15130]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1247.753649][T15130]  ? shmem_unuse_inode+0x1010/0x1010
[ 1247.758935][T15130]  ? lock_downgrade+0x920/0x920
[ 1247.763787][T15130]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1247.770029][T15130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1247.776273][T15130]  shmem_fault+0x22a/0x7b0
[ 1247.780697][T15130]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1247.786679][T15130]  ? find_get_entry+0x880/0x880
[ 1247.791530][T15130]  ? pmd_val+0x85/0x100
[ 1247.795685][T15130]  __do_fault+0x111/0x540
[ 1247.800022][T15130]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1247.806268][T15130]  __handle_mm_fault+0x2dca/0x4040
[ 1247.811378][T15130]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1247.816917][T15130]  ? handle_mm_fault+0x292/0xa80
[ 1247.821907][T15130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1247.828151][T15130]  ? __kasan_check_read+0x11/0x20
[ 1247.833179][T15130]  handle_mm_fault+0x3b7/0xa80
[ 1247.837942][T15130]  __do_page_fault+0x536/0xdd0
[ 1247.842722][T15130]  do_page_fault+0x38/0x590
01:38:49 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:49 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r3 = dup2(r1, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$inet_dccp_int(r0, 0x21, 0x5, &(0x7f0000000240), &(0x7f00000002c0)=0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r4, r5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r6, r7)
open(&(0x7f0000000080)='./bus\x00', 0x10000, 0x10)
r8 = dup(r6)
r9 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x8, 0x228800)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r9, 0x800448d3, &(0x7f0000000180)={{0x9, 0x0, 0x8, 0x7cd, 0x8, 0x6a94}, 0x80, 0x4adeb29e, 0x8000, 0x80000000, 0xffffffffffff3025, "b4ab8f91aa97dad058ba9dc254f5a0fc59c3907dfc37eb5241eb483693b6e723a0e43cbd815b4a0270115eac8e2d5183b6522e95eb479fb4b14c1d50ae5ddb40ebba57946d7364896c2d29374500968106f3052cf7c9c6ef69f1e5ae955026e722965369fe30ece865dd5fdf8ddd54938815de5b2d1d064ad4600c1edc148221"})
r10 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r10, 0xee72)
sendfile(r8, r10, 0x0, 0x8000fffffffe)

[ 1247.847230][T15130]  page_fault+0x39/0x40
[ 1247.847241][T15130] RIP: 0033:0x4533a0
[ 1247.847258][T15130] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1247.855262][T15130] RSP: 002b:00007fbdc8f557a8 EFLAGS: 00010202
[ 1247.855273][T15130] RAX: 00007fbdc8f55850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1247.855281][T15130] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f55850
[ 1247.855289][T15130] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1247.855297][T15130] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f566d4
[ 1247.855306][T15130] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:50 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$IMDELTIMER(0xffffffffffffffff, 0x80044941, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='sit0\x00', 0x10)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c)
sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f00000004c0)={0x18, 0x0, 0x4, {0x5}}, 0x18)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0)

01:38:50 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xf0ffff, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:50 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x40000000000000, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_GET_DEBUGREGS(r4, 0x8080aea1, &(0x7f0000000240))
r5 = getpid()
syz_open_procfs(r5, &(0x7f0000000080)='oom_score_adj\x00')
r6 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x10000, 0x200800)
r7 = socket$pptp(0x18, 0x1, 0x2)
getsockopt$SO_COOKIE(r7, 0x1, 0x39, &(0x7f00000001c0), &(0x7f0000000200)=0x8)
ioctl$sock_inet_tcp_SIOCATMARK(r6, 0x8905, &(0x7f0000000040))
r8 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r8, 0xee72)
sendfile(r1, r8, 0x0, 0x8000fffffffe)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x701000, 0x0)

01:38:50 executing program 0:
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x200, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, &(0x7f0000000300)={0x5, &(0x7f00000002c0)=[0x5, 0x800, 0x1, 0x6, 0x2]})
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
dup(r1)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f0000000180)={'mangle\x00', 0xf9, "9b288bb5d0cb539ec9f05c965c18b0431e3346ddc04620f3b9da5aa0ac4a5884ab681833c4de842b9fc86a67eb7cffc9f87f32cf70ea914fab2aaeb2d6562aa587c9f2d7cb9b7003dcc2e863d79b533edd1a8ad5bf146779b81a4fd8d1ec9b990ba35a9a56924f40c95573ef3ebc297467521d702d2e13adb400ae906e8e13fe941b7114a2c08488db4ca025fd55dacb87078453940c92db2d5cc0d02e5f06d540dde79cb627a99e0e2da0fd25c489691d5b46d57e5e206bced78a30b360d43b22946f0e87e7e5c45918fc3a033b5a6f757be5b4c9d4616da9cd2a2c259e35d1350905df27b0ea6c452fbdf407dc2e1c460aab2537c66df537"}, &(0x7f0000000040)=0x11d)
syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0xc88, 0xa000)

01:38:50 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf403, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:50 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x400000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:50 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x7, 0x0, 0x0, 0x41c1, 0x0, 0x8, 0x4, 0x0, 0x0, 0xaac, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x6, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$VIDIOC_S_JPEGCOMP(r0, 0x408c563e, &(0x7f0000000180)={0x0, 0xf, 0x1d, "7755b3ee218d777605f89ee03d6c50ee3c4e178f21527a357e68a2395ab5c825c4ad32fe2e04d21ec97213ea715324c89638f3bf373cab4bc96dcd44", 0x17, "d945cf744bd545e461dc4da3de99696b6284cf4adf98e8b2de0f82397cfa429f57bae690183d96d62595978d0648ec918f810f393bd66946e0f6c61c", 0x80})
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

01:38:50 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)=<r3=>0x0)
r4 = getpgrp(0x0)
chmod(&(0x7f0000000080)='./bus\x00', 0x80)
setpriority(0x0, r4, 0x100)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r7 = dup2(r5, r6)
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000180)=<r8=>0x0)
setpriority(0x3, r8, 0xdad)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r9, r10)
kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r1, &(0x7f0000000040)={r7, r9, 0x81})
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:50 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1248.308057][T15471] QAT: Invalid ioctl
[ 1248.326590][T15470] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1248.331837][T15470] CPU: 0 PID: 15470 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1248.339414][T15470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1248.349463][T15470] Call Trace:
[ 1248.352806][T15470]  dump_stack+0x172/0x1f0
[ 1248.357142][T15470]  handle_userfault.cold+0x41/0x5d
[ 1248.362266][T15470]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1248.368551][T15470]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1248.373852][T15470]  ? find_get_entry+0x535/0x880
[ 1248.378714][T15470]  ? __kasan_check_read+0x11/0x20
[ 1248.383746][T15470]  ? mark_lock+0xc2/0x1220
[ 1248.388165][T15470]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1248.393907][T15470]  ? __kasan_check_read+0x11/0x20
[ 1248.398932][T15470]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1248.405177][T15470]  ? find_lock_entry+0x1a7/0x560
[ 1248.410110][T15470]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1248.416266][T15470]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1248.421430][T15470]  ? shmem_unuse_inode+0x1010/0x1010
[ 1248.426717][T15470]  ? lock_downgrade+0x920/0x920
[ 1248.431562][T15470]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1248.437800][T15470]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1248.444048][T15470]  shmem_fault+0x22a/0x7b0
[ 1248.448462][T15470]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1248.454458][T15470]  ? find_get_entry+0x880/0x880
[ 1248.459307][T15470]  ? pmd_val+0x85/0x100
[ 1248.463471][T15470]  __do_fault+0x111/0x540
[ 1248.467802][T15470]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1248.474050][T15470]  __handle_mm_fault+0x2dca/0x4040
[ 1248.479184][T15470]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1248.484745][T15470]  ? handle_mm_fault+0x292/0xa80
[ 1248.489689][T15470]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1248.495938][T15470]  ? __kasan_check_read+0x11/0x20
[ 1248.500964][T15470]  handle_mm_fault+0x3b7/0xa80
01:38:50 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x400, 0x0)
fsconfig$FSCONFIG_SET_PATH(r2, 0x3, &(0x7f0000000000)='/dev/urandom\x00', &(0x7f0000000040)='./bus\x00', r3)
r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r5 = dup(r4)
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0xee72)
sendfile(r5, r6, 0x0, 0x8000fffffffe)

[ 1248.505739][T15470]  __do_page_fault+0x536/0xdd0
[ 1248.510503][T15470]  do_page_fault+0x38/0x590
[ 1248.515007][T15470]  page_fault+0x39/0x40
[ 1248.519281][T15470] RIP: 0033:0x4533a0
[ 1248.523185][T15470] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1248.542785][T15470] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1248.548845][T15470] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1248.556812][T15470] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1248.564780][T15470] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1248.572743][T15470] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1248.580728][T15470] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1248.630692][T15471] QAT: Invalid ioctl
01:38:50 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
seccomp(0xcc05bf1e0c3bd76e, 0x1, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0xfffffffffffffffd, 0x16}]})
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:50 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf803, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1248.899270][T15470] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1248.907092][T15470] CPU: 1 PID: 15470 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1248.914658][T15470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1248.924731][T15470] Call Trace:
[ 1248.928027][T15470]  dump_stack+0x172/0x1f0
[ 1248.932370][T15470]  handle_userfault.cold+0x41/0x5d
[ 1248.937502][T15470]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1248.943757][T15470]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1248.949052][T15470]  ? find_get_entry+0x535/0x880
[ 1248.953912][T15470]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1248.959663][T15470]  ? ___might_sleep+0x163/0x2c0
[ 1248.964532][T15470]  ? __kasan_check_read+0x11/0x20
[ 1248.969559][T15470]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1248.975809][T15470]  ? find_lock_entry+0x1a7/0x560
[ 1248.980744][T15470]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1248.986904][T15470]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1248.992030][T15470]  ? shmem_unuse_inode+0x1010/0x1010
[ 1248.997318][T15470]  ? lock_downgrade+0x920/0x920
[ 1249.002166][T15470]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1249.008407][T15470]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1249.014656][T15470]  shmem_fault+0x22a/0x7b0
[ 1249.019083][T15470]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1249.025156][T15470]  ? find_get_entry+0x880/0x880
[ 1249.030008][T15470]  ? pmd_val+0x85/0x100
[ 1249.034168][T15470]  __do_fault+0x111/0x540
[ 1249.038503][T15470]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1249.044749][T15470]  __handle_mm_fault+0x2dca/0x4040
[ 1249.049872][T15470]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1249.055409][T15470]  ? handle_mm_fault+0x292/0xa80
[ 1249.060349][T15470]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1249.066587][T15470]  ? __kasan_check_read+0x11/0x20
[ 1249.071613][T15470]  handle_mm_fault+0x3b7/0xa80
[ 1249.076379][T15470]  __do_page_fault+0x536/0xdd0
[ 1249.081139][T15470]  do_page_fault+0x38/0x590
[ 1249.081159][T15470]  page_fault+0x39/0x40
[ 1249.081176][T15470] RIP: 0033:0x4533a0
[ 1249.093688][T15470] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1249.113394][T15470] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1249.119459][T15470] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1249.127428][T15470] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1249.135395][T15470] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1249.143372][T15470] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1249.151344][T15470] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:51 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$IMDELTIMER(0xffffffffffffffff, 0x80044941, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='sit0\x00', 0x10)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c)
sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f00000004c0)={0x18, 0x0, 0x4, {0x5}}, 0x18)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0)

01:38:51 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x2000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:51 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x3, 0x4000)
ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000180)={0x7, &(0x7f0000000080)=[{0x200, 0x8, 0x8001, 0xfff}, {0x7, 0x1, 0xfffffffffffffffd, 0x3}, {0xffd, 0x0, 0x101, 0x7}, {0x10000, 0x9, 0x7, 0x80000001}, {0x81, 0x100000000, 0x6, 0x5}, {0x3f, 0x7f, 0x7, 0x8}, {0x8, 0x2, 0x0, 0x3f}]})
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

01:38:51 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080))
read(r0, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r0)
fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f0000000080)={'L-', 0x81}, 0x28, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r4 = syz_open_dev$cec(&(0x7f0000000280)='/dev/cec#\x00', 0x1, 0x2)
setsockopt$CAIFSO_LINK_SELECT(r4, 0x116, 0x7f, &(0x7f00000002c0), 0x4)
ftruncate(r3, 0xee72)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000000)={0x8001, 0x6})
ioctl$TCGETS2(r3, 0x802c542a, &(0x7f0000000180))
sendfile(r2, r3, 0x0, 0x8000fffffffe)

01:38:51 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x500000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:51 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:51 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x4, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x2, 0x80080)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={0xffffffffffffffff, 0xd, 0x0, 0x1000, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x20)
ioctl$KVM_S390_UCAS_MAP(r3, 0x4018ae50, &(0x7f0000000040)={0x0, 0x8, 0x100000001})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r6 = dup2(r4, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$FS_IOC_SETVERSION(r6, 0x40087602, &(0x7f0000000200)=0x3)
io_setup(0x8001, &(0x7f0000000240)=<r7=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r10 = dup2(r8, r9)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r13 = dup2(r11, r12)
ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200)
r14 = openat(r13, &(0x7f0000000400)='./bus/file0\x00', 0x8100, 0x9)
r15 = userfaultfd(0x0)
ioctl$UFFDIO_API(r15, 0xc018aa3f, &(0x7f0000000080))
read(r15, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r15, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r15)
r16 = syz_open_dev$evdev(&(0x7f0000000280)='/dev/input/event#\x00', 0x5, 0x101000)
io_submit(r7, 0x3, &(0x7f00000005c0)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x4, r2, &(0x7f0000000280), 0x1ac, 0x1, 0x0, 0x2}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x6, 0x7fff, r10, &(0x7f0000000600)="8145db788fdf54be39437b743b22d85ae8aadf6ed6c9a181f7715fc0e94dc066f8c535f140b7b1211adc8ebdf1344e956cbbe04ececf96c4eeda9d1e32eeb739e73368a1ac93ed7a14ef5c10f1c7c9fd3098d56acf32262cdfd8925a658a37b6c7587540c5e882398a5827c6d3890ebc5d4d78be4161660e631d27fcc7caf8faa2528ead27e659a1b678c42060efdf04fcf07285137cba980dd2ad75904dd1577d9a4fdfcfbe4ab034ce92a67e223511a9128003c054cfe4037a1330088fa7552620dca2ece99d6129de4dc1765f9300dfd64b01f83749521cb1ab1850d688f40132c720c0248cdd280d8145bd9058528825bd4fff23bb80a435ffe1349092de8d04d425271fe7c1afd71bfd21e4a9e25653380c7dcbc457e72a9f28ad554037ed521345f62aae3b5ae9db5adb38448f20661aad1765c708e303656c3dfaa18b28a76a6e88720224cdcd9c1d6d3d58d5498c32d379560b83c2952bb3d26b3b589072378c4856a9e1d1dd3056d4349b15cd", 0xea, 0x2, 0x0, 0x0, r14}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x7, r16, &(0x7f0000000480)="194b3e86be695da30f55e2a05bcba0eea185d7c4a95eeddedc61cc5eeec6298da34ff2651d63764ea6c163b7d1f8a598499e3f35a262cfc9a34a02eb7300e8dbb2e217823328841e6a68ad689113dcd40de7e7eba3e3053e09c5dc23568e9bdabb77ddffd7827eca0a49d8f4db812f378f4f1b8627f2f59be9338803cdfecddbb9087890fe873749f3d7d10d75e70e4a5a29b7acb88e1ac016166e1bc31cef7a19d0327edd4f1ac5a95e17dcac4cbf797e8ee946217790c2ae3a46b9c4cd3a0e93aface26d133199c9c24aaed1", 0xcd, 0x719, 0x0, 0x1}])

01:38:51 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x3000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:51 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x1, @empty}}, 0x1e)
r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:38:51 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x19ea7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x4000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:52 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r1, 0x59)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
arch_prctl$ARCH_GET_CPUID(0x1011)

01:38:52 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r2, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r3, &(0x7f0000000140), 0x332, 0x0)

01:38:52 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$VIDIOC_G_MODULATOR(r5, 0xc0445636, &(0x7f0000000000)={0x2, "de1170c75e77b6ffd2cdb92d4088d465cc7bcb52663ff44638f209e7f52247b6", 0x40, 0xf8, 0x5, 0x4, 0x3})

01:38:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x5000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:52 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
getsockname$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @empty}, &(0x7f0000000040)=0x10)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
io_uring_register$IORING_UNREGISTER_BUFFERS(r1, 0x1, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
r3 = dup2(0xffffffffffffffff, r2)
ioctl$TIOCSCTTY(r3, 0x540e, 0x80000001)

01:38:52 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:52 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x600000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

[ 1250.663236][T16350] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1250.675799][T16350] CPU: 1 PID: 16350 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1250.683367][T16350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1250.693417][T16350] Call Trace:
[ 1250.696718][T16350]  dump_stack+0x172/0x1f0
[ 1250.701068][T16350]  handle_userfault.cold+0x41/0x5d
[ 1250.706184][T16350]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1250.712437][T16350]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1250.717727][T16350]  ? find_get_entry+0x535/0x880
[ 1250.722678][T16350]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1250.728400][T16350]  ? ___might_sleep+0x163/0x2c0
[ 1250.733254][T16350]  ? __kasan_check_read+0x11/0x20
[ 1250.738284][T16350]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1250.744527][T16350]  ? find_lock_entry+0x1a7/0x560
[ 1250.749458][T16350]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1250.755612][T16350]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1250.755640][T16350]  ? shmem_unuse_inode+0x1010/0x1010
[ 1250.755657][T16350]  ? lock_downgrade+0x920/0x920
[ 1250.755675][T16350]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1250.755692][T16350]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1250.766146][T16350]  shmem_fault+0x22a/0x7b0
[ 1250.766168][T16350]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1250.766189][T16350]  ? find_get_entry+0x880/0x880
[ 1250.766206][T16350]  ? pmd_val+0x85/0x100
[ 1250.766224][T16350]  __do_fault+0x111/0x540
[ 1250.766243][T16350]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1250.813379][T16350]  __handle_mm_fault+0x2dca/0x4040
[ 1250.818499][T16350]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1250.824050][T16350]  ? handle_mm_fault+0x292/0xa80
[ 1250.829002][T16350]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1250.835241][T16350]  ? __kasan_check_read+0x11/0x20
[ 1250.835261][T16350]  handle_mm_fault+0x3b7/0xa80
[ 1250.835280][T16350]  __do_page_fault+0x536/0xdd0
[ 1250.835304][T16350]  do_page_fault+0x38/0x590
[ 1250.835323][T16350]  page_fault+0x39/0x40
[ 1250.858422][T16350] RIP: 0033:0x4533a0
01:38:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x6000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:52 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000180)=<r3=>0x0)
r4 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r6=>0x0)
keyctl$chown(0x4, r4, r5, r6)
chown(&(0x7f0000000000)='./bus\x00', r3, r6)

[ 1250.862316][T16350] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1250.881912][T16350] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1250.881924][T16350] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1250.881933][T16350] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1250.881941][T16350] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1250.881949][T16350] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1250.881957][T16350] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:53 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:53 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = socket$inet6_dccp(0xa, 0x6, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
r7 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r9=>0x0)
keyctl$chown(0x4, r7, r8, r9)
r10 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r11=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r12=>0x0)
keyctl$chown(0x4, r10, r11, r12)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
r14 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r15 = dup2(r13, r14)
ioctl$PERF_EVENT_IOC_ENABLE(r15, 0x8912, 0x400200)
getsockopt$inet6_IPV6_IPSEC_POLICY(r15, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0}}, {{@in6=@initdev}, 0x0, @in=@remote}}, &(0x7f0000000400)=0xe8)
r17 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r18=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r19=>0x0)
keyctl$chown(0x4, r17, r18, r19)
r20 = geteuid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r21=>0xffffffffffffffff})
r22 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r23 = dup2(r21, r22)
ioctl$PERF_EVENT_IOC_ENABLE(r23, 0x8912, 0x400200)
getsockopt$sock_cred(r23, 0x1, 0x11, &(0x7f0000000440)={0x0, <r24=>0x0}, &(0x7f0000000480)=0xc)
r25 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r26=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r27=>0x0)
keyctl$chown(0x4, r25, r26, r27)
r28 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r29=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r30=>0x0)
keyctl$chown(0x4, r28, r29, r30)
r31 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r32=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r33=>0x0)
keyctl$chown(0x4, r31, r32, r33)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000004c0)={0x0, 0x0, <r34=>0x0}, &(0x7f0000000500)=0xc)
r35 = getgid()
r36 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r37=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r38=>0x0)
keyctl$chown(0x4, r36, r37, r38)
r39 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r40=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r41=>0x0)
keyctl$chown(0x4, r39, r40, r41)
r42 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r43=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r44=>0x0)
keyctl$chown(0x4, r42, r43, r44)
r45 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r46=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r47=>0x0)
keyctl$chown(0x4, r45, r46, r47)
r48 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r49=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r50=>0x0)
keyctl$chown(0x4, r48, r49, r50)
getgroups(0x8, &(0x7f0000000540)=[r38, 0xee01, 0xee01, <r51=>r41, r44, r47, 0xee01, r50])
r52 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r53=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r54=>0x0)
keyctl$chown(0x4, r52, r53, r54)
r55 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r56=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r57=>0x0)
keyctl$chown(0x4, r55, r56, r57)
r58 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r59=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r60=>0x0)
keyctl$chown(0x4, r58, r59, r60)
r61 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r62=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r63=>0x0)
keyctl$chown(0x4, r61, r62, r63)
r64 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r65=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r66=>0x0)
keyctl$chown(0x4, r64, r65, r66)
getgroups(0x7, &(0x7f0000000580)=[r54, r57, r60, 0xee00, r63, r66, <r67=>0xffffffffffffffff])
fsetxattr$system_posix_acl(r2, &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f00000005c0)={{}, {0x1, 0x2}, [{0x2, 0x4, r6}, {0x2, 0x4, r8}, {0x2, 0x4, r11}, {0x2, 0x8, r16}, {0x2, 0x7, r18}, {0x2, 0x2, r20}, {0x2, 0x4, r24}], {0x4, 0x3}, [{0x8, 0x2, r27}, {0x8, 0x2, r30}, {0x8, 0x2, r33}, {0x8, 0x4, r34}, {0x8, 0x2, r35}, {0x8, 0x0, r51}, {0x8, 0xbb2f44df4d56a677, r67}], {0x10, 0x1}, {0x20, 0x2}}, 0x94, 0x2)
r68 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r68, 0xee72)
syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r69=>0xffffffffffffffff})
r70 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r69, r70)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r70, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e22, @local}, @in6={0xa, 0x4e20, 0x2, @loopback}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, @in6={0xa, 0x4e24, 0x5, @loopback, 0x5}, @in6={0xa, 0x4e20, 0x1000, @mcast1, 0xb48}, @in6={0xa, 0x4e20, 0x10001, @local, 0x7}, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e21, @empty}, @in6={0xa, 0x4e24, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x64ad7b5c}], 0xcc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r71=>0xffffffffffffffff})
r72 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r73 = dup2(r71, r72)
ioctl$PERF_EVENT_IOC_ENABLE(r73, 0x8912, 0x400200)
ioctl$BLKIOOPT(r73, 0x1279, &(0x7f0000000040))
sendfile(r1, r68, 0x0, 0x8000fffffffe)

01:38:53 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r2, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r3, &(0x7f0000000140), 0x332, 0x0)

01:38:53 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x8000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:53 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
open(&(0x7f0000000000)='./bus\x00', 0x420800, 0x109)
r3 = userfaultfd(0x0)
r4 = userfaultfd(0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000080))
read(r4, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r4)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000180))
read(r3, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r3)
ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000040)=ANY=[@ANYBLOB="de0000000000000000000000f80e020001000000810000431f850f127776ed09000100000000000000300c00000000000000ffffffffffffff01000100000000000000000000000100"/88])

01:38:53 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x700000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:53 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r2, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r3, &(0x7f0000000140), 0x332, 0x0)

[ 1251.474852][T16895] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1251.490880][T16895] CPU: 1 PID: 16895 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1251.498652][T16895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1251.508704][T16895] Call Trace:
[ 1251.512002][T16895]  dump_stack+0x172/0x1f0
[ 1251.516341][T16895]  handle_userfault.cold+0x41/0x5d
[ 1251.516361][T16895]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1251.516386][T16895]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1251.532965][T16895]  ? find_get_entry+0x535/0x880
[ 1251.532984][T16895]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1251.533001][T16895]  ? ___might_sleep+0x163/0x2c0
[ 1251.548378][T16895]  ? __kasan_check_read+0x11/0x20
[ 1251.553408][T16895]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1251.559668][T16895]  ? find_lock_entry+0x1a7/0x560
[ 1251.564596][T16895]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
01:38:53 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x9000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:53 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r1, r2)
fremovexattr(r2, &(0x7f0000000000)=@random={'user.', '\x00'})
r3 = dup(r0)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r4, 0xee72)
sendfile(r3, r4, 0x0, 0x8000fffffffe)

[ 1251.570760][T16895]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1251.575897][T16895]  ? shmem_unuse_inode+0x1010/0x1010
[ 1251.581204][T16895]  ? lock_downgrade+0x920/0x920
[ 1251.586065][T16895]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1251.586080][T16895]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1251.586100][T16895]  shmem_fault+0x22a/0x7b0
[ 1251.586120][T16895]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1251.586138][T16895]  ? find_get_entry+0x880/0x880
[ 1251.602968][T16895]  ? pmd_val+0x85/0x100
[ 1251.602984][T16895]  __do_fault+0x111/0x540
[ 1251.603002][T16895]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1251.628553][T16895]  __handle_mm_fault+0x2dca/0x4040
[ 1251.633762][T16895]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1251.639304][T16895]  ? handle_mm_fault+0x292/0xa80
[ 1251.644252][T16895]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1251.650494][T16895]  ? __kasan_check_read+0x11/0x20
[ 1251.655517][T16895]  handle_mm_fault+0x3b7/0xa80
[ 1251.660301][T16895]  __do_page_fault+0x536/0xdd0
[ 1251.665074][T16895]  do_page_fault+0x38/0x590
[ 1251.669573][T16895]  page_fault+0x39/0x40
[ 1251.669583][T16895] RIP: 0033:0x4533a0
[ 1251.669601][T16895] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1251.677600][T16895] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1251.677616][T16895] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1251.677632][T16895] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
01:38:53 executing program 0:
r0 = getpgrp(0x0)
setpriority(0x0, r0, 0x100)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x400, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x22e, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x4}, 0x0, 0x0, 0x2000000000000}, r0, 0xfffffffffffffffd, 0xffffffffffffffff, 0xf71839137a9c6eee)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x1010c2, 0x0)
ftruncate(r3, 0xee72)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, r4, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x400}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x5020}, 0x4001)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.memory_pressure\x00', 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00')
sendmsg$TIPC_CMD_GET_LINKS(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)={0x24, r7, 0x121, 0x0, 0xfffffffffffffffc, {{0x1, 0xf000}, 0x0, 0x4, 0x0, {0x6}}}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r5, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x201}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, r7, 0x100, 0x70bd2d, 0x25dfdbfd, {{}, 0x0, 0x410c, 0x0, {0xc, 0x14, 'syz1\x00'}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0xc00e885)
r8 = getpgrp(0xffffffffffffffff)
r9 = syz_open_procfs(r8, &(0x7f0000000000)='net/ip_vs\x00')
fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000440))
sendfile(r2, r3, 0x0, 0x8000fffffffe)
flock(r9, 0x6)

[ 1251.719220][T16895] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1251.727187][T16895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1251.735148][T16895] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:53 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x993a, 0xff, 0x0, 0x7}, {0x1, 0x100, 0x100000000, 0x1}, {0x3, 0x0, 0x7, 0x3ff}, {0x101, 0x7c79, 0x4, 0xffffffff}]}, 0x10)
r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:38:53 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r2, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r3, &(0x7f0000000140), 0x332, 0x0)

01:38:53 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:53 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000000))
syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x4, 0x204000)

[ 1251.909612][T17213] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1251.932855][T17213] CPU: 1 PID: 17213 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1251.934207][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1251.940513][T17213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1251.940520][T17213] Call Trace:
[ 1251.940549][T17213]  dump_stack+0x172/0x1f0
[ 1251.946304][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1251.956308][T17213]  handle_userfault.cold+0x41/0x5d
[ 1251.956326][T17213]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1251.956350][T17213]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1251.959684][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1251.963920][T17213]  ? find_get_entry+0x535/0x880
[ 1251.969646][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1251.974703][T17213]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1251.974722][T17213]  ? __kasan_check_read+0x11/0x20
[ 1251.980993][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1251.986191][T17213]  ? __kasan_check_read+0x11/0x20
[ 1251.986204][T17213]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1251.986224][T17213]  ? find_lock_entry+0x1a7/0x560
[ 1251.991933][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1251.996744][T17213]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1251.996761][T17213]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1251.996789][T17213]  ? shmem_unuse_inode+0x1010/0x1010
[ 1252.002537][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1252.008169][T17213]  ? lock_downgrade+0x920/0x920
[ 1252.008183][T17213]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1252.008200][T17213]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1252.013215][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1252.018892][T17213]  shmem_fault+0x22a/0x7b0
[ 1252.018914][T17213]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1252.023961][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1252.030124][T17213]  ? find_get_entry+0x880/0x880
[ 1252.030146][T17213]  ? pmd_val+0x85/0x100
[ 1252.035118][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1252.040761][T17213]  __do_fault+0x111/0x540
[ 1252.062939][T17213]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1252.062961][T17213]  __handle_mm_fault+0x2dca/0x4040
[ 1252.096317][T17213]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1252.096332][T17213]  ? handle_mm_fault+0x292/0xa80
[ 1252.096355][T17213]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1252.149160][T17213]  ? __kasan_check_read+0x11/0x20
[ 1252.154193][T17213]  handle_mm_fault+0x3b7/0xa80
[ 1252.158966][T17213]  __do_page_fault+0x536/0xdd0
[ 1252.163741][T17213]  do_page_fault+0x38/0x590
[ 1252.168252][T17213]  page_fault+0x39/0x40
[ 1252.172398][T17213] RIP: 0033:0x4533a0
01:38:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xa000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1252.176287][T17213] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1252.195881][T17213] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1252.201939][T17213] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1252.209903][T17213] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1252.217865][T17213] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1252.225833][T17213] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
01:38:54 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x900000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

[ 1252.233800][T17213] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:54 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r2, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x332, 0x0)

01:38:54 executing program 1:
r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fremovexattr(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7330cd68a3421e"])
syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x6, 0x40002)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

01:38:54 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000000)=0x3ff)

[ 1252.471015][T17440] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1252.483371][T17440] CPU: 1 PID: 17440 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1252.490927][T17440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1252.500975][T17440] Call Trace:
[ 1252.504269][T17440]  dump_stack+0x172/0x1f0
[ 1252.508610][T17440]  handle_userfault.cold+0x41/0x5d
[ 1252.513723][T17440]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1252.519978][T17440]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1252.525263][T17440]  ? find_get_entry+0x535/0x880
[ 1252.530121][T17440]  ? __kasan_check_read+0x11/0x20
[ 1252.535141][T17440]  ? mark_lock+0xc2/0x1220
[ 1252.539555][T17440]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1252.545307][T17440]  ? __kasan_check_read+0x11/0x20
[ 1252.550338][T17440]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1252.556595][T17440]  ? find_lock_entry+0x1a7/0x560
[ 1252.561527][T17440]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1252.567688][T17440]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1252.572808][T17440]  ? shmem_unuse_inode+0x1010/0x1010
[ 1252.578107][T17440]  ? lock_downgrade+0x920/0x920
[ 1252.582960][T17440]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1252.589227][T17440]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1252.595472][T17440]  shmem_fault+0x22a/0x7b0
[ 1252.599894][T17440]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1252.605874][T17440]  ? find_get_entry+0x880/0x880
[ 1252.610714][T17440]  ? pmd_val+0x85/0x100
[ 1252.610732][T17440]  __do_fault+0x111/0x540
[ 1252.610749][T17440]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1252.625448][T17440]  __handle_mm_fault+0x2dca/0x4040
[ 1252.630557][T17440]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1252.630577][T17440]  ? handle_mm_fault+0x292/0xa80
[ 1252.641115][T17440]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1252.647351][T17440]  ? __kasan_check_read+0x11/0x20
[ 1252.647371][T17440]  handle_mm_fault+0x3b7/0xa80
[ 1252.647392][T17440]  __do_page_fault+0x536/0xdd0
[ 1252.647415][T17440]  do_page_fault+0x38/0x590
[ 1252.647434][T17440]  page_fault+0x39/0x40
[ 1252.670548][T17440] RIP: 0033:0x4533a0
[ 1252.674432][T17440] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1252.694019][T17440] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1252.694030][T17440] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1252.694038][T17440] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
01:38:54 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r3 = dup2(r1, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r4 = dup(r0)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r6, r7)
r8 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0)
dup3(r7, r8, 0x80000)
sendfile(r4, r5, 0x0, 0x8000fffffffe)
openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x80000, 0x0)

01:38:54 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:54 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xb000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:54 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r2, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x332, 0x0)

[ 1252.694046][T17440] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1252.694054][T17440] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1252.694062][T17440] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:54 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r2, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x332, 0x0)

01:38:54 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r8 = dup2(r6, r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
setsockopt$inet6_tcp_int(r8, 0x6, 0x17, &(0x7f0000000080)=0x9, 0x4)
setsockopt$sock_timeval(r5, 0x1, 0x43, &(0x7f0000000040)={0x77359400}, 0x10)
r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r10 = dup2(r2, r9)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200)
write$cgroup_type(r10, &(0x7f0000000000)='threaded\x00', 0x9)
r11 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r11, 0xee72)
sendfile(r1, r11, 0x0, 0x8000fffffffe)

01:38:54 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x2000000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:55 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:38:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xc000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:55 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x400}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1253.033285][T17600] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1253.039137][T17600] CPU: 1 PID: 17600 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1253.046687][T17600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1253.056738][T17600] Call Trace:
[ 1253.060042][T17600]  dump_stack+0x172/0x1f0
[ 1253.064402][T17600]  handle_userfault.cold+0x41/0x5d
[ 1253.069512][T17600]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1253.075765][T17600]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
01:38:55 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1253.081053][T17600]  ? find_get_entry+0x535/0x880
[ 1253.085912][T17600]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1253.091622][T17600]  ? ___might_sleep+0x163/0x2c0
[ 1253.091662][T17600]  ? __kasan_check_read+0x11/0x20
[ 1253.101498][T17600]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1253.107746][T17600]  ? find_lock_entry+0x1a7/0x560
[ 1253.112685][T17600]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1253.118845][T17600]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1253.123976][T17600]  ? shmem_unuse_inode+0x1010/0x1010
[ 1253.129270][T17600]  ? lock_downgrade+0x920/0x920
[ 1253.134125][T17600]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1253.134140][T17600]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1253.134160][T17600]  shmem_fault+0x22a/0x7b0
[ 1253.134180][T17600]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1253.134198][T17600]  ? find_get_entry+0x880/0x880
[ 1253.134215][T17600]  ? pmd_val+0x85/0x100
[ 1253.134231][T17600]  __do_fault+0x111/0x540
[ 1253.134245][T17600]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1253.134264][T17600]  __handle_mm_fault+0x2dca/0x4040
[ 1253.134282][T17600]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1253.134299][T17600]  ? handle_mm_fault+0x292/0xa80
[ 1253.146764][T17600]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1253.146785][T17600]  ? __kasan_check_read+0x11/0x20
[ 1253.187259][T17600]  handle_mm_fault+0x3b7/0xa80
[ 1253.187304][T17600]  __do_page_fault+0x536/0xdd0
[ 1253.187329][T17600]  do_page_fault+0x38/0x590
[ 1253.187362][T17600]  page_fault+0x39/0x40
[ 1253.187371][T17600] RIP: 0033:0x4533a0
[ 1253.187388][T17600] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1253.208259][T17600] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1253.208270][T17600] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1253.208279][T17600] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1253.208286][T17600] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1253.208294][T17600] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1253.208302][T17600] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:55 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x410401, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r8 = dup2(r6, r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
r9 = socket(0x10, 0x0, 0x0)
r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r10, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=<r11=>0x0], &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r10, 0x84, 0x70, &(0x7f0000000080)={r11, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
socket$isdn_base(0x22, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r9, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r11, 0x80, 0x6}, 0xc)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r8, 0x84, 0x70, &(0x7f0000000180)={r11, @in6={{0xa, 0x4e20, 0x401, @local, 0x9}}, [0xba, 0x80, 0x200000000000, 0x80000000, 0x2, 0x2, 0x2, 0xffffffffffffff3c, 0xab7, 0x7f, 0x3, 0x7, 0xdfa, 0x80, 0x3]}, &(0x7f0000000040)=0x100)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:38:55 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x1)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000a56000)=0x1, 0x4)
listen(r5, 0x0)
ioctl$int_in(r5, 0x5452, &(0x7f0000000080)=0x7ff)
shutdown(r5, 0x0)
poll(&(0x7f0000000000)=[{r5}], 0x1, 0x0)
r6 = dup2(r3, r4)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x80, 0x0)
ioctl$sock_SIOCADDDLCI(r7, 0x8980, &(0x7f0000000300)={'teql0\x00', 0x9})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
write$char_usb(r6, &(0x7f0000000000)="654c3a0eff214412a399c47d6b343c7ff6f177bbeab100dfd284fd5fb0ccd20b0076c8b259a058b53e259506412c6815ebbdcc62e06d231dfea23978e88c566ecc7ec714cf3fdaabb8111a1545e154ff25a5026cc163b0832d025530", 0x5c)
r8 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r8, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r9, 0x10, 0x0, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
sendmsg$IPVS_CMD_GET_DEST(r6, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20008}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x64, r9, 0x2, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x50, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x100}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20004842}, 0x4)

01:38:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xe000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:55 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:38:55 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x3f00000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:55 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x9000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:55 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000004, 0x118, r2, 0x0)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:55 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
getsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
ftruncate(r2, 0xee72)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x4000, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x4}, 0x68)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:55 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xf000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1253.900633][T18105] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1253.913689][T18105] CPU: 0 PID: 18105 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1253.921243][T18105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1253.931292][T18105] Call Trace:
[ 1253.934584][T18105]  dump_stack+0x172/0x1f0
[ 1253.939037][T18105]  handle_userfault.cold+0x41/0x5d
[ 1253.944150][T18105]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1253.950398][T18105]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1253.955680][T18105]  ? find_get_entry+0x535/0x880
[ 1253.960529][T18105]  ? __kasan_check_read+0x11/0x20
[ 1253.965558][T18105]  ? mark_lock+0xc2/0x1220
[ 1253.969997][T18105]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1253.975722][T18105]  ? __kasan_check_read+0x11/0x20
[ 1253.980741][T18105]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1253.987008][T18105]  ? find_lock_entry+0x1a7/0x560
[ 1253.992029][T18105]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
01:38:56 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1253.998206][T18105]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1254.003329][T18105]  ? shmem_unuse_inode+0x1010/0x1010
[ 1254.008613][T18105]  ? lock_downgrade+0x920/0x920
[ 1254.013453][T18105]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1254.019693][T18105]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1254.025996][T18105]  shmem_fault+0x22a/0x7b0
[ 1254.030430][T18105]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1254.036397][T18105]  ? find_get_entry+0x880/0x880
[ 1254.041225][T18105]  ? pmd_val+0x85/0x100
[ 1254.045356][T18105]  __do_fault+0x111/0x540
[ 1254.049677][T18105]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1254.055893][T18105]  __handle_mm_fault+0x2dca/0x4040
[ 1254.060994][T18105]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1254.066514][T18105]  ? handle_mm_fault+0x292/0xa80
[ 1254.071431][T18105]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1254.077646][T18105]  ? __kasan_check_read+0x11/0x20
[ 1254.082653][T18105]  handle_mm_fault+0x3b7/0xa80
[ 1254.087435][T18105]  __do_page_fault+0x536/0xdd0
[ 1254.092185][T18105]  do_page_fault+0x38/0x590
[ 1254.096682][T18105]  page_fault+0x39/0x40
[ 1254.100820][T18105] RIP: 0033:0x4533a0
[ 1254.104709][T18105] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1254.124285][T18105] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1254.130341][T18105] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1254.138297][T18105] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1254.146245][T18105] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1254.154236][T18105] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1254.162204][T18105] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:56 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:38:56 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:56 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x4000000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:56 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r3, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070")
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00')
getdents64(r4, &(0x7f0000000500)=""/175, 0x5d)
exit(0x0)
getdents64(r4, &(0x7f0000000080)=""/124, 0x7c)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r7 = dup2(r5, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
ioctl$BLKBSZSET(r7, 0x40081271, &(0x7f0000000000)=0x4)
ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0x1)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:56 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x10000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:56 executing program 1:
r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
dup3(r4, r0, 0x80000)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000040)=0x4, 0x4)
r5 = dup(r1)
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0xee72)
sendfile(r5, r6, 0x0, 0x8000fffffffe)

[ 1254.654548][T18431] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1254.661475][T18431] CPU: 1 PID: 18431 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1254.669024][T18431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1254.679110][T18431] Call Trace:
[ 1254.682405][T18431]  dump_stack+0x172/0x1f0
[ 1254.686743][T18431]  handle_userfault.cold+0x41/0x5d
[ 1254.691852][T18431]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1254.698104][T18431]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1254.703386][T18431]  ? find_get_entry+0x535/0x880
[ 1254.708233][T18431]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1254.713963][T18431]  ? ___might_sleep+0x163/0x2c0
[ 1254.718822][T18431]  ? __kasan_check_read+0x11/0x20
[ 1254.723844][T18431]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1254.730142][T18431]  ? find_lock_entry+0x1a7/0x560
[ 1254.735075][T18431]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1254.741236][T18431]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1254.746368][T18431]  ? shmem_unuse_inode+0x1010/0x1010
[ 1254.751653][T18431]  ? lock_downgrade+0x920/0x920
[ 1254.756525][T18431]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1254.762775][T18431]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1254.769038][T18431]  shmem_fault+0x22a/0x7b0
[ 1254.773461][T18431]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1254.779443][T18431]  ? find_get_entry+0x880/0x880
[ 1254.779462][T18431]  ? pmd_val+0x85/0x100
[ 1254.779482][T18431]  __do_fault+0x111/0x540
[ 1254.792766][T18431]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1254.799011][T18431]  __handle_mm_fault+0x2dca/0x4040
01:38:56 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x11000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:56 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x80000, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:56 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:38:56 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xe000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1254.804132][T18431]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1254.809688][T18431]  ? handle_mm_fault+0x292/0xa80
[ 1254.814646][T18431]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1254.814683][T18431]  ? __kasan_check_read+0x11/0x20
[ 1254.814700][T18431]  handle_mm_fault+0x3b7/0xa80
[ 1254.814720][T18431]  __do_page_fault+0x536/0xdd0
[ 1254.814740][T18431]  do_page_fault+0x38/0x590
[ 1254.839966][T18431]  page_fault+0x39/0x40
[ 1254.839977][T18431] RIP: 0033:0x4533a0
[ 1254.839994][T18431] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1254.867583][T18431] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1254.867595][T18431] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1254.867603][T18431] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1254.867610][T18431] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1254.867617][T18431] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1254.867625][T18431] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:57 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7, 0x800000000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x200000, 0x0)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x10000, 0x40)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000080)={'caif0\x00', 0x2000})
ioctl$UI_SET_PROPBIT(r1, 0x4004556e, 0xd)
r3 = dup(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r6 = dup2(r4, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$KVM_ENABLE_CAP_CPU(r6, 0x4068aea3, &(0x7f0000000380)={0x0, 0x0, [0x8, 0x2, 0x1f, 0xffffffff]})
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r7, 0xee72)
sendfile(r3, r7, 0x0, 0x8000fffffffe)
r8 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x101000, 0x0)
r9 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/autofs\x00', 0x4, 0x0)
sendmmsg(r8, &(0x7f00000008c0)=[{{&(0x7f0000000180)=@nl=@unspec, 0x80, &(0x7f0000000340)=[{&(0x7f0000000200)="1efe1304be1df297eca9f121105d435a5e025c00f8c0a9c3bb658e492b59b7b371325e7f00970980ad6a89409e775e978896e2e5b5e3", 0x36}, {&(0x7f0000000240)="21a4c4185a2c704f0f67c04cb63ccc1739048eddadab7b883a91299e4723846f25f9c52d52943bdd541b7116e0902edf6936ecfe9d7fd0243e2377103d3c645648a76580056c8778afdc99d872a92e3ac574f324ebb12f3ba58a9c81f028a6a663f14654d7941d6a504003bceb85a111e85b3b", 0x73}, {&(0x7f00000002c0)="d660293f29dd9fed72512b1424e691b302d550d9b009ec512bcb86f5e0cdf165a4f6f4901875d19b14694505f9f7ada828b38424a0716aca4d66fbd84f2ad4790bf2", 0x42}], 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="300000000000000005010000800000009ae4b4c973794137f508251144c97f383e4b84115407e5d3e698298ba04e00003800000000000000290000000100010069fe25d0be729893a08cd18ff899acfee8241d740ca8a7d10000000000000050000000000000000f01000006000000bb16d6471b17a0e577878c0e59b07fd6a9fdc01d76dd61765b6490ebc7fe7d11798e32f2898e014455da52f93b290a35c1331ab5dfa1548f2527480d000000002000000000000000120100000c0000005f9b45e8c87da84d11000000000000003000000000000000120100000300000033c87c0de08181d5bad351e2b29319f8de4f7d719197fd638e1b01e6c43a00004d0aa723f0a3d5da3a4631a5585f9875d90e325680bb2671e26607b7411fb4fc6aa892be6d3a9b3df981418a250ad70739cb3e89d2433ddbb6b839432c4b121698af55b61924e3f78e919e52351996a860362e40c63591d32d372e47c9295de88038d6a19ea591784a818f27b5cf2da743f9ca8d37dfdc6f44fa1283e6782acd5fb4342c8647ae70d486daa40a5179368be06a2ff59e7d943707255f0766837c69e72fe8f01c5c77f294cfc6a00a4f742a872d5a180ca2710d6518eb1b75520c07b02a9848a65677d3f3f2caf30646e6f596a732e39fd6e5ede0300d543001a35cafe771bd5a3771977e524516d0ddb3ad"], 0x108}}, {{&(0x7f0000000500)=@pppol2tpin6={0x18, 0x1, {0x0, r9, 0x3, 0x1, 0x4, 0x1, {0xa, 0x4e24, 0x3, @local, 0xfffffffffffffffe}}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000580)="a55cb64a763467de14220a3fb111341ed5654838728f7f1129ce145104d4348557729737b2ca84f94f7bc6fb523a7f0d706bced38363ce08f59668899f37b3dce4baeb7abe0fab24c176b274c30bb3b61873aa2e43027f393c28fd29", 0x5c}, {&(0x7f0000000600)="6a59a9407f6cb826abbf09bb2e0ed6c34947ff151bfa3b9d7cca2d78a3ed63e8dc20deed85f2a73b59a4baaebb967758746ff41046a7c7cc03b3d045b5db23807af11bf07196618ebb68c81b2c8717734f3a93ed71b0603ff0c04f7f32643e3601c68daecefc53ab368081eb31c11e3e4c68b7cbcb483a51bbf01bf753c12a5df6d1f6ff3c9a8a457b725bef35b3", 0x8e}, {&(0x7f00000006c0)="e4fb64b37eca461e53de4a70c57b6d2a20fbd6a60a91247204cec96922a4d81f0caf49087541bb5cbfe1136fe4a705c5364b", 0x32}], 0x3, &(0x7f0000000740)=[{0x38, 0x107, 0x80000001, "c9dc628519c55d497a503f06455de5352cf4843a6bbd2868eae5b7a7391c67a657332cb1b4"}, {0xa0, 0x114, 0xfab, "022a9ba9c4dd76b5112bc49ee67241c44ebed990aae5da26f5f4d4382b4456f5d96dd3301d56ff089c7c10e6c545fb62919a4f0dd9d9479c70398b0d01aba0261cefe2e4a39948cc41e97c31fac7c5ed32b3d86c1ddf2380bd72df72cd4b0c7ba4a3eacef104a55a845d7a5f0bfc4fe2e9b1334d8a0fa71279cecde6a672927b5f485f4553fa7a9299aaf2db9e1f08f1"}, {0xa0, 0xd, 0x246, "389d980005726368a3cbea9bb293d30999ad2558c8086ef89274b7782eca4994bd3eb2686172022850dc7ad44a3f1ac4d607da9cabb7a0306b9898d253a694c048309d1f77696c83f23c7b1ceec4347c984ba5601d0ab53fed95c1c45ca2aa6019922bf34046f143e11f2c9c10a5ee1f813bc578d92e7a8946b01b107eaaf48ed3b8290b70e02c6075"}], 0x178}}], 0x2, 0x4)

01:38:57 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x12000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:57 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x4800000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:57 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:38:57 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:57 executing program 0:
r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080))
read(r1, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r1)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080))
read(r2, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r2)
r3 = getpgrp(0x0)
setpriority(0x0, r3, 0x100)
perf_event_open(&(0x7f0000000000)={0x9, 0x70, 0x1, 0xfffffffffffffffc, 0x8, 0xff, 0x0, 0x7fff, 0x0, 0x0, 0x3, 0x8, 0xfffffffffffeffff, 0x23809b59, 0x401, 0x0, 0x6, 0x6, 0xfffffffffffffffb, 0x3, 0x80000000, 0xca, 0xfffffffffffff001, 0x97, 0x6, 0x5, 0xffffffff, 0x5, 0x4, 0x1ff, 0x3, 0x20, 0x7, 0x6, 0x1, 0x3, 0x7f, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x8001, 0xffffffff}, 0xa011, 0x100000001, 0x10001, 0x3, 0x2, 0x8001, 0x81}, r3, 0xc, 0xffffffffffffffff, 0x8)
r4 = dup(r0)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:38:57 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf684, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x800, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x9}, 0x0, 0x1, 0x2, 0x7, 0x0, 0x1}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x100000000, 0x9000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
sendfile(r1, r5, 0x0, 0x10001)

01:38:57 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:57 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:38:57 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x13000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1255.453473][T18884] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1255.498782][T18884] CPU: 0 PID: 18884 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1255.506371][T18884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1255.516416][T18884] Call Trace:
[ 1255.519691][T18884]  dump_stack+0x172/0x1f0
[ 1255.524018][T18884]  handle_userfault.cold+0x41/0x5d
[ 1255.529117][T18884]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1255.535362][T18884]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1255.540634][T18884]  ? find_get_entry+0x535/0x880
[ 1255.545459][T18884]  ? __kasan_check_read+0x11/0x20
[ 1255.550467][T18884]  ? mark_lock+0xc2/0x1220
[ 1255.554891][T18884]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1255.560612][T18884]  ? __kasan_check_read+0x11/0x20
[ 1255.565650][T18884]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1255.571877][T18884]  ? find_lock_entry+0x1a7/0x560
[ 1255.576802][T18884]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1255.582949][T18884]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1255.588082][T18884]  ? shmem_unuse_inode+0x1010/0x1010
[ 1255.593355][T18884]  ? lock_downgrade+0x920/0x920
[ 1255.598182][T18884]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1255.604408][T18884]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1255.610628][T18884]  shmem_fault+0x22a/0x7b0
[ 1255.615021][T18884]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1255.620989][T18884]  ? find_get_entry+0x880/0x880
[ 1255.625813][T18884]  ? pmd_val+0x85/0x100
[ 1255.629940][T18884]  __do_fault+0x111/0x540
[ 1255.634241][T18884]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1255.640479][T18884]  __handle_mm_fault+0x2dca/0x4040
[ 1255.645593][T18884]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1255.651137][T18884]  ? handle_mm_fault+0x292/0xa80
[ 1255.656075][T18884]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1255.662296][T18884]  ? __kasan_check_read+0x11/0x20
[ 1255.667297][T18884]  handle_mm_fault+0x3b7/0xa80
[ 1255.672065][T18884]  __do_page_fault+0x536/0xdd0
[ 1255.676831][T18884]  do_page_fault+0x38/0x590
[ 1255.681314][T18884]  page_fault+0x39/0x40
[ 1255.685445][T18884] RIP: 0033:0x4533a0
[ 1255.689313][T18884] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1255.708893][T18884] RSP: 002b:00007fbdc8f557a8 EFLAGS: 00010202
[ 1255.714933][T18884] RAX: 00007fbdc8f55850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1255.722897][T18884] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f55850
[ 1255.730852][T18884] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1255.738797][T18884] R10: 00007fbdc8f569d0 R11: 0000000000000246 R12: 00007fbdc8f566d4
01:38:57 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
sendmsg$can_raw(r1, &(0x7f0000000180)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={&(0x7f0000000040)=@can={{0x3, 0x1, 0x7fffffff, 0x3}, 0x2, 0x3, 0x0, 0x0, "1777427169f59237"}, 0x10}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1255.746749][T18884] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:57 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:38:57 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000000))
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:57 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x14000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1256.044477][T18884] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1256.049767][T18884] CPU: 1 PID: 18884 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1256.057393][T18884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1256.067444][T18884] Call Trace:
[ 1256.070736][T18884]  dump_stack+0x172/0x1f0
[ 1256.075075][T18884]  handle_userfault.cold+0x41/0x5d
[ 1256.080193][T18884]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1256.086461][T18884]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1256.091746][T18884]  ? find_get_entry+0x535/0x880
[ 1256.096595][T18884]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1256.102325][T18884]  ? __kasan_check_read+0x11/0x20
[ 1256.107470][T18884]  ? __kasan_check_read+0x11/0x20
[ 1256.112494][T18884]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1256.118740][T18884]  ? find_lock_entry+0x1a7/0x560
[ 1256.123677][T18884]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1256.129933][T18884]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1256.129961][T18884]  ? shmem_unuse_inode+0x1010/0x1010
[ 1256.140332][T18884]  ? lock_downgrade+0x920/0x920
[ 1256.145178][T18884]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1256.151413][T18884]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1256.151434][T18884]  shmem_fault+0x22a/0x7b0
[ 1256.151458][T18884]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1256.168053][T18884]  ? find_get_entry+0x880/0x880
[ 1256.168069][T18884]  ? pmd_val+0x85/0x100
[ 1256.168085][T18884]  __do_fault+0x111/0x540
[ 1256.168097][T18884]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1256.168112][T18884]  __handle_mm_fault+0x2dca/0x4040
[ 1256.187662][T18884]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1256.198258][T18884]  ? handle_mm_fault+0x292/0xa80
[ 1256.198298][T18884]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1256.198314][T18884]  ? __kasan_check_read+0x11/0x20
[ 1256.198332][T18884]  handle_mm_fault+0x3b7/0xa80
[ 1256.198353][T18884]  __do_page_fault+0x536/0xdd0
[ 1256.198374][T18884]  do_page_fault+0x38/0x590
[ 1256.198390][T18884]  page_fault+0x39/0x40
[ 1256.198401][T18884] RIP: 0033:0x4533a0
[ 1256.198416][T18884] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1256.198426][T18884] RSP: 002b:00007fbdc8f557a8 EFLAGS: 00010202
[ 1256.262206][T18884] RAX: 00007fbdc8f55850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1256.270202][T18884] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f55850
[ 1256.278281][T18884] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1256.286250][T18884] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f566d4
01:38:58 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x4c00000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:58 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:58 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:38:58 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800, 0x0, 0x0, 0x0, 0x1b5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f0000000240)={0x5a0, 0xd90, &(0x7f0000000000)="ad1ed4b9b8af79d7119d7214f4880125f8048c39d697c2483409521bd0e8021529112a21b4f7ff6e9c66d9e715cb1f8a50183f60b8cea197a0314dfd9d13cf94ff0a3635b8be96f7bf021c63323d5688ac3e525cbfc9f6fc9cfedb52c71071ace0767576a64248158855067daaab32befa4f58fe3994bda3f2b5255a78637cbb93588a8a7122f79024ebb6406e925acddec9860a84de6527398d82e63314d3638cdde1f9357b", &(0x7f0000000180)="df6a977bc255412a3a63cff58181a9a23e24f70bb50c24e40949a0fb4c9aafb6395f3b44999bca08eb43ff702a5695732711d44a13f0757a6d1dc1c030402e293cb4cae569a97a823ea853a14e83e70d8085023369e78e921b1f4a6221174d4b56812b3956dbf0f5159844a3644971c998e7b497bfb3f160f11ed65fc84c297ea57642e15a505e848b1088bb88217d7bac16900065cf28e19cd3f820d768de2d124c4a7ee4b77f4a4654b977617e6152e7a43eef08bc89", 0xa6, 0xb7})
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:58 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x18010000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:58 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1256.294213][T18884] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:58 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071")
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:38:58 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = dup3(0xffffffffffffffff, r2, 0x80000)
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000180)={&(0x7f0000000040)=[0x400, 0x36], 0x2, 0x7, 0x1, 0x3, 0x5, 0x2, {0x8, 0x9, 0x2, 0x80, 0x4, 0x0, 0x0, 0x0, 0x9, 0x800, 0x0, 0x9, 0x8, 0xff, "b8a4700dff4c8df3745eda76d4eb7aa4853284eab2d09bd1c844c4b709afbd5f"}})
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0xa8, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r5 = dup(r4)
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0xee72)
connect$pppoe(r5, &(0x7f0000000000)={0x18, 0x0, {0x0, @empty, 'lapb0\x00'}}, 0x1e)
sendfile(r5, r6, 0x0, 0x8000fffffffe)

01:38:58 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1f000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1256.561528][T19333] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1256.579131][T19333] CPU: 1 PID: 19333 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1256.586835][T19333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1256.596887][T19333] Call Trace:
[ 1256.600187][T19333]  dump_stack+0x172/0x1f0
[ 1256.604539][T19333]  handle_userfault.cold+0x41/0x5d
01:38:58 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r0, r1)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f0000000180)={'NETMAP\x00'}, &(0x7f0000000040)=0x1e)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
write$P9_RVERSION(r4, &(0x7f0000000080)={0x15, 0x65, 0xffff, 0xd22, 0x8, '9P2000.L'}, 0x15)
r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r6 = dup(r5)
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r7, 0xee72)
sendfile(r6, r7, 0x0, 0x8000fffffffe)

[ 1256.609658][T19333]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1256.615916][T19333]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1256.621207][T19333]  ? find_get_entry+0x535/0x880
[ 1256.626063][T19333]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1256.631780][T19333]  ? ___might_sleep+0x163/0x2c0
[ 1256.636642][T19333]  ? __kasan_check_read+0x11/0x20
[ 1256.641674][T19333]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1256.647918][T19333]  ? find_lock_entry+0x1a7/0x560
[ 1256.652853][T19333]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1256.659008][T19333]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1256.659050][T19333]  ? shmem_unuse_inode+0x1010/0x1010
[ 1256.659067][T19333]  ? lock_downgrade+0x920/0x920
[ 1256.659087][T19333]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1256.680649][T19333]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1256.686890][T19333]  shmem_fault+0x22a/0x7b0
[ 1256.686912][T19333]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1256.686932][T19333]  ? find_get_entry+0x880/0x880
[ 1256.686948][T19333]  ? pmd_val+0x85/0x100
[ 1256.686965][T19333]  __do_fault+0x111/0x540
01:38:58 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x18000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1256.697331][T19333]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1256.697350][T19333]  __handle_mm_fault+0x2dca/0x4040
[ 1256.697369][T19333]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1256.710640][T19333]  ? handle_mm_fault+0x292/0xa80
[ 1256.710668][T19333]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1256.710686][T19333]  ? __kasan_check_read+0x11/0x20
[ 1256.710705][T19333]  handle_mm_fault+0x3b7/0xa80
[ 1256.710726][T19333]  __do_page_fault+0x536/0xdd0
[ 1256.738737][T19333]  do_page_fault+0x38/0x590
[ 1256.748585][T19333]  page_fault+0x39/0x40
01:38:58 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1256.748596][T19333] RIP: 0033:0x4533a0
[ 1256.748611][T19333] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1256.748618][T19333] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1256.748630][T19333] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1256.748638][T19333] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1256.748649][T19333] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1256.785460][T19333] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1256.785470][T19333] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:59 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x6000000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:59 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
ioctl$IMDELTIMER(r1, 0x80044941, &(0x7f0000000000))

01:38:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x20000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:59 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:38:59 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:38:59 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:38:59 executing program 3:
r0 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:38:59 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080))
read(r2, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r2)
r3 = dup(r2)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r4, 0xee72)
sendfile(r1, r4, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r7 = dup2(r5, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
r8 = userfaultfd(0x0)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000080))
read(r8, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r8)
r9 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x190a00, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r10, r11)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
r13 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r12, r13)
io_uring_register$IORING_REGISTER_FILES(r7, 0x2, &(0x7f0000000040)=[r2, r3, r8, r9, r11, r12], 0x6)

01:38:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x2470dde0, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1257.364935][T19778] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1257.370444][T19778] CPU: 1 PID: 19778 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1257.378008][T19778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1257.388070][T19778] Call Trace:
[ 1257.391365][T19778]  dump_stack+0x172/0x1f0
[ 1257.395722][T19778]  handle_userfault.cold+0x41/0x5d
[ 1257.400838][T19778]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1257.407093][T19778]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1257.412382][T19778]  ? find_get_entry+0x535/0x880
[ 1257.417247][T19778]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1257.422973][T19778]  ? ___might_sleep+0x163/0x2c0
[ 1257.427846][T19778]  ? __kasan_check_read+0x11/0x20
[ 1257.432869][T19778]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1257.432902][T19778]  ? find_lock_entry+0x1a7/0x560
[ 1257.432920][T19778]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1257.450253][T19778]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1257.455381][T19778]  ? shmem_unuse_inode+0x1010/0x1010
[ 1257.460662][T19778]  ? lock_downgrade+0x920/0x920
01:38:59 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x30000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1257.465515][T19778]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1257.471782][T19778]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1257.478031][T19778]  shmem_fault+0x22a/0x7b0
[ 1257.482480][T19778]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1257.488459][T19778]  ? find_get_entry+0x880/0x880
[ 1257.488495][T19778]  ? pmd_val+0x85/0x100
[ 1257.488513][T19778]  __do_fault+0x111/0x540
[ 1257.488526][T19778]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1257.488547][T19778]  __handle_mm_fault+0x2dca/0x4040
[ 1257.488568][T19778]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1257.488581][T19778]  ? handle_mm_fault+0x292/0xa80
[ 1257.488604][T19778]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1257.508087][T19778]  ? __kasan_check_read+0x11/0x20
[ 1257.508108][T19778]  handle_mm_fault+0x3b7/0xa80
[ 1257.508131][T19778]  __do_page_fault+0x536/0xdd0
[ 1257.508156][T19778]  do_page_fault+0x38/0x590
[ 1257.508174][T19778]  page_fault+0x39/0x40
[ 1257.508188][T19778] RIP: 0033:0x4533a0
[ 1257.529937][T19778] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1257.529946][T19778] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1257.529959][T19778] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1257.529969][T19778] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1257.529978][T19778] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1257.529986][T19778] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1257.529995][T19778] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:38:59 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
io_setup(0xd, &(0x7f00000001c0)=<r3=>0x0)
connect$can_bcm(r2, &(0x7f0000000140), 0x10)
io_submit(r3, 0x1, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000200)="0200000093c21faf16da39de706f646800580f02000000003f420f000000000000580f02000000003f420f00000000000000000002000000", 0x235}])
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r4, r5)
io_cancel(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x863, r5, &(0x7f0000000000)="d3b9dff6729f76957b27c03aa612f43a1077789df0b3128eef29d11eb583db344b84719b0836ac9091", 0x29, 0x3, 0x0, 0x1}, &(0x7f0000000080))
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0xee72)
sendfile(r1, r6, 0x0, 0x8000fffffffe)

01:38:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x3f000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:38:59 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x6800000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:38:59 executing program 3:
r0 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:38:59 executing program 3:
r0 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:00 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x40000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:00 executing program 3:
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r0=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r0, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:00 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
close(0xffffffffffffffff)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1258.069587][T20313] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1258.084799][T20313] CPU: 1 PID: 20313 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1258.092370][T20313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1258.092376][T20313] Call Trace:
[ 1258.092397][T20313]  dump_stack+0x172/0x1f0
[ 1258.092419][T20313]  handle_userfault.cold+0x41/0x5d
[ 1258.115147][T20313]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1258.121397][T20313]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1258.126682][T20313]  ? find_get_entry+0x535/0x880
[ 1258.126704][T20313]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1258.126720][T20313]  ? ___might_sleep+0x163/0x2c0
[ 1258.126743][T20313]  ? __kasan_check_read+0x11/0x20
[ 1258.126759][T20313]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1258.126778][T20313]  ? find_lock_entry+0x1a7/0x560
[ 1258.126793][T20313]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1258.126823][T20313]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1258.147208][T20313]  ? shmem_unuse_inode+0x1010/0x1010
[ 1258.147225][T20313]  ? lock_downgrade+0x920/0x920
[ 1258.147259][T20313]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1258.147273][T20313]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1258.147292][T20313]  shmem_fault+0x22a/0x7b0
[ 1258.158433][T20313]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1258.158453][T20313]  ? find_get_entry+0x880/0x880
[ 1258.158470][T20313]  ? pmd_val+0x85/0x100
[ 1258.158486][T20313]  __do_fault+0x111/0x540
[ 1258.158503][T20313]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1258.192294][T20313]  __handle_mm_fault+0x2dca/0x4040
[ 1258.192317][T20313]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1258.192333][T20313]  ? handle_mm_fault+0x292/0xa80
[ 1258.192360][T20313]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1258.192377][T20313]  ? __kasan_check_read+0x11/0x20
[ 1258.192398][T20313]  handle_mm_fault+0x3b7/0xa80
[ 1258.216027][T20313]  __do_page_fault+0x536/0xdd0
[ 1258.216054][T20313]  do_page_fault+0x38/0x590
[ 1258.216072][T20313]  page_fault+0x39/0x40
[ 1258.227372][T20313] RIP: 0033:0x4533a0
[ 1258.227387][T20313] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1258.227395][T20313] RSP: 002b:00007fbdc8f557a8 EFLAGS: 00010202
[ 1258.227406][T20313] RAX: 00007fbdc8f55850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1258.227414][T20313] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f55850
[ 1258.227422][T20313] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1258.227430][T20313] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f566d4
[ 1258.227438][T20313] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1258.339685][    C0] net_ratelimit: 12 callbacks suppressed
[ 1258.339691][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1258.347591][T20436] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1258.351125][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1258.361142][T20436] CPU: 1 PID: 20436 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1258.362133][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1258.369568][T20436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1258.369575][T20436] Call Trace:
[ 1258.369599][T20436]  dump_stack+0x172/0x1f0
[ 1258.369623][T20436]  handle_userfault.cold+0x41/0x5d
[ 1258.369641][T20436]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1258.375383][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1258.385388][T20436]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1258.385412][T20436]  ? find_get_entry+0x535/0x880
[ 1258.388738][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1258.392992][T20436]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1258.398149][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1258.404313][T20436]  ? __kasan_check_read+0x11/0x20
[ 1258.404331][T20436]  ? __kasan_check_read+0x11/0x20
[ 1258.404348][T20436]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1258.410086][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1258.415295][T20436]  ? find_lock_entry+0x1a7/0x560
[ 1258.415308][T20436]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1258.415326][T20436]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1258.420162][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1258.425850][T20436]  ? shmem_unuse_inode+0x1010/0x1010
[ 1258.425867][T20436]  ? lock_downgrade+0x920/0x920
[ 1258.431602][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1258.437245][T20436]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1258.437259][T20436]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1258.437277][T20436]  shmem_fault+0x22a/0x7b0
[ 1258.442285][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1258.447271][T20436]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1258.447288][T20436]  ? find_get_entry+0x880/0x880
[ 1258.447304][T20436]  ? pmd_val+0x85/0x100
[ 1258.459212][T20436]  __do_fault+0x111/0x540
[ 1258.459229][T20436]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1258.459249][T20436]  __handle_mm_fault+0x2dca/0x4040
[ 1258.459268][T20436]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1258.459285][T20436]  ? handle_mm_fault+0x292/0xa80
[ 1258.470349][T20436]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1258.470367][T20436]  ? __kasan_check_read+0x11/0x20
[ 1258.470387][T20436]  handle_mm_fault+0x3b7/0xa80
[ 1258.470415][T20436]  __do_page_fault+0x536/0xdd0
[ 1258.481202][T20436]  do_page_fault+0x38/0x590
[ 1258.481222][T20436]  page_fault+0x39/0x40
[ 1258.481233][T20436] RIP: 0033:0x4533a0
[ 1258.481250][T20436] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1258.481262][T20436] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1258.491342][T20436] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1258.491352][T20436] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1258.491361][T20436] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1258.491370][T20436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1258.491379][T20436] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:00 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$VHOST_SET_VRING_BASE(r5, 0x4008af12, &(0x7f0000000000)={0x0, 0x2212})

01:39:00 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x6c00000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:00 executing program 3:
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r0=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r0, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:00 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x60000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:00 executing program 1:
r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90d, 0x0, 0xb6b0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0xc0940, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080))
read(r2, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r2)
getsockopt$inet_sctp_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000340), &(0x7f00000003c0)=0x4)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080))
read(r3, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r3)
socketpair$unix(0x1, 0x3322017980f143f4, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r4, r5)
r6 = socket$isdn(0x22, 0x3, 0x26)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f00000001c0)=[r2, r3, r4, 0xffffffffffffffff, r6, r0, r0], 0x7)
r7 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r8 = dup(r7)
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r9, 0xee72)
getresgid(&(0x7f0000000040)=<r10=>0x0, &(0x7f0000000180), &(0x7f0000000200))
r11 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r13=>0x0)
keyctl$chown(0x4, r11, r12, r13)
lstat(&(0x7f0000000240)='./bus\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, <r14=>0x0})
setresgid(r10, r13, r14)
sendfile(r8, r9, 0x0, 0x8000fffffffe)

01:39:00 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:00 executing program 3:
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r0=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r0, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:01 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ioctl$NBD_SET_SIZE(0xffffffffffffffff, 0xab02, 0x7fffffff)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:01 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x65580000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1259.000984][T20593] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1259.007628][T20593] CPU: 1 PID: 20593 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1259.015182][T20593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1259.025246][T20593] Call Trace:
[ 1259.028544][T20593]  dump_stack+0x172/0x1f0
[ 1259.032894][T20593]  handle_userfault.cold+0x41/0x5d
[ 1259.038006][T20593]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1259.044263][T20593]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1259.049552][T20593]  ? find_get_entry+0x535/0x880
[ 1259.054497][T20593]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1259.060208][T20593]  ? ___might_sleep+0x163/0x2c0
[ 1259.060230][T20593]  ? __kasan_check_read+0x11/0x20
[ 1259.060245][T20593]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1259.060265][T20593]  ? find_lock_entry+0x1a7/0x560
[ 1259.076310][T20593]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1259.076330][T20593]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1259.076355][T20593]  ? shmem_unuse_inode+0x1010/0x1010
[ 1259.076369][T20593]  ? lock_downgrade+0x920/0x920
[ 1259.076383][T20593]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1259.076394][T20593]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1259.076410][T20593]  shmem_fault+0x22a/0x7b0
[ 1259.087460][T20593]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1259.102637][T20593]  ? find_get_entry+0x880/0x880
[ 1259.102656][T20593]  ? pmd_val+0x85/0x100
[ 1259.102675][T20593]  __do_fault+0x111/0x540
[ 1259.102690][T20593]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1259.102709][T20593]  __handle_mm_fault+0x2dca/0x4040
[ 1259.119561][T20593]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1259.119579][T20593]  ? handle_mm_fault+0x292/0xa80
[ 1259.119606][T20593]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1259.119630][T20593]  ? __kasan_check_read+0x11/0x20
[ 1259.119656][T20593]  handle_mm_fault+0x3b7/0xa80
[ 1259.130452][T20593]  __do_page_fault+0x536/0xdd0
[ 1259.130480][T20593]  do_page_fault+0x38/0x590
[ 1259.130500][T20593]  page_fault+0x39/0x40
[ 1259.130510][T20593] RIP: 0033:0x4533a0
[ 1259.130527][T20593] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1259.138950][T20593] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1259.138963][T20593] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1259.138971][T20593] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1259.138980][T20593] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
01:39:01 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

[ 1259.138989][T20593] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1259.138997][T20593] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:01 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
ftruncate(0xffffffffffffffff, 0xee72)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x8000fffffffe)

01:39:01 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:01 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x50000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:01 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x7400000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:01 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x81000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:01 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000)="10b188c57a0d17252f7de3bdb1ce99a6b38f67b50211cef4c615c548f60255f18d8737b914dbdad319df99a4758d314278625cf33a6225b88407f4e39f6251dd5ef713cfb3f94c1026b6d870a88b4c5eea002ff525f1576dde0243affa99f86feb242976eec13c120633cedc26a65c503cf9f9280b7615db98a1b88a1a680281012925bdc22e769b83399796cb29448f011d", 0x92, 0x2000098d, 0x0, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
r3 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0xffff, 0x101100)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000001c0)={r1, r3, 0x3, 0x1}, 0x10)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1259.662263][T21091] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1259.672677][T21091] CPU: 0 PID: 21091 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1259.680242][T21091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1259.690282][T21091] Call Trace:
[ 1259.693566][T21091]  dump_stack+0x172/0x1f0
[ 1259.697905][T21091]  handle_userfault.cold+0x41/0x5d
[ 1259.703021][T21091]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1259.709301][T21091]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1259.714569][T21091]  ? find_get_entry+0x535/0x880
[ 1259.719414][T21091]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1259.725111][T21091]  ? ___might_sleep+0x163/0x2c0
[ 1259.729938][T21091]  ? __kasan_check_read+0x11/0x20
[ 1259.734933][T21091]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1259.741162][T21091]  ? find_lock_entry+0x1a7/0x560
[ 1259.746075][T21091]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1259.752240][T21091]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1259.757345][T21091]  ? shmem_unuse_inode+0x1010/0x1010
[ 1259.762606][T21091]  ? lock_downgrade+0x920/0x920
[ 1259.767441][T21091]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1259.773652][T21091]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1259.779866][T21091]  shmem_fault+0x22a/0x7b0
[ 1259.784258][T21091]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1259.790295][T21091]  ? find_get_entry+0x880/0x880
[ 1259.795118][T21091]  ? pmd_val+0x85/0x100
[ 1259.799247][T21091]  __do_fault+0x111/0x540
[ 1259.803571][T21091]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1259.809788][T21091]  __handle_mm_fault+0x2dca/0x4040
[ 1259.814872][T21091]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1259.820389][T21091]  ? handle_mm_fault+0x292/0xa80
[ 1259.825305][T21091]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1259.831553][T21091]  ? __kasan_check_read+0x11/0x20
[ 1259.836575][T21091]  handle_mm_fault+0x3b7/0xa80
[ 1259.841315][T21091]  __do_page_fault+0x536/0xdd0
[ 1259.846058][T21091]  do_page_fault+0x38/0x590
[ 1259.850535][T21091]  page_fault+0x39/0x40
[ 1259.854667][T21091] RIP: 0033:0x4533a0
[ 1259.858539][T21091] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1259.878117][T21091] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1259.884171][T21091] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1259.892134][T21091] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1259.900078][T21091] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
01:39:01 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x83400000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:01 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:01 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x78000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:01 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r3)
fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./bus\x00', 0x6, 0x2)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1259.908046][T21091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1259.916010][T21091] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:02 executing program 1:
r0 = getpgrp(0x0)
setpriority(0x0, r0, 0x100)
r1 = getpgid(r0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0}}, r1, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r3 = dup(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@ipv4={[], [], @local}, @in=@remote}}, {{@in6=@mcast2}}}, &(0x7f0000000280)=0xe8)
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r4, r5)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r8 = dup2(r6, r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ftruncate(r8, 0xcbcb)
getsockopt$IP_VS_SO_GET_DESTS(r4, 0x0, 0x484, &(0x7f0000000040)=""/63, &(0x7f0000000080)=0x3f)
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r9, 0xee72)
syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x3, 0x400141)
sendfile(r3, r9, 0x0, 0x8000fffffffe)

01:39:02 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:02 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f00000001c0)='/de6\xbbZK\x18u\xf1Nm\x00', 0x2000, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r3 = dup2(r1, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r3, 0xc04c5349, &(0x7f0000000200)={0x1, 0x0, 0xc37})
r4 = dup(r0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x200, 0x0)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r6, r7)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={<r8=>0x0, 0x38, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x6, @mcast2, 0x2}, @in6={0xa, 0x4e22, 0x7, @loopback, 0xc9}]}, &(0x7f0000000140)=0xfffffffffffffea4)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r7, 0x84, 0x78, &(0x7f0000000180)=r8, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r11 = dup2(r9, r10)
ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r11, 0x54a3)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:39:02 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x7a00000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:02 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x88a8ffff, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:02 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
r3 = accept(0xffffffffffffffff, &(0x7f0000000000)=@ipx, &(0x7f0000000080)=0x80)
sendmsg$NET_DM_CMD_STOP(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x857e2ee1dd48d568}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40886}, 0x4000000)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
getpid()

01:39:02 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x84000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1260.430258][T21541] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1260.450577][T21541] CPU: 1 PID: 21541 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1260.458143][T21541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1260.468194][T21541] Call Trace:
[ 1260.471479][T21541]  dump_stack+0x172/0x1f0
[ 1260.475820][T21541]  handle_userfault.cold+0x41/0x5d
[ 1260.480949][T21541]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1260.487204][T21541]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1260.492488][T21541]  ? find_get_entry+0x535/0x880
[ 1260.497344][T21541]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1260.503060][T21541]  ? ___might_sleep+0x163/0x2c0
[ 1260.507924][T21541]  ? __kasan_check_read+0x11/0x20
[ 1260.512944][T21541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1260.519190][T21541]  ? find_lock_entry+0x1a7/0x560
[ 1260.524130][T21541]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1260.530289][T21541]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1260.535421][T21541]  ? shmem_unuse_inode+0x1010/0x1010
[ 1260.540707][T21541]  ? lock_downgrade+0x920/0x920
[ 1260.545564][T21541]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1260.551802][T21541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1260.558037][T21541]  shmem_fault+0x22a/0x7b0
[ 1260.562453][T21541]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1260.568428][T21541]  ? find_get_entry+0x880/0x880
[ 1260.573274][T21541]  ? pmd_val+0x85/0x100
[ 1260.577430][T21541]  __do_fault+0x111/0x540
[ 1260.581763][T21541]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1260.588004][T21541]  __handle_mm_fault+0x2dca/0x4040
[ 1260.593119][T21541]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1260.598662][T21541]  ? handle_mm_fault+0x292/0xa80
[ 1260.603623][T21541]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1260.609863][T21541]  ? __kasan_check_read+0x11/0x20
[ 1260.614927][T21541]  handle_mm_fault+0x3b7/0xa80
[ 1260.619696][T21541]  __do_page_fault+0x536/0xdd0
[ 1260.624481][T21541]  do_page_fault+0x38/0x590
[ 1260.628984][T21541]  page_fault+0x39/0x40
[ 1260.633131][T21541] RIP: 0033:0x4533a0
[ 1260.637038][T21541] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1260.656627][T21541] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1260.662693][T21541] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1260.662701][T21541] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1260.662709][T21541] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1260.662716][T21541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
01:39:02 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x88000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:02 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xc040, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x400000)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000040)='./bus\x00', r5}, 0x10)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:02 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x9effffff, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:02 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x2282, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1260.662727][T21541] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:02 executing program 0:
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x10006, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x80000, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000180)={<r4=>0x0, @in6={{0xa, 0x4e24, 0x0, @rand_addr="db9c9a4e131c5e8fdc52bf791f797778", 0xd01}}, [0x8, 0x3, 0xf2, 0x7, 0x3f, 0xca, 0x5, 0x3, 0x0, 0x0, 0x8, 0xfe1e, 0x0, 0xe0, 0x8000000000]}, &(0x7f0000000000)=0x1c5)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000040)={r4, 0x277}, 0x8)
rseq(&(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x4, 0xcd, 0x5}, 0x6dac4d30b20ed5e8}, 0x20, 0x1, 0x0)
ftruncate(r2, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r5, r6)
sendfile(r0, r6, 0x0, 0x8000fffffffe)

01:39:02 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:02 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x8dffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:03 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000180)={0x6a3a, {{0xa, 0x4e20, 0x2, @mcast2, 0x2}}, 0x1, 0x9, [{{0xa, 0x4e23, 0x401, @dev={0xfe, 0x80, [], 0x25}, 0x6}}, {{0xa, 0x4e20, 0x0, @loopback, 0x1f}}, {{0xa, 0x4e23, 0x1ff, @loopback, 0xe8d}}, {{0xa, 0x4e23, 0x2, @dev={0xfe, 0x80, [], 0x1d}, 0xb8f}}, {{0xa, 0x4e22, 0x4, @remote}}, {{0xa, 0x4e22, 0x19e3, @ipv4={[], [], @empty}, 0x2}}, {{0xa, 0x4e20, 0x5, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x14c7}}, {{0xa, 0x4e20, 0x2, @rand_addr="8667ae15f3a1fa1ccf7f523bedd281ac", 0x1}}, {{0xa, 0x4e21, 0x0, @remote}}]}, 0x510)

01:39:03 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x8000000000000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:03 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xe0dd7024, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:03 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffffca71737, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:03 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xa79e0100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1261.262459][T22242] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1261.270338][T22242] CPU: 1 PID: 22242 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1261.277899][T22242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1261.287947][T22242] Call Trace:
[ 1261.291248][T22242]  dump_stack+0x172/0x1f0
[ 1261.295591][T22242]  handle_userfault.cold+0x41/0x5d
[ 1261.300704][T22242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1261.307092][T22242]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1261.312392][T22242]  ? find_get_entry+0x535/0x880
[ 1261.317243][T22242]  ? __kasan_check_read+0x11/0x20
[ 1261.322263][T22242]  ? mark_lock+0xc2/0x1220
[ 1261.326683][T22242]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1261.332409][T22242]  ? __kasan_check_read+0x11/0x20
[ 1261.337445][T22242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1261.343691][T22242]  ? find_lock_entry+0x1a7/0x560
[ 1261.348623][T22242]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1261.354780][T22242]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1261.359908][T22242]  ? shmem_unuse_inode+0x1010/0x1010
[ 1261.365208][T22242]  ? lock_downgrade+0x920/0x920
[ 1261.370056][T22242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1261.376292][T22242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1261.382537][T22242]  shmem_fault+0x22a/0x7b0
[ 1261.386980][T22242]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1261.392977][T22242]  ? find_get_entry+0x880/0x880
[ 1261.397823][T22242]  ? pmd_val+0x85/0x100
[ 1261.401969][T22242]  __do_fault+0x111/0x540
[ 1261.401985][T22242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1261.402005][T22242]  __handle_mm_fault+0x2dca/0x4040
[ 1261.417652][T22242]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1261.423291][T22242]  ? handle_mm_fault+0x292/0xa80
[ 1261.423315][T22242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1261.423330][T22242]  ? __kasan_check_read+0x11/0x20
[ 1261.434465][T22242]  handle_mm_fault+0x3b7/0xa80
[ 1261.434495][T22242]  __do_page_fault+0x536/0xdd0
[ 1261.434520][T22242]  do_page_fault+0x38/0x590
[ 1261.434542][T22242]  page_fault+0x39/0x40
[ 1261.457667][T22242] RIP: 0033:0x4533a0
[ 1261.461551][T22242] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1261.461559][T22242] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1261.461575][T22242] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1261.495173][T22242] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1261.503133][T22242] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
01:39:03 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xc4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:03 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r0, r1)
fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000000))
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r3 = dup(r2)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r4, 0xee72)
sendfile(r3, r4, 0x0, 0x8000fffffffe)

01:39:03 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xf0ffffff, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:03 executing program 0:
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x448080, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
pipe(&(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
fanotify_mark(r5, 0xa0, 0x7872e043a28bc50, 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00')
r7 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000000)=0x1, 0x4)
ftruncate(r2, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r10 = dup2(r8, r9)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200)
ioctl$KVM_SET_NESTED_STATE(r10, 0x4080aebf, &(0x7f0000002040)={0x2, 0x0, 0x2080, {0x3000, 0x13000}, [], "c721b8232805dbfba2be9f4e2c4a9fe79cb632265b16764b8620fcb3de5450d318d61faa63b0e16d486663aa11abcb0f276e5a8537b3e974b6b232e6bada57ab7bae3125cefbffae0c66dac3a696cd0cc8b44ca691d144df58541a864bb3f495142de6a9b02ce284887ba4f3cf390dd5e33f50c0cd81278cadc49e16b4f45d5621583fd7d918bd7f39671e67e7314fe1585736c2ca9d34c5018fbdad49789dc5ea363dd772127dd9a442f4015cba83111965a2d95c5c08ee70d27c18938f87770f3d8acf20a80dcc9022b2d99c9452785fed630372f6059d679c7dbdf0357cb7eee698dbc94584d2dca1058cc71fd07250ec6d4833ab65ac56cb49392a96539aba6bdd76c936beb1a3fef9a4119044a3a9a2f338b126c48128b363c93987cc1a1d02ab33725aa9416236f9fc063b7ef2e40285d12b049ed6b953abd4c8b82224c57bef83629c886411b800d7ac7ac75cdd06c80b7945c65efd77ae5bcad5531e14f2eb1ccc30990431a30f34d9243f94c22a5b857c4b463110e5bde61275baf7dc5f7a8db390c0e5d05517508966a37caeac4acf382a3c8a82c246becb74551aaebb374501d15294d62eba74420aad362de7647f686dbad3eebcc2513bd1100ee9c78f3ccf3bacb8600787db38c90fb57102119490ccd9baf26136a8cf8e5b4a70ae343de459506a81f1256716a983143eff587923b2273c29582f7a07d7bf2219e844e73a7c9f0cbf81644410ebb630f9158833afda8dd730366ce0a7f7e2af88a3c39d534215954aa76c16e6e59fa0f04eb80b9cfe539fff9e08ce637de24b75097b526b520814e76608621326730cd2c9ed707a2abe65b3dd8e5b455c448e7d9529f1105441691d9cc5dba569bcefd447184732437b1f252e57ee8829f8586ae2d5be365db98e97738fce91de85e16637e4b1419d047697033cd22be0111f2bdfd219ca37d849f05c86ed5499801ecffa61c91646b1aae9f0b4052737a0c263149114ac4af2434e92b0918b49a6f34e3a885cbdf6c85a7dfe1e3ccf961f310db1daeaad4e4c122211c81ed91e70b3a1a670feda191f52fa3e9e6fdfb46e6e4b7cd7ca8ba18bcb7e1e5a8c348ae9d987bcc2a143436b0fdf3c9af8d49762c56e83e5a8dcbda71df9e3100874fa6f419deba7359458df7d32c7645c4c629d8d878829825121d12f41052bd0ee33f03237e251affed1ff5fdf319f33f867c12e77af40b6a739db6263ad829fec8affed3170cddb18d5d5691c8166ff627283d9f27f7a8ba1dc84dd561f2a5d29071cdc5af0b300c3d53373e243485887b4024a5c56ba474eca02162e98dae84cf23dee25f3ea4b5e9196d6c09fb850c2a8b79510ba162ef9af4be34ef8248e2966cb62edbf990d60f27b02290b79c20745418353c8c73ced7ddb98b0954fa8a27313cede57801215e9d8ced469cf94922f391e6fd9eb72d02dadf580b4b2e17a8deb9c56affc3f3846747a87406f965d4499d2a117f891dcf0fccc166618d2c1e34cd3c87f177675b5789a7f308cdf97cf44e0efd1288c8fe5c2606e582e7b05cf77dc8cdf014d35785efb88707f32a7ae560a1b7cca8c2c9dddbfe14475b01eaf98ba44ffe3f09134110c98d08d2997ce398890f50e211d2e6b1f1089974de401127328ab8b178af57b847c5eee8edb0b5291e6d6431e53cce91bd9eba55c7efbc0d4144ac635710c2fb6f3bdf420449081ba844fe5fba09ffbb473867a5db97f988bdc2902497274cf7111a5e6adb821be3644c27ed06a1a811376b8da0aa08d26a7ba387a08daf2f4739bec677a88b4923eadb0704b4aee32c92b5a56242d134d0819d1a202b882d897e634b9da191a4f4fb0e7c3a8892b89c20d37d2fadf0438e70c2974b588a44a79cb35a2e868e1155984a26ac5c5c1c89aab484e65fe0783e68760d003a5ae37bd9f0dc70d30743dc25864aa8deec044dd19e2fdb4bd9187ddc6de1d0ecf97adbcfc7b3d49478174063e2aa8bfad38520af0a9d801240710d773382ba379fcab9ee775e5e3b0828e99fc522ddc395c24bd89a72edcc2cb3e8974388542f0532bc94c791e9ec3402a388455006d6f4c6e9363755de0ab447db22b512bfdd176081735da85dccf3d598a0a56b4a325f65225903c030fb4d4fe1927f8c242a59e8d6356bf1062bfa3d883fd757fc8d3dc08230b76d4b36cc6a3b83298fccfdde1c4f268e3ab19cce4a85ec330009bb20465268f0ac3e341e47d3c0f4af5249b052eb2ce86fada4020888cb0d4666133643dfb0f1add455b7caff3b105b57fae9e909c047bdce0953726f3bf73d2a13052a4b77151ef419b1c11937154a3e3d3623bcc1e89795af8566328f5be70fafecb64c323144dfe2d94543d8556a01d7526d2d13b7c886fd169e700a99cc4ba893c5d1af615f0ebb3275e1b78fe9f62559757ad2d09dad68a18d659063ec4b1e0cd120c0dc2293d4d5bfa6f37674591a280590763f09ff4afe5cc0ea73a73482b3c9618a0cc276adde2b08135966e3f99a17bce847ecbde1a0765e4ef6a17160e8eb9664efc1c8f5d8078eccec4abf1d40393fce000971943ed80270817949c6ed8953879e2416498656f8587c5797210817577cb75b87b05001ac2ff8d1a5f3f1c18a56ba8919b6766c843c42add405327d7d9e7769566faeeba5da42250ff6ee067bbf75b9f0af4e2403fc462768b2308e98aec2b2c085bea6cc27b35fd2d0e5d254804f084585f313e70526974f89f49452ff9c6fcb6e043eed9e0f01b66df3dc07e1989e28777554f6f60799f6969c0fafc27bd232160f0eab77f238b8e239974708f2abd986811f69c37244c94498d8a0e874a0b70bfc2623999e027f3caf48b49b03cf2c4fbbfbc4046d2deed45d7da7d8e86b0d8ec6c7bacd36272a79bbd5f0576b35a8eaa5890d91d74ad07693a5706df6d9adfcf87b8fc41ce321a3e4396f6723de0435ec1a0ac793314651277f0ca12febf10a1f2ef7adb3c699f6962a706b4ce856c4f031941bac2d0bffecc806f647c0b503e3feac6b844f2b01d5c4ae350bc2a022c9ea7ecf6a0f12ee132d3d09fa3746cee9c40046fc4fe288f882f7994af0f6decd9277b0c705a98323c10f3cefecbc479e8bdee44b8cba75cdc445449d60c58328f369fde9570c90470dac4f9f66a77bf9d480fe2321bd0bc0d786b4e17ffbe3d71845c0c22065ff15e6692f90985b6efcb3aec5ba71e4b5fad51ae23d549390413ffe88f3afd9d199cc5c6c639abc32de3c066dd0a8d6729a2f1d0927f7263004b87f4aa73c5c83ef26b8c0e518ae5a780b29718e1268dd57c4765c808abe83bcaf7f0648760d49b974bfae7123190282acf47e7ed7c40a2a99090973a699cf3527324114a7c0241e4312b847fada073b5e808acd1d8de4eb733cf6b800c68d0b62cb88a6435c7b3b0582ae3e8d66df0adc6af048b3d6006766b4db3e0070dd15e21c8c9e9360eaa0500faef4d2a146d079b270926cf99b54be17b9c5f99322b412b821821f91ece34b62ccadf3d0647ededdbc22f95deaa6b2bd22098005e5affdc0c7159be3ed9a69865977a1f5aa9aa34ff920a5014bd16a76a837d62e5e82e3b8c56cfa0bd94a5dc4a741f8c297cf3ede0d8aba0dddada1bdf50a8c023197d5321e07d74f728239e198eb5a0d254ea0306173601e962b363fbb7cceaf2f79e1deabb64756f1a5f8acfafd4796aaa9d0390d08b7a2ac826e1fb36d9d62d50e56b161ac5dac1177c261e17481256086eff478783f117c0a0e9a8dedf0d58f9048f057d59d84219a5be133d0660dcf089b26e87bd7e740b4aa7cb68c42b342f905a3fe319f150d7f6417d4b72f1a9ffc1d9fd053388a071510bb4c974ba7a17874956e9d9e6cd6636ba46f8a7b0d8721607e4c70bd1167b191707e8f5e169a5eedae47bb45d77117e3cca759405effb9a034cd06f814dc7081f2d14a6e80b34d1254070eca38351cd0a76694e42dbcea51c7f452177fd9ad9f926218178bfb9b392cc764874a44db59f14d5bb1f7fc0618c3654fb4d3005a08fec308d74de44d9460f291d96f248c8455d043d82d9bd318a7992d9afd51d6b0eada4f90e7e7eaa8593cbce2894c78eeda735e29d0411104b4821a82d0364094db89d89ab12a19062aaba4d4c300a2b2df8fa68c4b5d9ab9ca7e7a4e6adbe600b871ce8ee9ca6e77917f6e8921a0b56448edd9a54545effd8412c5f5993f96887d9b7b40fe4fb73e6ea478136ca85a37c8f3377152e2f0090f528c1b83485990526c70410818e9fce9248fcd285c7d443fbefbe63d2176b9ede6fb91564ee7ccbf0ab7da2d74d1d63cd35077e2b53c7020e7a3fba5513d0f82e673f8558ce3249a7d603816d1df92835a03e4045315005c4055e88bfaca78e55fb0c271f107987bfadd61a797f9d6efd8f123926d69d0626674fe81d8878d9d81a79315308ef33c9db66236a07f9bde1483297447af9b583cd31228a716b8a5e3e6cab036ee36e3e4ff605b68165312bc595a055270223dc6e3d5c00fda59679e0bb37aee36d26e5c4e45abc53f696570c5d14000d492fbb5b95529939aa784aa370135b41ec527a68b4c8a539ca15f307062171101f869e22ca0b1852fbba6d6e3998f66b6f4c5a6f41cf0e33be050e4f0104d1d944ac432c27e0010a410e5650c771ddcf6e9fabc01bf2926371ab81f76009ec5b30f917639c26a298261b6801bea8ef7c5e7bcc8334bad2dd5c26e1084d0deb8e8879414e86dcf48324ddef407255bb5f4857edb9e7c82dad878b0a095983389d4d44fc54b2c5161483e93e6d105f002ef5ca1acc4f5b1cefadb949c5bdfd832013659d171d41f11024790302c02f311d7420d60445f0dc3e043800a6b310f9b80df743fa6f75c5170d9b852612c5a5f6b7ef5369e21ba0d944b5c09776ae7f7729ca2b2247be18edde6f2831bc32316b1cf7d4b46a14d043bf3e4418cb04dbe92f93875c05b8d9b58412369c340a857b5ed82328cdddaca8b5a574bbba69a322986746c334f6a8bacf66ecb235afc231e5cbc82b1bc387e88458043fe2e17c3314fd7d46156f51913bb3d8e151f40354e209b1cc728022157e1162ea37892d93f9eeaf449862e9d26d524ea3c081938594ae40465f086a9352b726ec13f71d8fa24447ac1cbae0984c65fac31ebe71b4683def79f68a123378511e46eb3cb3c73104445a87a56fece7dc20894b15cbb669ba3ba0998a5eea385a1a4143056082223826358c059d83cd59330cced221723fcca41914e9f563850b2a9760399b43fcdd56a35200a419b21dcf39c9cab76faaf2a59146b2c611abbfb85ac900ad2b219fc405d7f5863ccd1e7cb0c4cf73be576ee37d61bb3a3fe7b0d7cc3c8a32889e3a476184ceda513f2f8630f2684d10487e2c2b1df04a9f50267249c636bc0b61a0275e7eb4fd3161cefb75523d2369858e65310ebaa81ba72fbade02c20522db812b7bd78bd31dcfec7f9c822df49cdf545df014a795a8d77ba14fa7925bd731d7db68276012aca1a907ed5df1c78c2f4e04629fae1d5143cd5d5bcd0b19a1ae7fa08ba09822394ee052dceedbb91143fe8779145982cb13c9e56d9637a4542fab09c27d8d0e83c8279a8c97ff65a9da10f10efeb9b2240fd7638d90066f6eb73c2057de2afd794cc4793bf76068910d17aaa6ff6fef52d3fbe28c374ceacad5470ac3d337c3eb8aaec1788afa1e214bf8a40af6b3338a74cec42fc1bd8780b59b6852f327d348da6dd6ea91e281e977f2a4297d25a81e07ffc6fdde71e077db73a174ea35dd280f7858", "a2d902355491734ff7bd6fa5e6c7792d2752fd0deb6aeae86f2d2eddcbefe9873e63fbfeaaf958833488c244a73a0626508d04251791e7bd61640fc42dd7ff6ac440a3fa03f62bae499705a5e8eacfd925db89ac9519d2f04059051baeae50d060fcab5f4b130cc2aea14bb1ca89651c6eb2fff24220dbfe2bef1e626ca5ef2abc39036ff168cae720613bee14ae84b48f07ed21bd0ec8de51fe8a099b824b01bad8aca6b617e1f15e75ca6b0b6577aa2899955271314b6e5cd72ef3842da20302548410e8a34e3222fc45a4f0057eea7d4059712d300f933700e4a8db9302e230c74d5ab57d3be88a5954050536242c257dc7ce96f72a213f5a3bd6398fc795e08a6a8105e727b14788e7c8d3212f2922c478c73a2b86f98bc5dbec55aa97edeb7fc0e08a4d26242757dd06a9087a1c0fdc9e425f2ec833d573b7487499a35336980b30513581315cb18b810ef30ebc7525e0ca5981aa29e0aa65011b3a27f243aa6aeedda3d37a0ce788c0fab07155f33b7ed6db239fdfdf7e8dca4d4db75ab84e065ce256c771a7036bc0b214374a02ee11ded719c8dd94c20a43dc719f4c40be56f2845cbce52f95cce765698d65a368584d3257b0042bac561d47fa4031bc6b981ccc868bce3a6fa013611b64465731ff8dd365305cb5ea24e0318704e39457514b7f2beac2b846d848366b997251e7046eb194a83962d71ecd41fd978cbe3395727595661a7312561e6270dbb15fb6d27444d81eeb9cd137a9415d1c4d4b6ebc1cd231deba840093a01c17681e6da11a28337d74fa6d01c4b4f03beafb0687ce436cdc547051dc727e45520b83ca120caca53b6b5f596c2ae4b08bebb195785a355bccd0a1e750504cc894684f4440b85559c88b43a83ac454afe438afb8ee3a28d034a6d367a2c23504537307e7bc741deeca1328d6b6c89897b17efc8ba5e914d503c711759968f22dab4bc427c96aeb0b564dfc3e35b07b96b53aee614ec8a4613e195fa5765e21a7ad16afe3bb5ddb3ca885b6bd58d10cb9504621805ba1f1f69e4d51bdf1d9388eb53c94eb82790f59480a3cc1425074ca826d534bfe8ebb86938606af2d422a32b9a8bf26538607a4c004c2f1a205db4b0573dd06e4c7bb18930a41e7e17627aec048998ea4e0ea4de1c516ba69a96f331ef998e6bbfbcfa56f66ff54c107caeb15680f78ce56653a96fe94ca8db3ab0d0de8ec0d35931294cdedb2e74035fd06dfb50e750d409560e2c65c66c23ca6f75f8154ce052142a280edb29a86406e5c2900488c57309a5798677c471feb36cfa7a7aaa0f3edc5536ffb70da6238d78ca66df4216c7042957f2da7bcda9a832d559e8e6f91b8488fdfd15ae4c7f5aa2c070a2d29df25a4c7001ef9dd3341ac6f5f08cefde918403204192cb929188321f19b48109139780abe7be113c834b6a92d027c524274fd6c162d3ad18d2ab5de57e710bca34bc1123697b1b3064b8a2473ea642bbe6f528d2f8f3e3292b566f7b04ccb0f06729a2149efc02c0bc2a8afb3a4dcf1e0f0601637a37d5c93b1dfdbcc904b80eb29ad644ea9c9d6738f48c782a126420d40cbfaa0b171a621ab161ce9be47a2e0a9d8eab3b889841fe9765a222d007c322a12c63f9c4a5dfa6358bd5f7eeff5e82d55c0177b5ab45f3b31aa462407cf5b9a9d77ac08b959ba9d3189da2b72bcada09301bece55dd0446e8627857026c7ca1cc0f662114f80c27631895a4e3cf27e712111a227995a91ba58f64b7c31c6408f5d86ed4859ba06846ffe367f08b7207060a452cf0e382c1b0349fed26eef9a60e7cd2d0f17b7cba6262f4f22946bd2e8053b9136c6f8209c06b1845495e8548ad002c953d281127f2383b23cd1f889aacfa12e54c97039e6fb73dd2cc26b0f768386e9aadb10644505eeb47905f6aef49a8207365c0ac087b614820db4a0fa6af41ea5458f6189dc2016f42c879c814e48cff63a313acfcf71b8fc7c52c699bc26cf5f4a06bfa479837a2bcbba55d1c78f38c5557b3066a9677b7f865aaf1b8d3c52716d01cbb29264712559dd526c0d5347540d3460d66ab3e71c738a750bf3460ee70b69512024cc81786cd10ac1101aed5c288d734b21ec39ae972e8f06a8a93feccbd00d61777cf8fac431b4dfe5f8e40eb1ba587d638eea78d07e379375a7606b607521c594e57a1930e925e3c3c8ea97a8ccb15ffe8b7008361bbff06bd5f2414f733642d35c876456f2883290fae1e25737169bd9651400921b738c9ccb0143f9f75af87c0605286e25e60290226b450ae75e6bced7e60679ad2d4675b5fd65a45f2eb62e6d34959dd7f95d1b9e6d99c085f41a3c236ebd36d87e91ba2131b3e9535c913f4a7675bd6cb9e04bd0b5cb521ab2da3f64bdb7fad9b95bd32af970ab2eb64e6456308027951d49e1d216ef1ed43ab04f0a9e93898ab15f2bb76e5e7e6f5f1238295fdb96a195129aae71977f4d57f895c6ff51803ff3bbed8414b1f20833a8d6f7e418adf5b15462ba10f58801d3b07c2bdf4967c9fb6ea750b97f945d543b8601219194ab5830c3918445b940b9905bbc6aea4008b342b4ba2afbd7298f378187e5ce35289a31217d7819ea9a04e09bc9a803a62d43179027e82a4c113daafbd79b8309593bf3ed312dd0423213760bc5f4e7874db046ea5d5f7a5cb2b30481ee27089ae570154ba157242c9c7fcabcdfe1992b862c743d1e57c17c41a8634dbfd59b9f3f6219615b5f968d599d439ca3179348187c3073d2ba6096727ef7e01e1936bdf178bdf655323fcca5ef3e0478e84e44c89f883e00776c7e706e16d0560ecb1b261c0fa7fbad988fb92f2e93e125cc2e5d4b41396a0dcb9e3ef1c18c1ff2bb1be601cb3b26496a2d326edd0052676a734d014e90b52b8df743c46624ed412916ba35f8b1eeb4b6a40523beff6d2da51c09b75b86d2789fbf1a70de6cdd34d7cb4ac9c36d921653794a74a113bb267cfcc43f42da515a43f9e7fb8c5d94c47c455afd2910742699e4948ea129d6407c0140ecb19b4d9c8e4573f7b86b75df25d0bd31740fd4f4f8371e12a18001f65d245ad5dbfb3df296a762ef43174434489bb3b8bd7f1ef0bef882ed81d861b077b702bbfed472af599de8520949a1cb85c92e1b0c52ef27c557f4de3ddfc61492d3eb37fe63f3bad69efb6c0dab490e86163e25ab16ab9a47e2629a9a3a4f1335a389b7c630e9bf86fbdc5a6e690a66d338d84d8711ff255fd64119213649d7fd94d531d4e624a6e488d380c33340d29f0f8096f310b7a43a5232040370c370dab3d81951a0203d232603276be84f38b446a12c51fa0869f7dd171316a55c3ec517bef6b7577244185bacf35ba8f7d3c472ae1891fceb46e255cd9877a83cde3c3630c99489c9f3caf738d004a25b67e5275981b0432f9355df0f144374c6602f3e840fe63e3ac0dc11b645943975c03b75ce8bf7596357dd20ac538b1cbf47ea65decb58e557394cc0262de96973e4c9d0f2f6a93ff242f18bb16e5dcf3e8952c379750569a25974880b09602bf6debf785400739fbb27e7730eb618ed8cd23a0c42a252b97e6d06899ad5d84a1fdaa2650593292180704ce0891fe70180adaefbb508b159dc5fcbd24548f93f4f7095ef0d83383a2864739a7811854c2b8f17679f08d4f3881422bab048e4697f8e9bf0cfe7b14d5db8ccdc5521bb5d0e1b571181f265bc07c3f826dee89f26a8174aab197a21eda0ec714aca79f3ae1062571173ecb95728694e361a23cd64e965f4e67c298b833e80a7d01af7cf61dff083fedeb50882cbcf52604fed7120b9ae2b6a08476d88448e3a169667695f5fe2ccffb5016658a3b741b51c28b11fd13b8d3562f7dbdd0bf11de15ed747cfb9eff60abda491f6cc8098758369c9d3ae645a1004fd74da5eaa80929abc99621253f30a5e2ffbb19251cf5a5251dd6d21d56dedc5002171ba2d5589771cae3a0a8791b52104779bc0ea1e3532826988cd0666dd06b16b9071a1b7b0a08328bf53e2447116fbf73bf4fef36ef685bcde5aa195458d3a2f708dc00685554a83237cb53225b886189afce4b49926b38ac5b3e1443f5f191454d167aa4930001ed8fea5ac2fecfe605684957554db8dbd4470af71d7a876fd610b62cb704a2da480e5c419cd0fcdd9abb051b6aaf776d01eaa8447351b20bf10ecb39c69735682dd6f7eb5ea60bfaedfdc5ce9d719e210613324656b1856fe41af960d0f5d93c0edee0d71bdff0771a5c0d6e856b15389a3379f175f8c6de7c18a225f9789d6de9033cd92de1ffb2bbf9b2acc36e83ee60f324dc9b19645896f096f826baded6e9ca50c4b3ca91de578aaf6fd8bb75076222ec45884bbca3469dec275cf93904198022fc9e0420c2b1de9f629b2ca10af1f8e035a98819a9bb253ec7202251f6349a084add7f7eff39ddd9459a16b2d94930e2f1a37c8d1a7a91b39c53db91db50b6362dcf9381072f0b49d39ef92394f6e598484b9a3253888caf82fed6650d9d8c3980700e07d6a85852e1d8bc92e87241f71c4d9a4c11b37648d3e0bccb2c3ee29f195d93770ecb6d4e4ea7b42128d3af4aa29df5492ad4fcc5da7a4510d8020c38a35d957c1ae16baedcc27332af8ba43d2f3ede78a8ab02668a6f35e80c55993bb8de60494f0a380ec829f750af7884e5f379b257d83703dd54152ae419e45f1ff4d7eb2fcae3d165b249e946efd3fc83241ae3474eae169c8d84c52ff20201224cf16294db100ea7737f9296d63f00c6c3fdeddc6e679b86a98c46f5372c163810db8c87d4c2e042336d453f27c851f1e6262d81961bdbb331dc0be09679f2a9fe44b4c307d7883297f07b022968201da3fd3baa3a0e4a26c5dea62bae89340ae05abb59a513d87be672673233f348a68dd944b0ffdf8459ba372c64c5203d941978d5fbd5c181c192654cf477887cf7e30f4e25bd5be1e7f3e2a7b60eb7bd090ca06ddc4e931d531a273321e5200d04561ee404532a989865e1654d7abde7e6daff3abc1264b01ed039e7a3e9f6fddeaf0a916b3a5dd672d45f5f607d857070449985ad45d5fcd17bc5b34beb2c16a576a55c5b14e4dc3235a7232554ceb4d39e040a5b62abbb8422f99afdca257cf29745b84111f4b234a0eb1c0080d97bdaf3a4fda097681a484a171035562b50f3d32a40e41dc559d868ee4b1c28f21915a5b1b80cd920cb4a8cec521343b96538324900570aa5c3af8e9029801baa8a1dbca81efd5c19aeacc1f17fb11da7696ab468746414ca51a09b08c35d66cdfc93840d5844e9ddb8caf3d1e906aef5032e389505f07667741e146df628452ebea9c777905554c8a5b486ec053bacf4500655a7d2c165da43a052f08d41be71598e746425bbacac7d7a7022734dc0bcb40433754b4b6f88ac83fe8c0513e1cc96173b43829f36a8ac241a898087332dd0120d3ae2b081419ad64cc0d68c4ef765b9030b22773c7f92b9f4a9d9d2b1f90ce3117d7cb306651246f457e2a752646135d0f78f074c49027a5e983bcc7905bf6f54a6fcd5d79b456e5d75fc2919b54a45cbbf590ac7ef2a0b2251353af024753d3088f907baefbd59cf521c441644dbb22a95dedc67184c372e2127ffc01c704e1ba9848c65f8a0583908e7b7dd33df7a4541f04927f40c850de148eb26b7bee3bab28fee5fc590eaa7ffb1807fa19f0172ec580dc8fe990c0e906f2091654c62a70321cb649eee6a922d17b3c5e1fe3060100077d43e562912b923c0340618e667b915259b310538b19d86386efd50ce7c0971"})
sendfile(r1, r2, 0x0, 0x8000fffffffe)
r11 = socket(0x10, 0x0, 0x0)
r12 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r12, 0x84, 0x1d, &(0x7f0000000240)=ANY=[@ANYBLOB="06000000ecb2d962f744398a5ae0e918cf03c9d61e32ef54a439c358f4b0be5eda008d6042dcde74792574852662c5e47a47c17244708202e803e88e3094b6dda6c74ed7ccf9348f38f4f72902b69e35b22007d9503c0b840875641e7cb159f4cd7c69f8771b0f5456ad793a4ca862fc89c2b17fa46a866fbbac7ff4039541fc768b572fe415d5c707e87a9f2a09d04d77570673de4c5a11850c77c1423208fe", @ANYRES32=<r13=>0x0], &(0x7f000095dffc)=0x8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r14=>0xffffffffffffffff})
r15 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r16 = dup2(r14, r15)
ioctl$PERF_EVENT_IOC_ENABLE(r16, 0x8912, 0x400200)
ioctl$EVIOCGKEYCODE_V2(r16, 0x80284504, &(0x7f0000000300)=""/89)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r12, 0x84, 0x70, &(0x7f0000000080)={r13, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
ioctl$EXT4_IOC_SWAP_BOOT(r12, 0x6611)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r11, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r13, 0x80, 0x6}, 0xc)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000180)={r13, @in={{0x2, 0x4e21, @remote}}, 0x8000, 0x3, 0x7fffffff, 0x470a, 0x40}, &(0x7f00000000c0)=0x98)

[ 1261.511217][T22242] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1261.519184][T22242] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:03 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

[ 1261.657236][T22242] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1261.671681][T22242] CPU: 1 PID: 22242 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1261.679349][T22242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1261.689397][T22242] Call Trace:
[ 1261.692688][T22242]  dump_stack+0x172/0x1f0
[ 1261.697026][T22242]  handle_userfault.cold+0x41/0x5d
[ 1261.702139][T22242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1261.708394][T22242]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1261.713673][T22242]  ? find_get_entry+0x535/0x880
[ 1261.718529][T22242]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1261.724248][T22242]  ? ___might_sleep+0x163/0x2c0
[ 1261.729118][T22242]  ? __kasan_check_read+0x11/0x20
[ 1261.734144][T22242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1261.740393][T22242]  ? find_lock_entry+0x1a7/0x560
[ 1261.745329][T22242]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1261.751486][T22242]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1261.756610][T22242]  ? shmem_unuse_inode+0x1010/0x1010
[ 1261.761923][T22242]  ? lock_downgrade+0x920/0x920
[ 1261.766793][T22242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1261.773032][T22242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1261.779271][T22242]  shmem_fault+0x22a/0x7b0
[ 1261.783697][T22242]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1261.783714][T22242]  ? find_get_entry+0x880/0x880
[ 1261.794509][T22242]  ? pmd_val+0x85/0x100
[ 1261.798669][T22242]  __do_fault+0x111/0x540
[ 1261.802997][T22242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1261.803017][T22242]  __handle_mm_fault+0x2dca/0x4040
[ 1261.803045][T22242]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1261.803060][T22242]  ? handle_mm_fault+0x292/0xa80
[ 1261.824809][T22242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1261.831053][T22242]  ? __kasan_check_read+0x11/0x20
[ 1261.836081][T22242]  handle_mm_fault+0x3b7/0xa80
[ 1261.840853][T22242]  __do_page_fault+0x536/0xdd0
[ 1261.845633][T22242]  do_page_fault+0x38/0x590
[ 1261.850119][T22242]  page_fault+0x39/0x40
[ 1261.850130][T22242] RIP: 0033:0x4533a0
[ 1261.850144][T22242] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1261.877725][T22242] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1261.883785][T22242] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1261.891775][T22242] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1261.899759][T22242] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
01:39:03 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xe8030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:03 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xf1ffffff, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:03 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x28385}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1261.899769][T22242] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1261.899778][T22242] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:04 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0xffffffff00000000, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:04 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xfff, 0x426002)
ioctl$CAPI_CLR_FLAGS(r0, 0x80044325, &(0x7f0000000040))
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

01:39:04 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7, 0x900)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xfcffffff, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:04 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:04 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:04 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf0030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1262.361331][T22772] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1262.372385][T22772] CPU: 1 PID: 22772 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1262.379936][T22772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1262.379942][T22772] Call Trace:
[ 1262.379966][T22772]  dump_stack+0x172/0x1f0
[ 1262.379992][T22772]  handle_userfault.cold+0x41/0x5d
[ 1262.380009][T22772]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1262.380037][T22772]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1262.380053][T22772]  ? find_get_entry+0x535/0x880
[ 1262.380074][T22772]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1262.380088][T22772]  ? ___might_sleep+0x163/0x2c0
[ 1262.380110][T22772]  ? __kasan_check_read+0x11/0x20
[ 1262.380124][T22772]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1262.380144][T22772]  ? find_lock_entry+0x1a7/0x560
[ 1262.380156][T22772]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1262.380175][T22772]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1262.425128][T22772]  ? shmem_unuse_inode+0x1010/0x1010
[ 1262.462576][T22772]  ? lock_downgrade+0x920/0x920
[ 1262.462592][T22772]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1262.462609][T22772]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1262.479893][T22772]  shmem_fault+0x22a/0x7b0
[ 1262.484316][T22772]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1262.490296][T22772]  ? find_get_entry+0x880/0x880
[ 1262.495149][T22772]  ? pmd_val+0x85/0x100
[ 1262.499312][T22772]  __do_fault+0x111/0x540
[ 1262.499327][T22772]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1262.499344][T22772]  __handle_mm_fault+0x2dca/0x4040
[ 1262.514971][T22772]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1262.520550][T22772]  ? handle_mm_fault+0x292/0xa80
[ 1262.525497][T22772]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1262.531744][T22772]  ? __kasan_check_read+0x11/0x20
[ 1262.536770][T22772]  handle_mm_fault+0x3b7/0xa80
[ 1262.541548][T22772]  __do_page_fault+0x536/0xdd0
[ 1262.546336][T22772]  do_page_fault+0x38/0x590
[ 1262.550844][T22772]  page_fault+0x39/0x40
[ 1262.554992][T22772] RIP: 0033:0x4533a0
01:39:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xffffa888, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1262.558881][T22772] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1262.578488][T22772] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1262.578499][T22772] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1262.578507][T22772] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1262.578533][T22772] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
01:39:04 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4b61, 0x1f, 0x7fff, 0x7fffffff}, {0x8, 0xccc, 0x858, 0x5}, {0x9, 0xa67d, 0x2}, {0xf1, 0x4, 0x3, 0x10000}, {0x1a, 0x8, 0x7, 0x800}]})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000180)={0x7, 0x0, [{0x1, 0x1, 0x0, 0x0, @sint={0x6c4, 0x2}}, {0xf1, 0x3, 0x0, 0x0, @msi={0x1, 0x6, 0x5}}, {0xfffffffffffffff7, 0x1, 0x0, 0x0, @msi={0x9, 0x401, 0x40}}, {0x10, 0x2, 0x0, 0x0, @adapter={0x5, 0x1d, 0x1, 0x7fff, 0x100000001}}, {0x3, 0x1, 0x0, 0x0, @sint={0x7}}, {0x68, 0x2, 0x0, 0x0, @irqchip={0x3, 0x6}}, {0x7fff, 0x1, 0x0, 0x0, @adapter={0x8000, 0x5, 0x1, 0x3, 0x3}}]})

[ 1262.578542][T22772] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1262.578550][T22772] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:04 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:04 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x2)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:04 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:04 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xfffff000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:04 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
futimesat(r1, &(0x7f0000000000)='./bus\x00', &(0x7f0000000040)={{0x0, 0x7530}, {0x77359400}})
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:04 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf1030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1263.021537][T23107] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1263.050248][T23107] CPU: 1 PID: 23107 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1263.057898][T23107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1263.057904][T23107] Call Trace:
[ 1263.057930][T23107]  dump_stack+0x172/0x1f0
[ 1263.075548][T23107]  handle_userfault.cold+0x41/0x5d
[ 1263.080657][T23107]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1263.086925][T23107]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1263.092208][T23107]  ? find_get_entry+0x535/0x880
[ 1263.097062][T23107]  ? __kasan_check_read+0x11/0x20
[ 1263.102086][T23107]  ? mark_lock+0xc2/0x1220
[ 1263.102105][T23107]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1263.102129][T23107]  ? __kasan_check_read+0x11/0x20
[ 1263.102144][T23107]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1263.102163][T23107]  ? find_lock_entry+0x1a7/0x560
[ 1263.128425][T23107]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1263.134608][T23107]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1263.139752][T23107]  ? shmem_unuse_inode+0x1010/0x1010
[ 1263.145035][T23107]  ? lock_downgrade+0x920/0x920
[ 1263.145052][T23107]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1263.145066][T23107]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1263.145086][T23107]  shmem_fault+0x22a/0x7b0
[ 1263.145107][T23107]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1263.145131][T23107]  ? find_get_entry+0x880/0x880
[ 1263.162395][T23107]  ? pmd_val+0x85/0x100
[ 1263.162414][T23107]  __do_fault+0x111/0x540
[ 1263.162429][T23107]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1263.162447][T23107]  __handle_mm_fault+0x2dca/0x4040
01:39:05 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
recvfrom$unix(r1, &(0x7f0000000040)=""/44, 0x2c, 0x2001, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$VIDIOC_ENUMAUDIO(r5, 0xc0345641, &(0x7f0000000000)={0x5, "d35618b8ec0c31d16a7f51005ece6d1458b3fbf7497adb00688136e558ba4660", 0x2, 0x3})
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1263.162465][T23107]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1263.192328][T23107]  ? handle_mm_fault+0x292/0xa80
[ 1263.192353][T23107]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1263.192374][T23107]  ? __kasan_check_read+0x11/0x20
[ 1263.192391][T23107]  handle_mm_fault+0x3b7/0xa80
[ 1263.219170][T23107]  __do_page_fault+0x536/0xdd0
[ 1263.219200][T23107]  do_page_fault+0x38/0x590
[ 1263.219237][T23107]  page_fault+0x39/0x40
[ 1263.219255][T23107] RIP: 0033:0x4533a0
[ 1263.233246][T23107] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1263.233255][T23107] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1263.233267][T23107] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1263.233276][T23107] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1263.233284][T23107] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1263.233293][T23107] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1263.233301][T23107] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:05 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:05 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
connect$caif(0xffffffffffffffff, &(0x7f0000000000)=@dbg={0x25, 0x7420, 0x4}, 0x18)

01:39:05 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xffffff7f, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1263.532200][T23107] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1263.537788][T23107] CPU: 0 PID: 23107 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1263.545330][T23107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1263.555377][T23107] Call Trace:
[ 1263.558780][T23107]  dump_stack+0x172/0x1f0
[ 1263.563119][T23107]  handle_userfault.cold+0x41/0x5d
[ 1263.568233][T23107]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1263.574485][T23107]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1263.579776][T23107]  ? find_get_entry+0x535/0x880
[ 1263.584643][T23107]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1263.590353][T23107]  ? ___might_sleep+0x163/0x2c0
[ 1263.595203][T23107]  ? __kasan_check_read+0x11/0x20
[ 1263.600223][T23107]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1263.606469][T23107]  ? find_lock_entry+0x1a7/0x560
[ 1263.611402][T23107]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1263.617559][T23107]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1263.622680][T23107]  ? shmem_unuse_inode+0x1010/0x1010
[ 1263.627957][T23107]  ? lock_downgrade+0x920/0x920
[ 1263.632797][T23107]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1263.639034][T23107]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1263.645283][T23107]  shmem_fault+0x22a/0x7b0
[ 1263.649697][T23107]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1263.655678][T23107]  ? find_get_entry+0x880/0x880
[ 1263.660533][T23107]  ? pmd_val+0x85/0x100
[ 1263.664687][T23107]  __do_fault+0x111/0x540
[ 1263.669010][T23107]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1263.675246][T23107]  __handle_mm_fault+0x2dca/0x4040
[ 1263.680353][T23107]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1263.685893][T23107]  ? handle_mm_fault+0x292/0xa80
[ 1263.690834][T23107]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1263.697077][T23107]  ? __kasan_check_read+0x11/0x20
[ 1263.702125][T23107]  handle_mm_fault+0x3b7/0xa80
[ 1263.706890][T23107]  __do_page_fault+0x536/0xdd0
[ 1263.711663][T23107]  do_page_fault+0x38/0x590
[ 1263.716163][T23107]  page_fault+0x39/0x40
[ 1263.720309][T23107] RIP: 0033:0x4533a0
[ 1263.724196][T23107] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1263.743791][T23107] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1263.749869][T23107] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1263.757838][T23107] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1263.765798][T23107] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1263.773757][T23107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1263.781721][T23107] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:05 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:06 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf2030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:06 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x3)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xffffff9e, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:06 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$sock_inet_SIOCGIFNETMASK(r5, 0x891b, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x4e20, @remote}})

01:39:06 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1], 0x2}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:06 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x4)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xfffffff0, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:06 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf3030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:06 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
fsetxattr(r3, &(0x7f0000000040)=@random={'trusted.', '/dev/urandom\x00'}, &(0x7f0000000080)='+*\x00', 0x3, 0x2)

01:39:06 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1], 0x2}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:06 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1], 0x2}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xfffffff1, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:06 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:06 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf4010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:06 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:06 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xfffffffc, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:07 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:07 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x5)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:07 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:07 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$SG_GET_COMMAND_Q(r5, 0x2270, &(0x7f0000000180))
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c010000f108ff9968481b60ce29d7a575c47ad91bab8bd1006ccfb75be6f4bd6d177efe99f3f4e370b3de13b4b7105b30334900c43ffe13a9b995ab786c0384ab30cc2cd26ccd92bbca15b31f59a63614fd2f3eed6ddf49c9577a0c6fe2555e5fd7320e56fe0167dfde7894ce4ec04cb2c6e5abcf8dd509a5e8544aeb87576af91bfd8a7196e72856889f5e27741cb75d386f60268bb8b7208d2fc6defeb34a634f5e10457f6dc13a42e0f17ed06a39e8d65fdbbe993274e319f88248cd2d6fb49f65ed3170228f5ad398f429c18c1de91fc7f7e9085aca0dadd88286df9d9a86fee41e454452dc90ea2121d3c2eb3c834caa87449272f7ad2e564b6ae8a7d6b98a9d490ad069887511bd7df4205614818147e01d1a5ae059a0af90143445a469f6112887f033b54367bde52255eadb129ec6d21d030de3d2b6d664534db25820ba7671b139ebd9863a529f7b429a5227bbd3d9dc37abf52e0488ac48ef22c95606abb23e26a638ccf421b204183ddc2dd0f4e0344e59b78de2065feb9d0923c5cb1bc325228675d1a75db9994d3a0e2c4ccc2526a16b293b4d2e62a37095aafcf9a2024ad9986137cb5bd7bf149f9b8847db1a2d43e6ef149889d4b93beef19632030b728c0f984cb8ebd24d7b00"/477, @ANYRES16=r6, @ANYBLOB="0e0029bd7000fedbdf25080000009c0001000c00020008000200060000002c0004001400010002004e247f00000100000000000000001400020002004e230000000000000000000000001400010069623a626f6e645f736c6176655f300044000400200001000a004e22000000070000000000000000000000000000000102000000200002000a004e21fffffff779d8426b24ac1d36c501c4f941618d8a00010000080003007f0000000c0009000800010092fcffff180007000c0003000700000000000000080001000104000034000700080002007c0f000008000200050000000c000400ff000000000000000c000300080000000000000008000200830f000004000900100002000400040008000100bda30000"], 0x11c}}, 0x8000)

01:39:07 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x408300000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:07 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf4030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:07 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e0000000900"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1265.727277][T23778] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1265.732657][T23778] CPU: 1 PID: 23778 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1265.740196][T23778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1265.750261][T23778] Call Trace:
[ 1265.753548][T23778]  dump_stack+0x172/0x1f0
[ 1265.757881][T23778]  handle_userfault.cold+0x41/0x5d
[ 1265.762995][T23778]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1265.769278][T23778]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1265.774563][T23778]  ? find_get_entry+0x535/0x880
[ 1265.779418][T23778]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1265.785138][T23778]  ? ___might_sleep+0x163/0x2c0
[ 1265.789985][T23778]  ? __kasan_check_read+0x11/0x20
[ 1265.794996][T23778]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1265.801234][T23778]  ? find_lock_entry+0x1a7/0x560
[ 1265.806162][T23778]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1265.812335][T23778]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1265.817459][T23778]  ? shmem_unuse_inode+0x1010/0x1010
[ 1265.822743][T23778]  ? lock_downgrade+0x920/0x920
[ 1265.827599][T23778]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1265.833834][T23778]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1265.840075][T23778]  shmem_fault+0x22a/0x7b0
[ 1265.844539][T23778]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1265.850542][T23778]  ? find_get_entry+0x880/0x880
[ 1265.855398][T23778]  ? pmd_val+0x85/0x100
[ 1265.859551][T23778]  __do_fault+0x111/0x540
[ 1265.863875][T23778]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1265.870118][T23778]  __handle_mm_fault+0x2dca/0x4040
[ 1265.875230][T23778]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1265.880765][T23778]  ? handle_mm_fault+0x292/0xa80
[ 1265.885704][T23778]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1265.891943][T23778]  ? __kasan_check_read+0x11/0x20
[ 1265.896960][T23778]  handle_mm_fault+0x3b7/0xa80
[ 1265.901738][T23778]  __do_page_fault+0x536/0xdd0
[ 1265.906501][T23778]  do_page_fault+0x38/0x590
[ 1265.911000][T23778]  page_fault+0x39/0x40
[ 1265.915143][T23778] RIP: 0033:0x4533a0
[ 1265.919043][T23778] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1265.938637][T23778] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1265.944694][T23778] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1265.952655][T23778] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1265.960628][T23778] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1265.968596][T23778] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
01:39:08 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x40030000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1265.976562][T23778] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:08 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf8030000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:08 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080))
read(r3, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r3)
r4 = dup2(0xffffffffffffffff, r3)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80010}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x28, r5, 0x200, 0x70bd29, 0x25dfdbfd, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4010)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:08 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e0000000900"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:08 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e0000000900"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:08 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xf0ffffffffffff, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1266.254208][    C1] net_ratelimit: 12 callbacks suppressed
[ 1266.254216][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1266.265736][    C1] protocol 88fb is buggy, dev hsr_slave_1
01:39:08 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x6)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:08 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f757465"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:08 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xff000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:08 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f757465"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:08 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x100000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1266.518402][T24011] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1266.540161][T24011] CPU: 1 PID: 24011 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1266.547743][T24011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1266.557799][T24011] Call Trace:
[ 1266.561096][T24011]  dump_stack+0x172/0x1f0
[ 1266.565444][T24011]  handle_userfault.cold+0x41/0x5d
[ 1266.570560][T24011]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1266.576814][T24011]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1266.576833][T24011]  ? find_get_entry+0x535/0x880
[ 1266.576854][T24011]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1266.586960][T24011]  ? ___might_sleep+0x163/0x2c0
[ 1266.586984][T24011]  ? __kasan_check_read+0x11/0x20
[ 1266.586998][T24011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1266.587017][T24011]  ? find_lock_entry+0x1a7/0x560
[ 1266.587035][T24011]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1266.597574][T24011]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1266.597612][T24011]  ? shmem_unuse_inode+0x1010/0x1010
[ 1266.608840][T24011]  ? lock_downgrade+0x920/0x920
[ 1266.630373][T24011]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1266.630391][T24011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1266.647669][T24011]  shmem_fault+0x22a/0x7b0
[ 1266.647693][T24011]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1266.647713][T24011]  ? find_get_entry+0x880/0x880
[ 1266.647748][T24011]  ? pmd_val+0x85/0x100
[ 1266.667077][T24011]  __do_fault+0x111/0x540
[ 1266.671404][T24011]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1266.671424][T24011]  __handle_mm_fault+0x2dca/0x4040
[ 1266.671444][T24011]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1266.671459][T24011]  ? handle_mm_fault+0x292/0xa80
[ 1266.671482][T24011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1266.693237][T24011]  ? __kasan_check_read+0x11/0x20
[ 1266.693259][T24011]  handle_mm_fault+0x3b7/0xa80
[ 1266.693282][T24011]  __do_page_fault+0x536/0xdd0
[ 1266.693305][T24011]  do_page_fault+0x38/0x590
[ 1266.693323][T24011]  page_fault+0x39/0x40
[ 1266.714041][T24011] RIP: 0033:0x4533a0
[ 1266.714057][T24011] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1266.714065][T24011] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1266.714077][T24011] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1266.714086][T24011] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1266.714094][T24011] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1266.714108][T24011] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
01:39:08 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f757465"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1266.746197][T24011] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:08 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x7)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:09 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xffffff8d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:09 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x200000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:09 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:09 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r0, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r3 = dup2(r1, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="fdd5dd22a76a5418843f3e325ea14f0660bd17b615dd9e142230860335a11bb6fff32738eb2968429f8b0d485821dfc5d3d84a66f8e0f0191587796ca0291aa2e31e1a80d574c0afb86f0436c13af055844da795cfd22c13d009649e1c59af7cb9f9535477d7a99686e6e402efc3349048a3052e4c808938223305c97272402a6ad1f9eb0f5bcfbf8599f92cd36771f7310205fd4923fabdb6c2de3f4a", 0x9d, 0xfffffffffffffff9)
r5 = add_key$user(&(0x7f00000002c0)='\x00\xbf\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000880)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xfffffffffffffe04, r4)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r7=>0x0)
keyctl$chown(0x4, r5, r6, r7)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r10 = dup2(r8, r9)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_RESET_STATS(r10, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000003c0)={&(0x7f0000000980)={0x360, r11, 0x200, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA={0x78, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x50b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6e05}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x70000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6c86}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_MEDIA={0xec, 0x5, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x957}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x59d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x25}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff00000001}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffff20e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_BEARER={0x17c, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9ec}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @loopback}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x1, @local}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x4, @ipv4={[], [], @broadcast}, 0x7}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x9, @mcast2, 0xfff}}, {0x14, 0x2, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x3f, 0x200, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0xfffffffffffff001, @local, 0xe1}}}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffffffffec03}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x60}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}]}]}, @TIPC_NLA_LINK={0x10, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffffffff636d}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x81}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}]}, 0x360}, 0x1, 0x0, 0x0, 0x800}, 0x20004190)
r12 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r14=>0x0)
r15 = socket$nl_generic(0x10, 0x3, 0x10)
r16 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_PEER_GET(r15, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x20, r16, 0x701, 0x0, 0x0, {0x13, 0x0, 0xfffffffffffff000}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x5}]}]}, 0x20}}, 0x0)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000d80)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x12297ed3a07fbda5}, 0xc, &(0x7f0000000580)={&(0x7f0000000d00)={0x64, r16, 0x4, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x50, 0x4, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x40}, 0x20000000)
keyctl$chown(0x4, r12, r13, r14)
mount$fuse(0x0, &(0x7f0000000000)='./bus/file0\x00', &(0x7f0000000040)='fuse\x00', 0x2000022, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=r6, @ANYBLOB=',group_id=', @ANYRESDEC=r14, @ANYBLOB="2c626c6b73697affbc44653d3078303030303030303030303030313430302c64656661756c745f7065726d697373046f6e732c6d61785f726561643d3078303030303030303030303030303030352c6d61785f726561cfe18cf8a8643d3078303030303030303030303030303030322c61707072616973652c1c697072616973655f747970653d696d617369672c6673757569643d249f3464006639652d366335332d303465392d6239395d2d34f031640b6537352c7065726d69745f646972656374696f2c6673757569643d643064e9353961062d393864632d64381b632d323964532d6f326239391a61322c66756e633d4d4f44554c455f43484543"])
sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe)

01:39:09 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1267.131387][T24234] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1267.141490][T24234] CPU: 0 PID: 24234 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1267.149049][T24234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1267.159105][T24234] Call Trace:
[ 1267.162409][T24234]  dump_stack+0x172/0x1f0
[ 1267.166752][T24234]  handle_userfault.cold+0x41/0x5d
[ 1267.171879][T24234]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1267.178135][T24234]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1267.183418][T24234]  ? find_get_entry+0x535/0x880
[ 1267.188267][T24234]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1267.193985][T24234]  ? ___might_sleep+0x163/0x2c0
[ 1267.198844][T24234]  ? __kasan_check_read+0x11/0x20
[ 1267.203866][T24234]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1267.210123][T24234]  ? find_lock_entry+0x1a7/0x560
[ 1267.215097][T24234]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1267.221257][T24234]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1267.226383][T24234]  ? shmem_unuse_inode+0x1010/0x1010
[ 1267.231670][T24234]  ? lock_downgrade+0x920/0x920
[ 1267.236539][T24234]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1267.242785][T24234]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1267.249034][T24234]  shmem_fault+0x22a/0x7b0
[ 1267.253456][T24234]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1267.259543][T24234]  ? find_get_entry+0x880/0x880
[ 1267.264393][T24234]  ? pmd_val+0x85/0x100
[ 1267.268674][T24234]  __do_fault+0x111/0x540
[ 1267.273008][T24234]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1267.279253][T24234]  __handle_mm_fault+0x2dca/0x4040
[ 1267.284370][T24234]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1267.289914][T24234]  ? handle_mm_fault+0x292/0xa80
[ 1267.294859][T24234]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1267.301103][T24234]  ? __kasan_check_read+0x11/0x20
[ 1267.306148][T24234]  handle_mm_fault+0x3b7/0xa80
[ 1267.310922][T24234]  __do_page_fault+0x536/0xdd0
[ 1267.315696][T24234]  do_page_fault+0x38/0x590
[ 1267.320204][T24234]  page_fault+0x39/0x40
[ 1267.324356][T24234] RIP: 0033:0x4533a0
[ 1267.328248][T24234] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1267.347842][T24234] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1267.353907][T24234] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1267.361864][T24234] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1267.369824][T24234] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
01:39:09 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1267.377784][T24234] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1267.385753][T24234] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1267.417069][T24244] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
[ 1267.491032][T24329] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
01:39:09 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x300000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:09 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f757465000000040002"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:09 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:09 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x9)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:09 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x400000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:09 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x6, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$NBD_SET_SOCK(r5, 0xab00, 0xffffffffffffffff)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:09 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f757465000000040002"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:10 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f757465000000040002"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:10 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000000)={0x0, 0x0, r1})
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r1, r5, 0x0, 0x8000fffffffe)

01:39:10 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r3, r4)
splice(r4, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x7)

[ 1268.084569][T24490] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1268.100505][T24490] CPU: 1 PID: 24490 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1268.108076][T24490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1268.118125][T24490] Call Trace:
[ 1268.121419][T24490]  dump_stack+0x172/0x1f0
[ 1268.125761][T24490]  handle_userfault.cold+0x41/0x5d
[ 1268.130880][T24490]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1268.137134][T24490]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1268.142417][T24490]  ? find_get_entry+0x535/0x880
[ 1268.147272][T24490]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1268.152986][T24490]  ? ___might_sleep+0x163/0x2c0
[ 1268.157837][T24490]  ? __kasan_check_read+0x11/0x20
[ 1268.162860][T24490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1268.169103][T24490]  ? find_lock_entry+0x1a7/0x560
[ 1268.174042][T24490]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1268.180196][T24490]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1268.185317][T24490]  ? shmem_unuse_inode+0x1010/0x1010
[ 1268.190598][T24490]  ? lock_downgrade+0x920/0x920
[ 1268.195444][T24490]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1268.201683][T24490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1268.207928][T24490]  shmem_fault+0x22a/0x7b0
[ 1268.212348][T24490]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1268.218322][T24490]  ? find_get_entry+0x880/0x880
[ 1268.223171][T24490]  ? pmd_val+0x85/0x100
[ 1268.227330][T24490]  __do_fault+0x111/0x540
[ 1268.231659][T24490]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1268.237901][T24490]  __handle_mm_fault+0x2dca/0x4040
[ 1268.243042][T24490]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1268.248585][T24490]  ? handle_mm_fault+0x292/0xa80
[ 1268.253527][T24490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1268.259762][T24490]  ? __kasan_check_read+0x11/0x20
[ 1268.264796][T24490]  handle_mm_fault+0x3b7/0xa80
[ 1268.264819][T24490]  __do_page_fault+0x536/0xdd0
[ 1268.264848][T24490]  do_page_fault+0x38/0x590
[ 1268.264867][T24490]  page_fault+0x39/0x40
01:39:10 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:10 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x500000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1268.282971][T24490] RIP: 0033:0x4533a0
[ 1268.286873][T24490] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1268.306469][T24490] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1268.312523][T24490] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1268.320492][T24490] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1268.328452][T24490] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1268.328478][T24490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1268.328485][T24490] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:10 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r3, r4)
r5 = socket(0x10, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r7=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x70, &(0x7f0000000080)={r7, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r7, 0x80, 0x6}, 0xc)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={<r8=>r7, 0x7fff}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000080)={r8, 0x1}, 0x8)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:10 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x2}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:10 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0xbb, 0x101000)
epoll_pwait(r1, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x9, 0x5, &(0x7f0000000180)={0x9}, 0x8)
ioctl$DRM_IOCTL_ADD_BUFS(r1, 0xc0206416, &(0x7f00000001c0)={0xffffffff, 0x7, 0x7, 0x5, 0x0, 0x6141fd40})
r2 = dup(r0)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)
pipe2(&(0x7f0000000200)={<r4=>0xffffffffffffffff}, 0x400)
getsockopt$inet_sctp_SCTP_NODELAY(r4, 0x84, 0x3, &(0x7f0000000240), &(0x7f0000000280)=0x4)

[ 1268.921125][T24559] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1268.926455][T24559] CPU: 0 PID: 24559 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1268.933998][T24559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1268.944037][T24559] Call Trace:
[ 1268.947320][T24559]  dump_stack+0x172/0x1f0
[ 1268.951633][T24559]  handle_userfault.cold+0x41/0x5d
[ 1268.956725][T24559]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1268.962983][T24559]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1268.968248][T24559]  ? find_get_entry+0x535/0x880
[ 1268.973087][T24559]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1268.978779][T24559]  ? ___might_sleep+0x163/0x2c0
[ 1268.983612][T24559]  ? __kasan_check_read+0x11/0x20
[ 1268.988615][T24559]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1268.994842][T24559]  ? find_lock_entry+0x1a7/0x560
[ 1268.999761][T24559]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1269.005897][T24559]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1269.010994][T24559]  ? shmem_unuse_inode+0x1010/0x1010
[ 1269.016271][T24559]  ? lock_downgrade+0x920/0x920
[ 1269.021109][T24559]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1269.027334][T24559]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1269.033557][T24559]  shmem_fault+0x22a/0x7b0
[ 1269.037947][T24559]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1269.043904][T24559]  ? find_get_entry+0x880/0x880
[ 1269.048729][T24559]  ? pmd_val+0x85/0x100
[ 1269.052866][T24559]  __do_fault+0x111/0x540
[ 1269.057169][T24559]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1269.063384][T24559]  __handle_mm_fault+0x2dca/0x4040
[ 1269.068474][T24559]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1269.073993][T24559]  ? handle_mm_fault+0x292/0xa80
[ 1269.078915][T24559]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1269.085127][T24559]  ? __kasan_check_read+0x11/0x20
[ 1269.090127][T24559]  handle_mm_fault+0x3b7/0xa80
[ 1269.094867][T24559]  __do_page_fault+0x536/0xdd0
[ 1269.099613][T24559]  do_page_fault+0x38/0x590
[ 1269.104105][T24559]  page_fault+0x39/0x40
[ 1269.108239][T24559] RIP: 0033:0x4533a0
[ 1269.112108][T24559] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1269.131705][T24559] RSP: 002b:00007fbdc8f557a8 EFLAGS: 00010202
[ 1269.137749][T24559] RAX: 00007fbdc8f55850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1269.145693][T24559] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f55850
[ 1269.153636][T24559] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1269.161577][T24559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f566d4
[ 1269.169528][T24559] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:11 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x48)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x600000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:11 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:11 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x2}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:11 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:11 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
ioctl$CAPI_GET_MANUFACTURER(0xffffffffffffffff, 0xc0044306, &(0x7f0000000000)=0x1)

01:39:11 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x2}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:11 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
dup(r0)
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r1, 0xee72)
sendfile(r0, r1, 0x0, 0x9)

[ 1269.488575][T24918] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1269.517240][T24918] CPU: 1 PID: 24918 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1269.524799][T24918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1269.534847][T24918] Call Trace:
[ 1269.538159][T24918]  dump_stack+0x172/0x1f0
[ 1269.542498][T24918]  handle_userfault.cold+0x41/0x5d
[ 1269.547619][T24918]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1269.553870][T24918]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1269.559269][T24918]  ? find_get_entry+0x535/0x880
[ 1269.564244][T24918]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1269.569984][T24918]  ? ___might_sleep+0x163/0x2c0
[ 1269.570010][T24918]  ? __kasan_check_read+0x11/0x20
[ 1269.579854][T24918]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1269.586115][T24918]  ? find_lock_entry+0x1a7/0x560
[ 1269.591049][T24918]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1269.591074][T24918]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1269.591101][T24918]  ? shmem_unuse_inode+0x1010/0x1010
[ 1269.607574][T24918]  ? lock_downgrade+0x920/0x920
[ 1269.612423][T24918]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1269.618661][T24918]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1269.624926][T24918]  shmem_fault+0x22a/0x7b0
[ 1269.629362][T24918]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1269.635338][T24918]  ? find_get_entry+0x880/0x880
[ 1269.640212][T24918]  ? pmd_val+0x85/0x100
[ 1269.644400][T24918]  __do_fault+0x111/0x540
[ 1269.648741][T24918]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1269.654987][T24918]  __handle_mm_fault+0x2dca/0x4040
[ 1269.660097][T24918]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1269.665671][T24918]  ? handle_mm_fault+0x292/0xa80
[ 1269.670638][T24918]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1269.676879][T24918]  ? __kasan_check_read+0x11/0x20
[ 1269.681906][T24918]  handle_mm_fault+0x3b7/0xa80
[ 1269.686672][T24918]  __do_page_fault+0x536/0xdd0
[ 1269.686694][T24918]  do_page_fault+0x38/0x590
[ 1269.695927][T24918]  page_fault+0x39/0x40
[ 1269.700081][T24918] RIP: 0033:0x4533a0
[ 1269.703968][T24918] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1269.723610][T24918] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1269.729674][T24918] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1269.737641][T24918] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1269.745610][T24918] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1269.753569][T24918] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
01:39:11 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r4, 0x10, 0x0, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
sendmsg$IPVS_CMD_DEL_SERVICE(r2, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x48, r4, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x3f6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x18}]}, 0x48}, 0x1, 0x0, 0x0, 0x8084}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r7 = dup2(r5, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
setsockopt$inet6_dccp_int(r7, 0x21, 0x34, &(0x7f0000000000)=0x1000, 0x4)

01:39:11 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:11 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff})
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_DESTROY_ID(r2, &(0x7f0000000200)={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r3}}, 0x18)

01:39:11 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x800000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1269.761542][T24918] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:12 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x4c)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:12 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:12 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@broadcast, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6}, 0x0, @in=@multicast2}}, &(0x7f0000000000)=0xe8)
ioprio_set$uid(0x3, r5, 0x4)
r6 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0xee72)
sendfile(r1, r6, 0x0, 0x8000fffffffe)

01:39:12 executing program 1:
r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/current\x00\xab\xa7}yw\xc1\xb9\"\xddh\x9c\xbc\x80\x93fEB\xa8%\xdas\xf8\r\xdac4\xa3\xd5\x96\'gFF\xee\xb9As\"\xbae\x95\xfe\xd2o\xb8\x90\x98Q\xbe\x10\xd4\x038\xb8\x1dG\xa2\b\xe0\xe5\b\xd8\xd1\xd4g5#\x91\x968\x04\xf3sa\xaf\x99\x95k\x9cFk\xb821\xa4\x1d\xfc8\xf4\xef)\xff\x9fO \x1f\xddsa\xc1\xf3\xd4t\x00)\xff\xbe\xf1`9\xde\x9e\x00r-\xa9!;\x0e\xc5&\t!Y\xf4\xa7\x82\x1b.\f\xd1\'u\xfe\xcb}\xe8+\b\xc2\xe2\x9bq\xd0.\x99I\xb6\x87%\xe9\xe3\xed\x83\xbf\x06o\x82\xb4\x95\xcf6a\xdc\xe2\x81\xe4\"\x1boO\xd3\xc4\tTW/e\r\x1e', 0x2, 0x0)
write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:sshd_key_t:s0\n', 0x20)

01:39:12 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x900000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:12 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:12 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr="868475a860d2807302005efe107f6213"}, 0x1c)

01:39:12 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:12 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xa00000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1270.212362][T25363] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1270.218276][T25363] CPU: 1 PID: 25363 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1270.225825][T25363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1270.235870][T25363] Call Trace:
[ 1270.239174][T25363]  dump_stack+0x172/0x1f0
[ 1270.239201][T25363]  handle_userfault.cold+0x41/0x5d
[ 1270.248617][T25363]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1270.248649][T25363]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1270.248665][T25363]  ? find_get_entry+0x535/0x880
[ 1270.248699][T25363]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1270.270724][T25363]  ? ___might_sleep+0x163/0x2c0
[ 1270.270745][T25363]  ? __kasan_check_read+0x11/0x20
[ 1270.280610][T25363]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1270.286852][T25363]  ? find_lock_entry+0x1a7/0x560
[ 1270.291778][T25363]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1270.291796][T25363]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1270.291819][T25363]  ? shmem_unuse_inode+0x1010/0x1010
[ 1270.308455][T25363]  ? lock_downgrade+0x920/0x920
[ 1270.313307][T25363]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1270.319552][T25363]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1270.325797][T25363]  shmem_fault+0x22a/0x7b0
[ 1270.325818][T25363]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1270.325837][T25363]  ? find_get_entry+0x880/0x880
[ 1270.325856][T25363]  ? pmd_val+0x85/0x100
[ 1270.345178][T25363]  __do_fault+0x111/0x540
[ 1270.345193][T25363]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1270.345210][T25363]  __handle_mm_fault+0x2dca/0x4040
[ 1270.345231][T25363]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1270.355746][T25363]  ? handle_mm_fault+0x292/0xa80
[ 1270.355772][T25363]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1270.355789][T25363]  ? __kasan_check_read+0x11/0x20
[ 1270.355807][T25363]  handle_mm_fault+0x3b7/0xa80
[ 1270.366415][T25363]  __do_page_fault+0x536/0xdd0
[ 1270.366437][T25363]  do_page_fault+0x38/0x590
[ 1270.382584][T25363]  page_fault+0x39/0x40
[ 1270.382598][T25363] RIP: 0033:0x4533a0
[ 1270.392070][T25363] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1270.392077][T25363] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1270.392087][T25363] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1270.392098][T25363] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1270.400694][T25363] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1270.400702][T25363] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
01:39:12 executing program 1:
socketpair$unix(0x1, 0x80001, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff})
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0x1)
setreuid(0x0, r4)
shmget$private(0x0, 0x1000, 0x800, &(0x7f0000ffd000/0x1000)=nil)

01:39:12 executing program 0:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @my=0x1}, 0x10)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

[ 1270.400710][T25363] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:12 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x900000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:12 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x60)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:12 executing program 1:
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
dup3(0xffffffffffffffff, r0, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'em1', 0x20, 0xdfc}, 0xfffffffffffffff5, 0xfffffffffffffffd)
r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe)
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
keyctl$update(0x2, r1, &(0x7f0000000000)="fd", 0x1)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8), 0x8, 0x0)
read(r2, &(0x7f0000000080)=""/128, 0x88308aa)

01:39:12 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x332, 0x0)

01:39:12 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xb00000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1270.742131][T25797] encrypted_key: insufficient parameters specified
01:39:12 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x2}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:12 executing program 1:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='proc\x00', 0x0, 0x0)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
getdents64(r3, &(0x7f00000002c0)=""/186, 0x2e0)
getdents64(r3, &(0x7f00000005c0)=""/4096, 0x1000)

01:39:12 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x2a0102, 0x0)
r4 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x2, 0x2)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{<r5=>0x0}]})
ioctl$DRM_IOCTL_UNLOCK(r4, 0x4008642b, &(0x7f0000000180)={r5, 0x35})
ioctl$DRM_IOCTL_RM_CTX(r3, 0xc0086421, &(0x7f0000000040)={r5, 0x1})
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1270.810083][T25797] encrypted_key: keyword 'new' not allowed when called from .update method
[ 1270.894249][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1270.900079][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1270.905936][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1270.911705][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1270.914245][T25801] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1270.922693][T25801] CPU: 1 PID: 25801 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1270.930225][T25801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1270.940279][T25801] Call Trace:
[ 1270.943576][T25801]  dump_stack+0x172/0x1f0
[ 1270.947917][T25801]  handle_userfault.cold+0x41/0x5d
[ 1270.953030][T25801]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1270.959278][T25801]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1270.964565][T25801]  ? find_get_entry+0x535/0x880
[ 1270.969417][T25801]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1270.975143][T25801]  ? ___might_sleep+0x163/0x2c0
[ 1270.980010][T25801]  ? __kasan_check_read+0x11/0x20
[ 1270.985032][T25801]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1270.991273][T25801]  ? find_lock_entry+0x1a7/0x560
[ 1270.996205][T25801]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1271.002356][T25801]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1271.007488][T25801]  ? shmem_unuse_inode+0x1010/0x1010
[ 1271.012792][T25801]  ? lock_downgrade+0x920/0x920
[ 1271.012808][T25801]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1271.012821][T25801]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1271.012842][T25801]  shmem_fault+0x22a/0x7b0
[ 1271.030106][T25801]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
01:39:13 executing program 1:
r0 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x10, 0x1)
ioctl$FS_IOC_FSGETXATTR(r0, 0x80045519, 0x0)

01:39:13 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:13 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xc00000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1271.030125][T25801]  ? find_get_entry+0x880/0x880
[ 1271.030144][T25801]  ? pmd_val+0x85/0x100
[ 1271.045320][T25801]  __do_fault+0x111/0x540
[ 1271.045334][T25801]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1271.045352][T25801]  __handle_mm_fault+0x2dca/0x4040
[ 1271.045371][T25801]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1271.045385][T25801]  ? handle_mm_fault+0x292/0xa80
[ 1271.060040][T25801]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1271.060057][T25801]  ? __kasan_check_read+0x11/0x20
[ 1271.060075][T25801]  handle_mm_fault+0x3b7/0xa80
[ 1271.060097][T25801]  __do_page_fault+0x536/0xdd0
[ 1271.060118][T25801]  do_page_fault+0x38/0x590
[ 1271.060135][T25801]  page_fault+0x39/0x40
[ 1271.070733][T25801] RIP: 0033:0x4533a0
[ 1271.070748][T25801] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1271.070755][T25801] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1271.070765][T25801] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
01:39:13 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x2}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1271.070773][T25801] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1271.070780][T25801] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1271.070787][T25801] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1271.070795][T25801] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:13 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = socket$inet6_dccp(0xa, 0x6, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000280)={0x0, <r6=>0x0}, &(0x7f00000002c0)=0xc)
r7 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r9=>0x0)
keyctl$chown(0x4, r7, r8, r9)
r10 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r11=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r12=>0x0)
keyctl$chown(0x4, r10, r11, r12)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
r14 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r15 = dup2(r13, r14)
ioctl$PERF_EVENT_IOC_ENABLE(r15, 0x8912, 0x400200)
getsockopt$inet6_IPV6_IPSEC_POLICY(r15, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0}}, {{@in6=@initdev}, 0x0, @in=@remote}}, &(0x7f0000000400)=0xe8)
r17 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r18=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r19=>0x0)
keyctl$chown(0x4, r17, r18, r19)
r20 = geteuid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r21=>0xffffffffffffffff})
r22 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r23 = dup2(r21, r22)
ioctl$PERF_EVENT_IOC_ENABLE(r23, 0x8912, 0x400200)
getsockopt$sock_cred(r23, 0x1, 0x11, &(0x7f0000000440)={0x0, <r24=>0x0}, &(0x7f0000000480)=0xc)
r25 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r26=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r27=>0x0)
keyctl$chown(0x4, r25, r26, r27)
r28 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r29=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r30=>0x0)
keyctl$chown(0x4, r28, r29, r30)
r31 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r32=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r33=>0x0)
keyctl$chown(0x4, r31, r32, r33)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000004c0)={0x0, 0x0, <r34=>0x0}, &(0x7f0000000500)=0xc)
r35 = getgid()
r36 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r37=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r38=>0x0)
keyctl$chown(0x4, r36, r37, r38)
r39 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r40=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r41=>0x0)
keyctl$chown(0x4, r39, r40, r41)
r42 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r43=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r44=>0x0)
keyctl$chown(0x4, r42, r43, r44)
r45 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r46=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r47=>0x0)
keyctl$chown(0x4, r45, r46, r47)
r48 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r49=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r50=>0x0)
keyctl$chown(0x4, r48, r49, r50)
getgroups(0x8, &(0x7f0000000540)=[r38, 0xee01, 0xee01, <r51=>r41, r44, r47, 0xee01, r50])
r52 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r53=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r54=>0x0)
keyctl$chown(0x4, r52, r53, r54)
r55 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r56=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r57=>0x0)
keyctl$chown(0x4, r55, r56, r57)
r58 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r59=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r60=>0x0)
keyctl$chown(0x4, r58, r59, r60)
r61 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r62=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r63=>0x0)
keyctl$chown(0x4, r61, r62, r63)
r64 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r65=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r66=>0x0)
keyctl$chown(0x4, r64, r65, r66)
getgroups(0x7, &(0x7f0000000580)=[r54, r57, r60, 0xee00, r63, r66, <r67=>0xffffffffffffffff])
fsetxattr$system_posix_acl(r2, &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f00000005c0)={{}, {0x1, 0x2}, [{0x2, 0x4, r6}, {0x2, 0x4, r8}, {0x2, 0x4, r11}, {0x2, 0x8, r16}, {0x2, 0x7, r18}, {0x2, 0x2, r20}, {0x2, 0x4, r24}], {0x4, 0x3}, [{0x8, 0x2, r27}, {0x8, 0x2, r30}, {0x8, 0x2, r33}, {0x8, 0x4, r34}, {0x8, 0x2, r35}, {0x8, 0x0, r51}, {0x8, 0xbb2f44df4d56a677, r67}], {0x10, 0x1}, {0x20, 0x2}}, 0x94, 0x2)
r68 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r68, 0xee72)
syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r69=>0xffffffffffffffff})
r70 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r69, r70)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r70, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e22, @local}, @in6={0xa, 0x4e20, 0x2, @loopback}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, @in6={0xa, 0x4e24, 0x5, @loopback, 0x5}, @in6={0xa, 0x4e20, 0x1000, @mcast1, 0xb48}, @in6={0xa, 0x4e20, 0x10001, @local, 0x7}, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e21, @empty}, @in6={0xa, 0x4e24, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x64ad7b5c}], 0xcc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r71=>0xffffffffffffffff})
r72 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r73 = dup2(r71, r72)
ioctl$PERF_EVENT_IOC_ENABLE(r73, 0x8912, 0x400200)
ioctl$BLKIOOPT(r73, 0x1279, &(0x7f0000000040))
sendfile(r1, r68, 0x0, 0x8000fffffffe)

01:39:13 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x68)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:13 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x20, r4, 0x701, 0x0, 0x0, {0x13, 0x0, 0xfffffffffffff000}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x5}]}]}, 0x20}}, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x202c00}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x24, r4, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x10, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x80800}, 0x20000180)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r1, r5, 0x0, 0x8000fffffffe)

01:39:13 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x2}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:13 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xe00000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1271.460683][T26133] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
01:39:13 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xe00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:13 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1271.630565][T26143] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1271.641803][T26143] CPU: 1 PID: 26143 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1271.649357][T26143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1271.659407][T26143] Call Trace:
[ 1271.662701][T26143]  dump_stack+0x172/0x1f0
[ 1271.667044][T26143]  handle_userfault.cold+0x41/0x5d
[ 1271.672165][T26143]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1271.678421][T26143]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1271.683703][T26143]  ? find_get_entry+0x535/0x880
[ 1271.688561][T26143]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1271.694282][T26143]  ? ___might_sleep+0x163/0x2c0
[ 1271.699140][T26143]  ? __kasan_check_read+0x11/0x20
[ 1271.704167][T26143]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1271.710406][T26143]  ? find_lock_entry+0x1a7/0x560
[ 1271.715365][T26143]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1271.721605][T26143]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1271.726723][T26143]  ? shmem_unuse_inode+0x1010/0x1010
[ 1271.732005][T26143]  ? lock_downgrade+0x920/0x920
[ 1271.736868][T26143]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1271.743103][T26143]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1271.749347][T26143]  shmem_fault+0x22a/0x7b0
[ 1271.753783][T26143]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1271.759769][T26143]  ? find_get_entry+0x880/0x880
[ 1271.764635][T26143]  ? pmd_val+0x85/0x100
[ 1271.768789][T26143]  __do_fault+0x111/0x540
[ 1271.773114][T26143]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
01:39:13 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x20, r4, 0x701, 0x0, 0x0, {0x13, 0x0, 0xfffffffffffff000}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x5}]}]}, 0x20}}, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x202c00}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x24, r4, 0x8, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0x10, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x80800}, 0x20000180)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r1, r5, 0x0, 0x8000fffffffe)

01:39:13 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r0, r1)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r2=>0x0})
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0x0, 0xffffffffffffffff, 0x0)
r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:39:13 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xf00000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:13 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1271.779362][T26143]  __handle_mm_fault+0x2dca/0x4040
[ 1271.784481][T26143]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1271.790028][T26143]  ? handle_mm_fault+0x292/0xa80
[ 1271.794979][T26143]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1271.801218][T26143]  ? __kasan_check_read+0x11/0x20
[ 1271.806252][T26143]  handle_mm_fault+0x3b7/0xa80
[ 1271.811022][T26143]  __do_page_fault+0x536/0xdd0
[ 1271.815788][T26143]  do_page_fault+0x38/0x590
[ 1271.820289][T26143]  page_fault+0x39/0x40
[ 1271.824451][T26143] RIP: 0033:0x4533a0
[ 1271.828351][T26143] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1271.847941][T26143] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1271.847952][T26143] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1271.847961][T26143] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1271.847969][T26143] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1271.847977][T26143] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1271.847986][T26143] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:14 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1271.997069][T26361] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
01:39:14 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:14 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x6c)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:14 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000000)=0x3)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:14 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x3f4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:14 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1000000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:14 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x1000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:14 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008b", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:14 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008b", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:14 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$inet6_dccp_int(r2, 0x21, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

[ 1272.476854][T26556] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1272.482302][T26556] CPU: 1 PID: 26556 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1272.489847][T26556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1272.499894][T26556] Call Trace:
[ 1272.503188][T26556]  dump_stack+0x172/0x1f0
[ 1272.507532][T26556]  handle_userfault.cold+0x41/0x5d
[ 1272.512645][T26556]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1272.518897][T26556]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1272.524183][T26556]  ? find_get_entry+0x535/0x880
[ 1272.529032][T26556]  ? __kasan_check_read+0x11/0x20
[ 1272.534051][T26556]  ? mark_lock+0xc2/0x1220
[ 1272.538486][T26556]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1272.544211][T26556]  ? __kasan_check_read+0x11/0x20
[ 1272.549231][T26556]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1272.555483][T26556]  ? find_lock_entry+0x1a7/0x560
[ 1272.560419][T26556]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1272.566610][T26556]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1272.571739][T26556]  ? shmem_unuse_inode+0x1010/0x1010
[ 1272.577114][T26556]  ? lock_downgrade+0x920/0x920
[ 1272.581965][T26556]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1272.588201][T26556]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1272.594438][T26556]  shmem_fault+0x22a/0x7b0
[ 1272.598859][T26556]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1272.604968][T26556]  ? find_get_entry+0x880/0x880
[ 1272.609825][T26556]  ? pmd_val+0x85/0x100
[ 1272.613978][T26556]  __do_fault+0x111/0x540
[ 1272.618305][T26556]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
01:39:14 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
fadvise64(r1, 0x0, 0x3, 0x4)
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r3, r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r5, r6)
getsockopt$sock_int(r5, 0x1, 0xbe3e0ff60b3d0fae, &(0x7f0000000040), &(0x7f0000000080)=0x4)
dup2(0xffffffffffffffff, r4)
ftruncate(r2, 0xee72)
execveat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', &(0x7f0000000380)=[&(0x7f00000001c0)='\x00', &(0x7f0000000200)='/dev/urandom\x00', &(0x7f0000000240)='/dev/urandom\x00', &(0x7f0000000280)='/dev/urandom\x00', &(0x7f00000002c0)='/dev/urandom\x00', &(0x7f0000000300)='/dev/urandom\x00', &(0x7f0000000340)='/dev/urandom\x00'], &(0x7f0000000580)=[&(0x7f00000003c0)='/dev/urandom\x00', &(0x7f0000000400)='keyringeth1&}-selinuxGPL+@:\x00', &(0x7f0000000440)='\x00', &(0x7f0000000480)='/dev/urandom\x00', &(0x7f00000004c0)='keyringproc%\x00', &(0x7f0000000500)='\'/.keyringnodevself]!\x00', &(0x7f0000000540)='self$$,\x00'], 0x800)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:14 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x1800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:14 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1100000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:14 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008b", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1272.624546][T26556]  __handle_mm_fault+0x2dca/0x4040
[ 1272.629664][T26556]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1272.635223][T26556]  ? handle_mm_fault+0x292/0xa80
[ 1272.640174][T26556]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1272.646428][T26556]  ? __kasan_check_read+0x11/0x20
[ 1272.651491][T26556]  handle_mm_fault+0x3b7/0xa80
[ 1272.656264][T26556]  __do_page_fault+0x536/0xdd0
[ 1272.661039][T26556]  do_page_fault+0x38/0x590
[ 1272.665545][T26556]  page_fault+0x39/0x40
[ 1272.669698][T26556] RIP: 0033:0x4533a0
[ 1272.673592][T26556] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1272.693185][T26556] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1272.693196][T26556] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1272.693205][T26556] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1272.693213][T26556] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1272.693221][T26556] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1272.693229][T26556] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:15 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x74)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:15 executing program 1:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x6800, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:15 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be400000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:15 executing program 0 (fault-call:6 fault-nth:0):
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:15 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1200000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:15 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:15 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be400000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1273.111091][T26724] FAULT_INJECTION: forcing a failure.
[ 1273.111091][T26724] name failslab, interval 1, probability 0, space 0, times 0
[ 1273.140825][T26724] CPU: 1 PID: 26724 Comm: syz-executor.0 Not tainted 5.3.0+ #0
[ 1273.143540][T26789] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1273.148395][T26724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1273.148402][T26724] Call Trace:
[ 1273.148432][T26724]  dump_stack+0x172/0x1f0
[ 1273.148456][T26724]  should_fail.cold+0xa/0x15
[ 1273.148474][T26724]  ? fault_create_debugfs_attr+0x180/0x180
[ 1273.148494][T26724]  ? ___might_sleep+0x163/0x2c0
[ 1273.148516][T26724]  __should_failslab+0x121/0x190
[ 1273.148535][T26724]  should_failslab+0x9/0x14
[ 1273.148550][T26724]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1273.148564][T26724]  ? __kasan_check_read+0x11/0x20
[ 1273.148587][T26724]  alloc_pipe_info+0xb9/0x420
[ 1273.148606][T26724]  splice_direct_to_actor+0x76b/0x970
[ 1273.216452][T26724]  ? common_file_perm+0x238/0x720
[ 1273.221478][T26724]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1273.227025][T26724]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1273.233273][T26724]  ? do_splice_to+0x180/0x180
[ 1273.237945][T26724]  ? rw_verify_area+0x126/0x360
[ 1273.242791][T26724]  do_splice_direct+0x1da/0x2a0
[ 1273.247638][T26724]  ? splice_direct_to_actor+0x970/0x970
[ 1273.253186][T26724]  ? rw_verify_area+0x126/0x360
[ 1273.258032][T26724]  do_sendfile+0x597/0xd00
[ 1273.262451][T26724]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1273.267765][T26724]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1273.274009][T26724]  ? fput+0x1b/0x20
[ 1273.277816][T26724]  __x64_sys_sendfile64+0x1dd/0x220
[ 1273.283008][T26724]  ? __ia32_sys_sendfile+0x230/0x230
[ 1273.288292][T26724]  ? do_syscall_64+0x26/0x760
[ 1273.292986][T26724]  ? lockdep_hardirqs_on+0x421/0x5e0
[ 1273.298263][T26724]  ? trace_hardirqs_on+0x67/0x240
[ 1273.303283][T26724]  do_syscall_64+0xfa/0x760
[ 1273.307784][T26724]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1273.313665][T26724] RIP: 0033:0x459a09
[ 1273.317560][T26724] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1273.337167][T26724] RSP: 002b:00007f2674f6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1273.345560][T26724] RAX: ffffffffffffffda RBX: 00007f2674f6ec90 RCX: 0000000000459a09
[ 1273.353515][T26724] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 1273.361473][T26724] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1273.369428][T26724] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f2674f6f6d4
[ 1273.377389][T26724] R13: 00000000004c71d6 R14: 00000000004dc9e0 R15: 0000000000000007
[ 1273.385381][T26789] CPU: 0 PID: 26789 Comm: syz-executor.1 Not tainted 5.3.0+ #0
[ 1273.390800][T26730] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1273.392945][T26789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1273.392950][T26789] Call Trace:
[ 1273.392967][T26789]  dump_stack+0x172/0x1f0
[ 1273.392987][T26789]  handle_userfault.cold+0x41/0x5d
[ 1273.408198][T26789]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1273.408224][T26789]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1273.408241][T26789]  ? find_get_entry+0x535/0x880
[ 1273.420921][T26789]  ? __kasan_check_read+0x11/0x20
[ 1273.442218][T26789]  ? mark_lock+0xc2/0x1220
[ 1273.442234][T26789]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1273.442255][T26789]  ? __kasan_check_read+0x11/0x20
[ 1273.442272][T26789]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1273.457367][T26789]  ? find_lock_entry+0x1a7/0x560
[ 1273.457383][T26789]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1273.474673][T26789]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1273.479808][T26789]  ? shmem_unuse_inode+0x1010/0x1010
[ 1273.485115][T26789]  ? lock_downgrade+0x920/0x920
[ 1273.489988][T26789]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1273.496235][T26789]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1273.502471][T26789]  shmem_fault+0x22a/0x7b0
[ 1273.506887][T26789]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
01:39:15 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x3000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:15 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1300000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1273.512871][T26789]  ? find_get_entry+0x880/0x880
[ 1273.517728][T26789]  ? pmd_val+0x85/0x100
[ 1273.521885][T26789]  __do_fault+0x111/0x540
[ 1273.526212][T26789]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1273.532454][T26789]  __handle_mm_fault+0x2dca/0x4040
[ 1273.537571][T26789]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1273.543115][T26789]  ? handle_mm_fault+0x292/0xa80
[ 1273.548081][T26789]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1273.554321][T26789]  ? __kasan_check_read+0x11/0x20
[ 1273.559349][T26789]  handle_mm_fault+0x3b7/0xa80
[ 1273.564113][T26789]  __do_page_fault+0x536/0xdd0
[ 1273.568885][T26789]  do_page_fault+0x38/0x590
[ 1273.573391][T26789]  page_fault+0x39/0x40
[ 1273.577532][T26789] RIP: 0033:0x4533a0
[ 1273.581422][T26789] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1273.601012][T26789] RSP: 002b:00007fed5b29c7a8 EFLAGS: 00010202
[ 1273.607081][T26789] RAX: 00007fed5b29c850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1273.615035][T26789] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fed5b29c850
[ 1273.622990][T26789] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1273.630950][T26789] R10: 00007fed5b29d9d0 R11: 0000000000000246 R12: 00007fed5b29d6d4
[ 1273.638911][T26789] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1273.646984][T26730] CPU: 1 PID: 26730 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1273.654527][T26730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1273.664576][T26730] Call Trace:
[ 1273.667864][T26730]  dump_stack+0x172/0x1f0
[ 1273.672196][T26730]  handle_userfault.cold+0x41/0x5d
[ 1273.677314][T26730]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1273.683557][T26730]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1273.683573][T26730]  ? find_get_entry+0x535/0x880
[ 1273.683593][T26730]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1273.683612][T26730]  ? ___might_sleep+0x163/0x2c0
[ 1273.699415][T26730]  ? __kasan_check_read+0x11/0x20
[ 1273.699431][T26730]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1273.699451][T26730]  ? find_lock_entry+0x1a7/0x560
[ 1273.699463][T26730]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1273.699483][T26730]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1273.715552][T26730]  ? shmem_unuse_inode+0x1010/0x1010
[ 1273.715570][T26730]  ? lock_downgrade+0x920/0x920
[ 1273.715586][T26730]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1273.715599][T26730]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1273.715617][T26730]  shmem_fault+0x22a/0x7b0
01:39:15 executing program 0 (fault-call:6 fault-nth:1):
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1273.726691][T26730]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1273.726713][T26730]  ? find_get_entry+0x880/0x880
[ 1273.726731][T26730]  ? pmd_val+0x85/0x100
[ 1273.726747][T26730]  __do_fault+0x111/0x540
[ 1273.737093][T26730]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1273.737113][T26730]  __handle_mm_fault+0x2dca/0x4040
[ 1273.737134][T26730]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1273.737150][T26730]  ? handle_mm_fault+0x292/0xa80
[ 1273.737175][T26730]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1273.748216][T26730]  ? __kasan_check_read+0x11/0x20
[ 1273.748235][T26730]  handle_mm_fault+0x3b7/0xa80
[ 1273.748254][T26730]  __do_page_fault+0x536/0xdd0
[ 1273.748275][T26730]  do_page_fault+0x38/0x590
[ 1273.758878][T26730]  page_fault+0x39/0x40
[ 1273.758890][T26730] RIP: 0033:0x4533a0
[ 1273.758905][T26730] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1273.758913][T26730] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1273.758925][T26730] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1273.758934][T26730] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1273.758941][T26730] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1273.758953][T26730] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1273.769730][T26730] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1273.849892][T26855] FAULT_INJECTION: forcing a failure.
[ 1273.849892][T26855] name failslab, interval 1, probability 0, space 0, times 0
[ 1273.863391][T26855] CPU: 1 PID: 26855 Comm: syz-executor.0 Not tainted 5.3.0+ #0
[ 1273.875479][T26855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1273.875484][T26855] Call Trace:
[ 1273.875506][T26855]  dump_stack+0x172/0x1f0
[ 1273.875525][T26855]  should_fail.cold+0xa/0x15
[ 1273.875543][T26855]  ? fault_create_debugfs_attr+0x180/0x180
[ 1273.875561][T26855]  ? ___might_sleep+0x163/0x2c0
[ 1273.891482][T26855]  __should_failslab+0x121/0x190
[ 1273.891501][T26855]  should_failslab+0x9/0x14
01:39:16 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be400000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1273.891513][T26855]  __kmalloc+0x2e0/0x770
[ 1273.891524][T26855]  ? kmem_cache_alloc_trace+0x397/0x790
[ 1273.891540][T26855]  ? __kasan_check_read+0x11/0x20
[ 1273.912042][T26855]  ? alloc_pipe_info+0x199/0x420
[ 1273.912060][T26855]  alloc_pipe_info+0x199/0x420
[ 1273.912079][T26855]  splice_direct_to_actor+0x76b/0x970
[ 1273.912092][T26855]  ? common_file_perm+0x238/0x720
[ 1273.912111][T26855]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1273.929693][T26855]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1273.929719][T26855]  ? do_splice_to+0x180/0x180
01:39:16 executing program 0 (fault-call:6 fault-nth:2):
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1273.929737][T26855]  ? rw_verify_area+0x126/0x360
[ 1273.929755][T26855]  do_splice_direct+0x1da/0x2a0
[ 1273.929770][T26855]  ? splice_direct_to_actor+0x970/0x970
[ 1273.929791][T26855]  ? rw_verify_area+0x126/0x360
[ 1273.941962][T26855]  do_sendfile+0x597/0xd00
[ 1273.941988][T26855]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1273.942007][T26855]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1273.952613][T26855]  ? fput+0x1b/0x20
[ 1273.952633][T26855]  __x64_sys_sendfile64+0x1dd/0x220
[ 1273.952647][T26855]  ? __ia32_sys_sendfile+0x230/0x230
[ 1273.952659][T26855]  ? do_syscall_64+0x26/0x760
[ 1273.952677][T26855]  ? lockdep_hardirqs_on+0x421/0x5e0
[ 1273.962072][T26855]  ? trace_hardirqs_on+0x67/0x240
[ 1273.962091][T26855]  do_syscall_64+0xfa/0x760
[ 1273.962109][T26855]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1273.962118][T26855] RIP: 0033:0x459a09
[ 1273.962133][T26855] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1273.971878][T26855] RSP: 002b:00007f2674f6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1273.971891][T26855] RAX: ffffffffffffffda RBX: 00007f2674f6ec90 RCX: 0000000000459a09
[ 1273.971900][T26855] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 1273.971908][T26855] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1273.971916][T26855] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f2674f6f6d4
[ 1273.971924][T26855] R13: 00000000004c71d6 R14: 00000000004dc9e0 R15: 0000000000000007
[ 1274.102648][T26924] FAULT_INJECTION: forcing a failure.
[ 1274.102648][T26924] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1274.179985][T26924] CPU: 1 PID: 26924 Comm: syz-executor.0 Not tainted 5.3.0+ #0
[ 1274.187524][T26924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1274.187530][T26924] Call Trace:
[ 1274.187550][T26924]  dump_stack+0x172/0x1f0
[ 1274.187570][T26924]  should_fail.cold+0xa/0x15
[ 1274.187586][T26924]  ? fault_create_debugfs_attr+0x180/0x180
[ 1274.187600][T26924]  ? ___might_sleep+0x163/0x2c0
[ 1274.187621][T26924]  should_fail_alloc_page+0x50/0x60
[ 1274.187637][T26924]  __alloc_pages_nodemask+0x1a1/0x8f0
[ 1274.200941][T26924]  ? __alloc_pages_slowpath+0x28d0/0x28d0
[ 1274.200958][T26924]  ? __lock_acquire+0x8a1/0x4e70
[ 1274.200980][T26924]  ? find_get_entry+0x50e/0x880
[ 1274.200993][T26924]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1274.201010][T26924]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1274.209883][T26924]  alloc_pages_vma+0x1bc/0x3f0
[ 1274.209904][T26924]  shmem_alloc_page+0xbd/0x180
[ 1274.209917][T26924]  ? shmem_swapin+0x1a0/0x1a0
[ 1274.209952][T26924]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1274.220571][T26924]  ? __this_cpu_preempt_check+0x3a/0x210
[ 1274.220589][T26924]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1274.220604][T26924]  ? percpu_counter_add_batch+0x13c/0x190
[ 1274.220625][T26924]  shmem_alloc_and_acct_page+0x165/0x990
[ 1274.220645][T26924]  shmem_getpage_gfp+0x598/0x2680
[ 1274.231183][T26924]  ? shmem_unuse_inode+0x1010/0x1010
[ 1274.231201][T26924]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1274.231232][T26924]  ? __kasan_check_read+0x11/0x20
[ 1274.231250][T26924]  shmem_file_read_iter+0x30e/0xbd0
[ 1274.241876][T26924]  ? shmem_mfill_atomic_pte+0x22b0/0x22b0
[ 1274.241893][T26924]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1274.241907][T26924]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1274.241919][T26924]  ? iov_iter_pipe+0xba/0x2e0
[ 1274.241937][T26924]  generic_file_splice_read+0x4af/0x800
[ 1274.252980][T26924]  ? add_to_pipe+0x350/0x350
[ 1274.252999][T26924]  ? retint_kernel+0x2b/0x2b
[ 1274.253021][T26924]  ? add_to_pipe+0x350/0x350
[ 1274.253037][T26924]  do_splice_to+0x127/0x180
[ 1274.264012][T26924]  splice_direct_to_actor+0x2d2/0x970
[ 1274.264030][T26924]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1274.264047][T26924]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1274.264061][T26924]  ? do_splice_to+0x180/0x180
[ 1274.341400][T26924]  ? rw_verify_area+0x126/0x360
[ 1274.357291][T26924]  do_splice_direct+0x1da/0x2a0
[ 1274.366422][T26924]  ? splice_direct_to_actor+0x970/0x970
[ 1274.366444][T26924]  ? rw_verify_area+0x126/0x360
[ 1274.366462][T26924]  do_sendfile+0x597/0xd00
[ 1274.375520][T26924]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1274.375537][T26924]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1274.375552][T26924]  ? fput+0x1b/0x20
[ 1274.375570][T26924]  __x64_sys_sendfile64+0x1dd/0x220
[ 1274.386447][T26924]  ? __ia32_sys_sendfile+0x230/0x230
[ 1274.386463][T26924]  ? do_syscall_64+0x26/0x760
[ 1274.386479][T26924]  ? lockdep_hardirqs_on+0x421/0x5e0
[ 1274.386496][T26924]  ? trace_hardirqs_on+0x67/0x240
[ 1274.386513][T26924]  do_syscall_64+0xfa/0x760
[ 1274.397380][T26924]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1274.397392][T26924] RIP: 0033:0x459a09
[ 1274.397407][T26924] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1274.397415][T26924] RSP: 002b:00007f2674f6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1274.504746][T26924] RAX: ffffffffffffffda RBX: 00007f2674f6ec90 RCX: 0000000000459a09
[ 1274.512691][T26924] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 1274.520646][T26924] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1274.528602][T26924] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f2674f6f6d4
[ 1274.536547][T26924] R13: 00000000004c71d6 R14: 00000000004dc9e0 R15: 0000000000000007
01:39:16 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x7a)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:16 executing program 1:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x6800, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:16 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be400000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1400000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:16 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:16 executing program 0 (fault-call:6 fault-nth:3):
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:16 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be400000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1274.756170][T26966] FAULT_INJECTION: forcing a failure.
[ 1274.756170][T26966] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1274.794316][T26966] CPU: 1 PID: 26966 Comm: syz-executor.0 Not tainted 5.3.0+ #0
[ 1274.801962][T26966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1274.801967][T26966] Call Trace:
[ 1274.801990][T26966]  dump_stack+0x172/0x1f0
[ 1274.802009][T26966]  should_fail.cold+0xa/0x15
[ 1274.802027][T26966]  ? fault_create_debugfs_attr+0x180/0x180
[ 1274.819659][T26966]  ? ___might_sleep+0x163/0x2c0
[ 1274.819685][T26966]  should_fail_alloc_page+0x50/0x60
[ 1274.840068][T26966]  __alloc_pages_nodemask+0x1a1/0x8f0
[ 1274.845449][T26966]  ? __alloc_pages_slowpath+0x28d0/0x28d0
[ 1274.851170][T26966]  ? __lock_acquire+0x8a1/0x4e70
[ 1274.856116][T26966]  ? find_get_entry+0x50e/0x880
[ 1274.859796][T26985] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1274.860970][T26966]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1274.860985][T26966]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1274.861006][T26966]  alloc_pages_vma+0x1bc/0x3f0
[ 1274.883384][T26966]  shmem_alloc_page+0xbd/0x180
[ 1274.888151][T26966]  ? shmem_swapin+0x1a0/0x1a0
[ 1274.892840][T26966]  ? xas_start+0x166/0x560
[ 1274.897251][T26966]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1274.903515][T26966]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1274.909753][T26966]  ? __this_cpu_preempt_check+0x3a/0x210
[ 1274.915388][T26966]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1274.921627][T26966]  ? percpu_counter_add_batch+0x13c/0x190
[ 1274.927354][T26966]  shmem_alloc_and_acct_page+0x165/0x990
[ 1274.932992][T26966]  shmem_getpage_gfp+0x598/0x2680
[ 1274.938030][T26966]  ? shmem_unuse_inode+0x1010/0x1010
[ 1274.943332][T26966]  ? copy_page_to_iter+0x49f/0xdb0
[ 1274.948445][T26966]  shmem_file_read_iter+0x30e/0xbd0
[ 1274.953677][T26966]  ? shmem_mfill_atomic_pte+0x22b0/0x22b0
[ 1274.959403][T26966]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1274.965645][T26966]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1274.971359][T26966]  ? iov_iter_pipe+0xba/0x2e0
[ 1274.976041][T26966]  generic_file_splice_read+0x4af/0x800
[ 1274.981589][T26966]  ? add_to_pipe+0x350/0x350
[ 1274.986191][T26966]  ? rw_verify_area+0x126/0x360
[ 1274.991029][T26966]  ? add_to_pipe+0x350/0x350
[ 1274.991045][T26966]  do_splice_to+0x127/0x180
[ 1274.991062][T26966]  splice_direct_to_actor+0x2d2/0x970
[ 1274.991076][T26966]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1274.991095][T26966]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.011019][T26966]  ? do_splice_to+0x180/0x180
[ 1275.011038][T26966]  ? rw_verify_area+0x126/0x360
[ 1275.011055][T26966]  do_splice_direct+0x1da/0x2a0
[ 1275.011070][T26966]  ? splice_direct_to_actor+0x970/0x970
[ 1275.011091][T26966]  ? rw_verify_area+0x126/0x360
[ 1275.037162][T26966]  do_sendfile+0x597/0xd00
[ 1275.037186][T26966]  ? do_compat_pwritev64+0x1c0/0x1c0
01:39:16 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1801000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:17 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1275.051683][T26966]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1275.057918][T26966]  ? fput+0x1b/0x20
[ 1275.057939][T26966]  __x64_sys_sendfile64+0x1dd/0x220
[ 1275.057955][T26966]  ? __ia32_sys_sendfile+0x230/0x230
[ 1275.057971][T26966]  ? do_syscall_64+0x26/0x760
[ 1275.057990][T26966]  ? lockdep_hardirqs_on+0x421/0x5e0
[ 1275.072214][T26966]  ? trace_hardirqs_on+0x67/0x240
[ 1275.072235][T26966]  do_syscall_64+0xfa/0x760
[ 1275.072255][T26966]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1275.072266][T26966] RIP: 0033:0x459a09
[ 1275.072282][T26966] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1275.097524][T26966] RSP: 002b:00007f2674f6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1275.097536][T26966] RAX: ffffffffffffffda RBX: 00007f2674f6ec90 RCX: 0000000000459a09
[ 1275.097543][T26966] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 1275.097550][T26966] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1275.097558][T26966] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f2674f6f6d4
[ 1275.097565][T26966] R13: 00000000004c71d6 R14: 00000000004dc9e0 R15: 0000000000000007
[ 1275.130427][T26985] CPU: 0 PID: 26985 Comm: syz-executor.1 Not tainted 5.3.0+ #0
[ 1275.145751][T26985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1275.161648][T26985] Call Trace:
[ 1275.161669][T26985]  dump_stack+0x172/0x1f0
[ 1275.161690][T26985]  handle_userfault.cold+0x41/0x5d
[ 1275.177156][T26985]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1275.177180][T26985]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1275.177197][T26985]  ? find_get_entry+0x535/0x880
[ 1275.216301][T26985]  ? __kasan_check_read+0x11/0x20
[ 1275.221324][T26985]  ? mark_lock+0xc2/0x1220
[ 1275.225752][T26985]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1275.231479][T26985]  ? __kasan_check_read+0x11/0x20
[ 1275.236523][T26985]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.242771][T26985]  ? find_lock_entry+0x1a7/0x560
[ 1275.247731][T26985]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
01:39:17 executing program 0 (fault-call:6 fault-nth:4):
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1275.253918][T26985]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1275.259039][T26985]  ? shmem_unuse_inode+0x1010/0x1010
[ 1275.264316][T26985]  ? lock_downgrade+0x920/0x920
[ 1275.269160][T26985]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1275.275394][T26985]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.281638][T26985]  shmem_fault+0x22a/0x7b0
[ 1275.286081][T26985]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1275.292077][T26985]  ? find_get_entry+0x880/0x880
[ 1275.296927][T26985]  ? pmd_val+0x85/0x100
[ 1275.301183][T26985]  __do_fault+0x111/0x540
[ 1275.305511][T26985]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1275.311754][T26985]  __handle_mm_fault+0x2dca/0x4040
[ 1275.316872][T26985]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1275.322421][T26985]  ? handle_mm_fault+0x292/0xa80
[ 1275.327371][T26985]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.333618][T26985]  ? __kasan_check_read+0x11/0x20
[ 1275.338645][T26985]  handle_mm_fault+0x3b7/0xa80
[ 1275.343419][T26985]  __do_page_fault+0x536/0xdd0
[ 1275.348195][T26985]  do_page_fault+0x38/0x590
[ 1275.352707][T26985]  page_fault+0x39/0x40
[ 1275.356859][T26985] RIP: 0033:0x4533a0
[ 1275.360753][T26985] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1275.363105][T27095] FAULT_INJECTION: forcing a failure.
[ 1275.363105][T27095] name failslab, interval 1, probability 0, space 0, times 0
[ 1275.380353][T26985] RSP: 002b:00007fed5b29c7a8 EFLAGS: 00010202
[ 1275.398962][T26985] RAX: 00007fed5b29c850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1275.406922][T26985] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fed5b29c850
[ 1275.414878][T26985] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1275.422836][T26985] R10: 00007fed5b29d9d0 R11: 0000000000000246 R12: 00007fed5b29d6d4
[ 1275.430839][T26985] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1275.438816][T27095] CPU: 1 PID: 27095 Comm: syz-executor.0 Not tainted 5.3.0+ #0
[ 1275.446354][T27095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1275.456401][T27095] Call Trace:
[ 1275.459702][T27095]  dump_stack+0x172/0x1f0
[ 1275.464030][T27095]  should_fail.cold+0xa/0x15
[ 1275.468642][T27095]  ? fault_create_debugfs_attr+0x180/0x180
[ 1275.474440][T27095]  ? rcu_read_lock_sched_held+0x9c/0xd0
[ 1275.474456][T27095]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 1275.474477][T27095]  __should_failslab+0x121/0x190
[ 1275.474493][T27095]  should_failslab+0x9/0x14
[ 1275.474504][T27095]  kmem_cache_alloc+0x47/0x710
[ 1275.474514][T27095]  ? __kasan_check_read+0x11/0x20
[ 1275.474530][T27095]  ? __lock_acquire+0x1703/0x4e70
[ 1275.486011][T27095]  xas_alloc+0x346/0x460
[ 1275.486029][T27095]  xas_create+0x5b2/0x1060
[ 1275.486054][T27095]  xas_create_range+0x198/0x5d0
[ 1275.486082][T27095]  shmem_add_to_page_cache+0x8ed/0x14c0
[ 1275.486104][T27095]  ? shmem_writepage+0xee0/0xee0
[ 1275.495519][T27095]  shmem_getpage_gfp+0xeb0/0x2680
[ 1275.495550][T27095]  ? shmem_unuse_inode+0x1010/0x1010
[ 1275.495569][T27095]  ? copy_page_to_iter+0x49f/0xdb0
[ 1275.495593][T27095]  shmem_file_read_iter+0x30e/0xbd0
[ 1275.495620][T27095]  ? shmem_mfill_atomic_pte+0x22b0/0x22b0
[ 1275.510351][T27095]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.510365][T27095]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1275.510379][T27095]  ? iov_iter_pipe+0xba/0x2e0
[ 1275.510397][T27095]  generic_file_splice_read+0x4af/0x800
[ 1275.510413][T27095]  ? add_to_pipe+0x350/0x350
[ 1275.510439][T27095]  ? rw_verify_area+0x126/0x360
[ 1275.519042][T27095]  ? add_to_pipe+0x350/0x350
[ 1275.519059][T27095]  do_splice_to+0x127/0x180
[ 1275.519077][T27095]  splice_direct_to_actor+0x2d2/0x970
01:39:17 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be400000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1275.519095][T27095]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1275.519116][T27095]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.519128][T27095]  ? do_splice_to+0x180/0x180
[ 1275.519146][T27095]  ? rw_verify_area+0x126/0x360
[ 1275.529492][T27095]  do_splice_direct+0x1da/0x2a0
[ 1275.529510][T27095]  ? splice_direct_to_actor+0x970/0x970
[ 1275.529534][T27095]  ? rw_verify_area+0x126/0x360
[ 1275.529551][T27095]  do_sendfile+0x597/0xd00
[ 1275.529578][T27095]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1275.539489][T27095]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
01:39:17 executing program 0 (fault-call:6 fault-nth:5):
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1275.539506][T27095]  ? fput+0x1b/0x20
[ 1275.539527][T27095]  __x64_sys_sendfile64+0x1dd/0x220
[ 1275.539543][T27095]  ? __ia32_sys_sendfile+0x230/0x230
[ 1275.539558][T27095]  ? do_syscall_64+0x26/0x760
[ 1275.539577][T27095]  ? lockdep_hardirqs_on+0x421/0x5e0
[ 1275.555099][T27095]  ? trace_hardirqs_on+0x67/0x240
[ 1275.555118][T27095]  do_syscall_64+0xfa/0x760
[ 1275.555136][T27095]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1275.555147][T27095] RIP: 0033:0x459a09
[ 1275.555160][T27095] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1275.555167][T27095] RSP: 002b:00007f2674f6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1275.555179][T27095] RAX: ffffffffffffffda RBX: 00007f2674f6ec90 RCX: 0000000000459a09
[ 1275.555186][T27095] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 1275.555197][T27095] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1275.567104][T27095] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f2674f6f6d4
[ 1275.567113][T27095] R13: 00000000004c71d6 R14: 00000000004dc9e0 R15: 0000000000000007
[ 1275.736321][T27175] FAULT_INJECTION: forcing a failure.
[ 1275.736321][T27175] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1275.773878][T27175] CPU: 1 PID: 27175 Comm: syz-executor.0 Not tainted 5.3.0+ #0
[ 1275.792451][T27175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1275.792457][T27175] Call Trace:
[ 1275.792491][T27175]  dump_stack+0x172/0x1f0
[ 1275.792511][T27175]  should_fail.cold+0xa/0x15
[ 1275.792529][T27175]  ? fault_create_debugfs_attr+0x180/0x180
[ 1275.820585][T27175]  ? ___might_sleep+0x163/0x2c0
[ 1275.820609][T27175]  should_fail_alloc_page+0x50/0x60
[ 1275.830604][T27175]  __alloc_pages_nodemask+0x1a1/0x8f0
[ 1275.835969][T27175]  ? __alloc_pages_slowpath+0x28d0/0x28d0
[ 1275.835985][T27175]  ? __lock_acquire+0x8a1/0x4e70
[ 1275.836000][T27175]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.836022][T27175]  ? find_get_entry+0x50e/0x880
[ 1275.836034][T27175]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1275.836050][T27175]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1275.846670][T27175]  alloc_pages_vma+0x1bc/0x3f0
[ 1275.846693][T27175]  shmem_alloc_page+0xbd/0x180
[ 1275.846711][T27175]  ? shmem_swapin+0x1a0/0x1a0
[ 1275.863966][T27175]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.863997][T27175]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.864015][T27175]  ? __this_cpu_preempt_check+0x3a/0x210
[ 1275.884463][T27175]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.896892][T27175]  ? percpu_counter_add_batch+0x13c/0x190
[ 1275.896915][T27175]  shmem_alloc_and_acct_page+0x165/0x990
[ 1275.896937][T27175]  shmem_getpage_gfp+0x598/0x2680
[ 1275.908797][T27175]  ? shmem_unuse_inode+0x1010/0x1010
[ 1275.908817][T27175]  ? copy_page_to_iter+0x49f/0xdb0
[ 1275.908840][T27175]  shmem_file_read_iter+0x30e/0xbd0
[ 1275.908867][T27175]  ? shmem_mfill_atomic_pte+0x22b0/0x22b0
[ 1275.930430][T27175]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1275.930445][T27175]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1275.930459][T27175]  ? iov_iter_pipe+0xba/0x2e0
[ 1275.930476][T27175]  generic_file_splice_read+0x4af/0x800
[ 1275.930493][T27175]  ? add_to_pipe+0x350/0x350
[ 1275.940769][T27175]  ? rw_verify_area+0x126/0x360
[ 1275.940786][T27175]  ? add_to_pipe+0x350/0x350
[ 1275.982663][T27175]  do_splice_to+0x127/0x180
[ 1275.987164][T27175]  splice_direct_to_actor+0x2d2/0x970
[ 1275.992549][T27175]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1275.998098][T27175]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1276.004322][T27175]  ? do_splice_to+0x180/0x180
[ 1276.004340][T27175]  ? rw_verify_area+0x126/0x360
[ 1276.004354][T27175]  do_splice_direct+0x1da/0x2a0
[ 1276.004367][T27175]  ? splice_direct_to_actor+0x970/0x970
[ 1276.004385][T27175]  ? rw_verify_area+0x126/0x360
[ 1276.004400][T27175]  do_sendfile+0x597/0xd00
[ 1276.004421][T27175]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1276.004435][T27175]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1276.004450][T27175]  ? fput+0x1b/0x20
[ 1276.004467][T27175]  __x64_sys_sendfile64+0x1dd/0x220
[ 1276.004481][T27175]  ? __ia32_sys_sendfile+0x230/0x230
[ 1276.004494][T27175]  ? do_syscall_64+0x26/0x760
[ 1276.004508][T27175]  ? lockdep_hardirqs_on+0x421/0x5e0
[ 1276.004524][T27175]  ? trace_hardirqs_on+0x67/0x240
[ 1276.004540][T27175]  do_syscall_64+0xfa/0x760
[ 1276.004561][T27175]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1276.004571][T27175] RIP: 0033:0x459a09
[ 1276.004585][T27175] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1276.004592][T27175] RSP: 002b:00007f2674f6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1276.004604][T27175] RAX: ffffffffffffffda RBX: 00007f2674f6ec90 RCX: 0000000000459a09
[ 1276.004611][T27175] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 1276.004646][T27175] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1276.004654][T27175] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f2674f6f6d4
[ 1276.004661][T27175] R13: 00000000004c71d6 R14: 00000000004dc9e0 R15: 0000000000000007
01:39:18 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x300)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x1f00000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:18 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x5000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:18 executing program 1:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x6800, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:18 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be40000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:18 executing program 0 (fault-call:6 fault-nth:6):
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1276.346128][T27209] FAULT_INJECTION: forcing a failure.
[ 1276.346128][T27209] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1276.367588][T27209] CPU: 1 PID: 27209 Comm: syz-executor.0 Not tainted 5.3.0+ #0
[ 1276.375149][T27209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1276.385203][T27209] Call Trace:
[ 1276.388516][T27209]  dump_stack+0x172/0x1f0
[ 1276.392863][T27209]  should_fail.cold+0xa/0x15
[ 1276.397468][T27209]  ? fault_create_debugfs_attr+0x180/0x180
[ 1276.403277][T27209]  ? ___might_sleep+0x163/0x2c0
[ 1276.408147][T27209]  should_fail_alloc_page+0x50/0x60
[ 1276.413350][T27209]  __alloc_pages_nodemask+0x1a1/0x8f0
[ 1276.418724][T27209]  ? __alloc_pages_slowpath+0x28d0/0x28d0
[ 1276.422328][T27208] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1276.424438][T27209]  ? __lock_acquire+0x8a1/0x4e70
[ 1276.424455][T27209]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1276.424478][T27209]  ? find_get_entry+0x50e/0x880
[ 1276.424492][T27209]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1276.424506][T27209]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 1276.424531][T27209]  alloc_pages_vma+0x1bc/0x3f0
[ 1276.451930][T27209]  shmem_alloc_page+0xbd/0x180
[ 1276.451947][T27209]  ? shmem_swapin+0x1a0/0x1a0
[ 1276.472314][T27209]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1276.478583][T27209]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1276.484820][T27209]  ? __this_cpu_preempt_check+0x3a/0x210
[ 1276.484837][T27209]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1276.484851][T27209]  ? percpu_counter_add_batch+0x13c/0x190
[ 1276.484871][T27209]  shmem_alloc_and_acct_page+0x165/0x990
[ 1276.484889][T27209]  shmem_getpage_gfp+0x598/0x2680
[ 1276.484912][T27209]  ? shmem_unuse_inode+0x1010/0x1010
[ 1276.518354][T27209]  ? copy_page_to_iter+0x49f/0xdb0
[ 1276.523474][T27209]  shmem_file_read_iter+0x30e/0xbd0
[ 1276.528710][T27209]  ? shmem_mfill_atomic_pte+0x22b0/0x22b0
[ 1276.534430][T27209]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1276.540776][T27209]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1276.540791][T27209]  ? iov_iter_pipe+0xba/0x2e0
[ 1276.540815][T27209]  generic_file_splice_read+0x4af/0x800
[ 1276.540831][T27209]  ? add_to_pipe+0x350/0x350
[ 1276.540857][T27209]  ? rw_verify_area+0x126/0x360
[ 1276.566174][T27209]  ? add_to_pipe+0x350/0x350
[ 1276.570766][T27209]  do_splice_to+0x127/0x180
[ 1276.575268][T27209]  splice_direct_to_actor+0x2d2/0x970
[ 1276.580660][T27209]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1276.586205][T27209]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1276.586220][T27209]  ? do_splice_to+0x180/0x180
01:39:18 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be40000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:18 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x2000000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1276.586239][T27209]  ? rw_verify_area+0x126/0x360
[ 1276.586256][T27209]  do_splice_direct+0x1da/0x2a0
[ 1276.586272][T27209]  ? splice_direct_to_actor+0x970/0x970
[ 1276.586294][T27209]  ? rw_verify_area+0x126/0x360
[ 1276.586312][T27209]  do_sendfile+0x597/0xd00
[ 1276.602029][T27209]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1276.602047][T27209]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1276.602064][T27209]  ? fput+0x1b/0x20
[ 1276.602083][T27209]  __x64_sys_sendfile64+0x1dd/0x220
[ 1276.602096][T27209]  ? __ia32_sys_sendfile+0x230/0x230
[ 1276.602113][T27209]  ? do_syscall_64+0x26/0x760
[ 1276.621699][T27209]  ? lockdep_hardirqs_on+0x421/0x5e0
[ 1276.621718][T27209]  ? trace_hardirqs_on+0x67/0x240
[ 1276.621739][T27209]  do_syscall_64+0xfa/0x760
[ 1276.621759][T27209]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1276.621771][T27209] RIP: 0033:0x459a09
[ 1276.621790][T27209] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
01:39:18 executing program 0 (fault-call:6 fault-nth:7):
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1276.642215][T27209] RSP: 002b:00007f2674f6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1276.642227][T27209] RAX: ffffffffffffffda RBX: 00007f2674f6ec90 RCX: 0000000000459a09
[ 1276.642234][T27209] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 1276.642241][T27209] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1276.642249][T27209] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007f2674f6f6d4
[ 1276.642256][T27209] R13: 00000000004c71d6 R14: 00000000004dc9e0 R15: 0000000000000007
01:39:18 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be40000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x3}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1276.746685][T27208] CPU: 0 PID: 27208 Comm: syz-executor.1 Not tainted 5.3.0+ #0
[ 1276.750645][T27341] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1276.754226][T27208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1276.754232][T27208] Call Trace:
[ 1276.754251][T27208]  dump_stack+0x172/0x1f0
[ 1276.754271][T27208]  handle_userfault.cold+0x41/0x5d
[ 1276.754284][T27208]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1276.754307][T27208]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1276.754321][T27208]  ? find_get_entry+0x535/0x880
[ 1276.754338][T27208]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1276.754351][T27208]  ? ___might_sleep+0x163/0x2c0
[ 1276.754369][T27208]  ? __kasan_check_read+0x11/0x20
[ 1276.754381][T27208]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1276.754396][T27208]  ? find_lock_entry+0x1a7/0x560
[ 1276.754413][T27208]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1276.831436][T27208]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1276.836550][T27208]  ? shmem_unuse_inode+0x1010/0x1010
[ 1276.841827][T27208]  ? lock_downgrade+0x920/0x920
[ 1276.846673][T27208]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1276.852897][T27208]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1276.859146][T27208]  shmem_fault+0x22a/0x7b0
[ 1276.863556][T27208]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1276.869529][T27208]  ? find_get_entry+0x880/0x880
[ 1276.874375][T27208]  ? pmd_val+0x85/0x100
[ 1276.878540][T27208]  __do_fault+0x111/0x540
[ 1276.882867][T27208]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1276.889105][T27208]  __handle_mm_fault+0x2dca/0x4040
[ 1276.894218][T27208]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1276.899758][T27208]  ? handle_mm_fault+0x292/0xa80
[ 1276.904700][T27208]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1276.910939][T27208]  ? __kasan_check_read+0x11/0x20
[ 1276.915961][T27208]  handle_mm_fault+0x3b7/0xa80
[ 1276.920744][T27208]  __do_page_fault+0x536/0xdd0
[ 1276.925514][T27208]  do_page_fault+0x38/0x590
[ 1276.930017][T27208]  page_fault+0x39/0x40
[ 1276.934165][T27208] RIP: 0033:0x4533a0
[ 1276.938188][T27208] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1276.957804][T27208] RSP: 002b:00007fed5b2bd7a8 EFLAGS: 00010202
[ 1276.963857][T27208] RAX: 00007fed5b2bd850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1276.971821][T27208] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fed5b2bd850
[ 1276.979786][T27208] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1276.987745][T27208] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fed5b2be6d4
[ 1276.995702][T27208] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1277.003681][T27341] CPU: 1 PID: 27341 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1277.011218][T27341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1277.011224][T27341] Call Trace:
[ 1277.011244][T27341]  dump_stack+0x172/0x1f0
[ 1277.011269][T27341]  handle_userfault.cold+0x41/0x5d
[ 1277.024575][T27341]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1277.024601][T27341]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1277.024615][T27341]  ? find_get_entry+0x535/0x880
[ 1277.024630][T27341]  ? __kasan_check_read+0x11/0x20
[ 1277.024647][T27341]  ? mark_lock+0xc2/0x1220
[ 1277.034035][T27341]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1277.034060][T27341]  ? __kasan_check_read+0x11/0x20
[ 1277.034074][T27341]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1277.034096][T27341]  ? find_lock_entry+0x1a7/0x560
[ 1277.045566][T27341]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1277.045584][T27341]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1277.045610][T27341]  ? shmem_unuse_inode+0x1010/0x1010
[ 1277.045623][T27341]  ? lock_downgrade+0x920/0x920
[ 1277.045638][T27341]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1277.055461][T27341]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1277.055482][T27341]  shmem_fault+0x22a/0x7b0
[ 1277.055507][T27341]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1277.055527][T27341]  ? find_get_entry+0x880/0x880
[ 1277.055542][T27341]  ? pmd_val+0x85/0x100
[ 1277.055558][T27341]  __do_fault+0x111/0x540
[ 1277.065641][T27341]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1277.065659][T27341]  __handle_mm_fault+0x2dca/0x4040
[ 1277.065677][T27341]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1277.065691][T27341]  ? handle_mm_fault+0x292/0xa80
[ 1277.065712][T27341]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1277.076937][T27341]  ? __kasan_check_read+0x11/0x20
[ 1277.076957][T27341]  handle_mm_fault+0x3b7/0xa80
[ 1277.076980][T27341]  __do_page_fault+0x536/0xdd0
[ 1277.077012][T27341]  do_page_fault+0x38/0x590
[ 1277.088072][T27341]  page_fault+0x39/0x40
[ 1277.088083][T27341] RIP: 0033:0x4533a0
[ 1277.088096][T27341] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1277.088102][T27341] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1277.103328][T27341] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1277.103338][T27341] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1277.103346][T27341] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
01:39:19 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x0, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1277.103355][T27341] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1277.103363][T27341] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1277.211029][T27505] FAULT_FLAG_ALLOW_RETRY missing 70
01:39:19 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1277.396184][T27505] CPU: 1 PID: 27505 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1277.403845][T27505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1277.414010][T27505] Call Trace:
[ 1277.417302][T27505]  dump_stack+0x172/0x1f0
[ 1277.421643][T27505]  handle_userfault.cold+0x41/0x5d
[ 1277.426752][T27505]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1277.433004][T27505]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1277.438289][T27505]  ? find_get_entry+0x535/0x880
[ 1277.443136][T27505]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1277.448860][T27505]  ? __kasan_check_read+0x11/0x20
[ 1277.453878][T27505]  ? __kasan_check_read+0x11/0x20
[ 1277.458908][T27505]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1277.465169][T27505]  ? find_lock_entry+0x1a7/0x560
[ 1277.470099][T27505]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1277.476365][T27505]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1277.481490][T27505]  ? shmem_unuse_inode+0x1010/0x1010
[ 1277.486774][T27505]  ? lock_downgrade+0x920/0x920
[ 1277.491617][T27505]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1277.497840][T27505]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1277.504061][T27505]  shmem_fault+0x22a/0x7b0
[ 1277.508527][T27505]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1277.514485][T27505]  ? find_get_entry+0x880/0x880
[ 1277.519310][T27505]  ? pmd_val+0x85/0x100
[ 1277.523441][T27505]  __do_fault+0x111/0x540
[ 1277.527746][T27505]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1277.533963][T27505]  __handle_mm_fault+0x2dca/0x4040
[ 1277.539059][T27505]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1277.544583][T27505]  ? handle_mm_fault+0x292/0xa80
[ 1277.549504][T27505]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1277.555720][T27505]  ? __kasan_check_read+0x11/0x20
[ 1277.560722][T27505]  handle_mm_fault+0x3b7/0xa80
[ 1277.565468][T27505]  __do_page_fault+0x536/0xdd0
[ 1277.570213][T27505]  do_page_fault+0x38/0x590
[ 1277.574699][T27505]  page_fault+0x39/0x40
[ 1277.578832][T27505] RIP: 0033:0x4533a0
[ 1277.582716][T27505] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1277.602293][T27505] RSP: 002b:00007fbdc8f137a8 EFLAGS: 00010202
[ 1277.608344][T27505] RAX: 00007fbdc8f13850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1277.616288][T27505] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f13850
[ 1277.624241][T27505] RBP: 000000000075c118 R08: 00000000000003ff R09: 0000000000000000
[ 1277.632183][T27505] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f146d4
01:39:19 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x500)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:19 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x7800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:19 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x2470dde000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:19 executing program 1 (fault-call:6 fault-nth:0):
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:19 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x101200, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r5, r6)
ioctl$sock_proto_private(r6, 0x89eb, &(0x7f0000000280)="fcb352fb07d8496836edd7660aa6a0590417cffeb50892178c2a2635e7ac67886e32520871c89e5eb929feeb2d98b833742749bcb8ef5d9a523d1d90898886ecb44aaedec6881b9ed46c56d7e09c55daa3fb5d0d02795d53f9515ec959fa134d47fdfa99cdfe52beacc182f8afed2f7531650fe3fb8d4692cddb94442c1098c9ce80397b23254ce63049fd2a43f5bcc67d0e98401fd97de0dbcabc29d55c4e11741a7252d022d6e9ea67ff3adab2a6458c90af5ef5")
r7 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
getsockopt$inet6_tcp_buf(r7, 0x6, 0xd, &(0x7f0000000180)=""/241, &(0x7f0000000000)=0xf1)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1277.640136][T27505] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:19 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x0, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1277.787094][T27552] FAULT_INJECTION: forcing a failure.
[ 1277.787094][T27552] name failslab, interval 1, probability 0, space 0, times 0
[ 1277.828259][T27552] CPU: 0 PID: 27552 Comm: syz-executor.1 Not tainted 5.3.0+ #0
[ 1277.835869][T27552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1277.845926][T27552] Call Trace:
[ 1277.849215][T27552]  dump_stack+0x172/0x1f0
[ 1277.853547][T27552]  should_fail.cold+0xa/0x15
[ 1277.858137][T27552]  ? fault_create_debugfs_attr+0x180/0x180
[ 1277.860104][T27553] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1277.863937][T27552]  ? ___might_sleep+0x163/0x2c0
01:39:19 executing program 0:
r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = dup(r0)
bind$unix(r3, &(0x7f0000000000)=@file={0x0, './bus\x00'}, 0x6e)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r4, 0xee72)
sendfile(r2, r4, 0x0, 0x8000fffffffe)

[ 1277.863959][T27552]  __should_failslab+0x121/0x190
[ 1277.863976][T27552]  should_failslab+0x9/0x14
[ 1277.883478][T27552]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1277.888859][T27552]  ? __kasan_check_read+0x11/0x20
[ 1277.893888][T27552]  alloc_pipe_info+0xb9/0x420
[ 1277.898569][T27552]  splice_direct_to_actor+0x76b/0x970
[ 1277.903946][T27552]  ? common_file_perm+0x238/0x720
[ 1277.908965][T27552]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1277.914520][T27552]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1277.920754][T27552]  ? do_splice_to+0x180/0x180
[ 1277.925429][T27552]  ? rw_verify_area+0x126/0x360
[ 1277.930275][T27552]  do_splice_direct+0x1da/0x2a0
[ 1277.935122][T27552]  ? splice_direct_to_actor+0x970/0x970
[ 1277.940669][T27552]  ? rw_verify_area+0x126/0x360
[ 1277.945516][T27552]  do_sendfile+0x597/0xd00
[ 1277.949937][T27552]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1277.955222][T27552]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1277.961462][T27552]  ? fput+0x1b/0x20
[ 1277.965264][T27552]  __x64_sys_sendfile64+0x1dd/0x220
[ 1277.970457][T27552]  ? __ia32_sys_sendfile+0x230/0x230
[ 1277.975732][T27552]  ? do_syscall_64+0x26/0x760
[ 1277.980396][T27552]  ? lockdep_hardirqs_on+0x421/0x5e0
[ 1277.985678][T27552]  ? trace_hardirqs_on+0x67/0x240
[ 1277.990704][T27552]  do_syscall_64+0xfa/0x760
[ 1277.995211][T27552]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1278.001090][T27552] RIP: 0033:0x459a09
[ 1278.004980][T27552] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1278.024744][T27552] RSP: 002b:00007fed5b2bdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1278.033144][T27552] RAX: ffffffffffffffda RBX: 00007fed5b2bdc90 RCX: 0000000000459a09
[ 1278.041106][T27552] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 1278.049077][T27552] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1278.057043][T27552] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fed5b2be6d4
[ 1278.065022][T27552] R13: 00000000004c71d6 R14: 00000000004dc9e0 R15: 0000000000000007
[ 1278.087871][T27553] CPU: 1 PID: 27553 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1278.095436][T27553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1278.105484][T27553] Call Trace:
[ 1278.108777][T27553]  dump_stack+0x172/0x1f0
[ 1278.113116][T27553]  handle_userfault.cold+0x41/0x5d
[ 1278.118229][T27553]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1278.124481][T27553]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1278.129776][T27553]  ? find_get_entry+0x535/0x880
[ 1278.134637][T27553]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1278.140450][T27553]  ? ___might_sleep+0x163/0x2c0
[ 1278.145315][T27553]  ? __kasan_check_read+0x11/0x20
[ 1278.150336][T27553]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1278.156576][T27553]  ? find_lock_entry+0x1a7/0x560
[ 1278.161524][T27553]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1278.167674][T27553]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1278.172798][T27553]  ? shmem_unuse_inode+0x1010/0x1010
[ 1278.178074][T27553]  ? lock_downgrade+0x920/0x920
[ 1278.182917][T27553]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1278.189157][T27553]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1278.195406][T27553]  shmem_fault+0x22a/0x7b0
[ 1278.199831][T27553]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1278.205801][T27553]  ? find_get_entry+0x880/0x880
[ 1278.210640][T27553]  ? pmd_val+0x85/0x100
[ 1278.214791][T27553]  __do_fault+0x111/0x540
[ 1278.219117][T27553]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1278.225362][T27553]  __handle_mm_fault+0x2dca/0x4040
[ 1278.230488][T27553]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1278.236042][T27553]  ? handle_mm_fault+0x292/0xa80
[ 1278.240990][T27553]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1278.247224][T27553]  ? __kasan_check_read+0x11/0x20
[ 1278.247242][T27553]  handle_mm_fault+0x3b7/0xa80
[ 1278.247264][T27553]  __do_page_fault+0x536/0xdd0
[ 1278.261778][T27553]  do_page_fault+0x38/0x590
[ 1278.266286][T27553]  page_fault+0x39/0x40
[ 1278.267729][T27854] FAULT_INJECTION: forcing a failure.
[ 1278.267729][T27854] name failslab, interval 1, probability 0, space 0, times 0
[ 1278.270431][T27553] RIP: 0033:0x4533a0
01:39:20 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x0, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:20 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x8400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:20 executing program 1 (fault-call:6 fault-nth:1):
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x3f00000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1278.270445][T27553] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1278.270452][T27553] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1278.270462][T27553] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1278.270476][T27553] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1278.286918][T27553] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1278.286926][T27553] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1278.286933][T27553] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1278.341605][T27854] CPU: 0 PID: 27854 Comm: syz-executor.1 Not tainted 5.3.0+ #0
[ 1278.360693][T27854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1278.370744][T27854] Call Trace:
[ 1278.374030][T27854]  dump_stack+0x172/0x1f0
[ 1278.378357][T27854]  should_fail.cold+0xa/0x15
[ 1278.382945][T27854]  ? fault_create_debugfs_attr+0x180/0x180
[ 1278.388749][T27854]  ? ___might_sleep+0x163/0x2c0
[ 1278.393598][T27854]  __should_failslab+0x121/0x190
[ 1278.398539][T27854]  should_failslab+0x9/0x14
[ 1278.403034][T27854]  __kmalloc+0x2e0/0x770
[ 1278.407266][T27854]  ? kmem_cache_alloc_trace+0x397/0x790
[ 1278.412806][T27854]  ? __sanitizer_cov_trace_pc+0x1/0x50
[ 1278.418265][T27854]  ? alloc_pipe_info+0x199/0x420
[ 1278.423199][T27854]  alloc_pipe_info+0x199/0x420
[ 1278.423218][T27854]  splice_direct_to_actor+0x76b/0x970
[ 1278.423231][T27854]  ? common_file_perm+0x238/0x720
[ 1278.423246][T27854]  ? generic_pipe_buf_nosteal+0x10/0x10
[ 1278.433333][T27854]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1278.433347][T27854]  ? do_splice_to+0x180/0x180
[ 1278.433369][T27854]  ? rw_verify_area+0x126/0x360
[ 1278.443884][T27854]  do_splice_direct+0x1da/0x2a0
[ 1278.443902][T27854]  ? splice_direct_to_actor+0x970/0x970
[ 1278.443923][T27854]  ? rw_verify_area+0x126/0x360
[ 1278.454786][T27854]  do_sendfile+0x597/0xd00
[ 1278.454810][T27854]  ? do_compat_pwritev64+0x1c0/0x1c0
[ 1278.454825][T27854]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1278.454840][T27854]  ? fput+0x1b/0x20
[ 1278.454856][T27854]  __x64_sys_sendfile64+0x1dd/0x220
[ 1278.454872][T27854]  ? __ia32_sys_sendfile+0x230/0x230
[ 1278.464537][T27854]  ? do_syscall_64+0x26/0x760
[ 1278.464553][T27854]  ? lockdep_hardirqs_on+0x421/0x5e0
[ 1278.464569][T27854]  ? trace_hardirqs_on+0x67/0x240
[ 1278.464587][T27854]  do_syscall_64+0xfa/0x760
[ 1278.464605][T27854]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1278.530549][T27854] RIP: 0033:0x459a09
[ 1278.534440][T27854] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1278.554033][T27854] RSP: 002b:00007fed5b2bdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1278.562437][T27854] RAX: ffffffffffffffda RBX: 00007fed5b2bdc90 RCX: 0000000000459a09
[ 1278.570396][T27854] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[ 1278.578375][T27854] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
01:39:20 executing program 0:
socket$inet6_udplite(0xa, 0x2, 0x88)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r3, r4)
fadvise64(r3, 0x0, 0x80000001, 0x1)

[ 1278.586326][T27854] R10: 00008000fffffffe R11: 0000000000000246 R12: 00007fed5b2be6d4
[ 1278.594269][T27854] R13: 00000000004c71d6 R14: 00000000004dc9e0 R15: 0000000000000007
01:39:20 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x600)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:20 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x4000000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:20 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x8800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:20 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:20 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x6000000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1279.024743][T28125] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1279.030020][T28125] CPU: 0 PID: 28125 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1279.037550][T28125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1279.047600][T28125] Call Trace:
[ 1279.050899][T28125]  dump_stack+0x172/0x1f0
[ 1279.055241][T28125]  handle_userfault.cold+0x41/0x5d
[ 1279.060353][T28125]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1279.066618][T28125]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
01:39:21 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:21 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r2, r3)
write$binfmt_misc(r3, &(0x7f0000000000)={'syz0', "44896d13cbe985b0dca378da5f4e5b5817565295aa571c96237931aef2de"}, 0x22)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r4, 0xee72)
sendfile(r1, r4, 0x0, 0x8000fffffffe)

[ 1279.071903][T28125]  ? find_get_entry+0x535/0x880
[ 1279.076759][T28125]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1279.082484][T28125]  ? ___might_sleep+0x163/0x2c0
[ 1279.087342][T28125]  ? __kasan_check_read+0x11/0x20
[ 1279.092376][T28125]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1279.098625][T28125]  ? find_lock_entry+0x1a7/0x560
[ 1279.103569][T28125]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1279.109739][T28125]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1279.114865][T28125]  ? shmem_unuse_inode+0x1010/0x1010
[ 1279.120161][T28125]  ? lock_downgrade+0x920/0x920
[ 1279.125027][T28125]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1279.131281][T28125]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1279.137522][T28125]  shmem_fault+0x22a/0x7b0
[ 1279.141941][T28125]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1279.147925][T28125]  ? find_get_entry+0x880/0x880
[ 1279.152776][T28125]  ? pmd_val+0x85/0x100
[ 1279.156964][T28125]  __do_fault+0x111/0x540
[ 1279.161285][T28125]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1279.167528][T28125]  __handle_mm_fault+0x2dca/0x4040
01:39:21 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000)='cgroup.type\x00', 0x2, 0x0)
write$binfmt_script(r1, &(0x7f0000000180)={'#! ', './bus', [{0x20, 'em1em1(eth1%ppp0{'}, {0x20, '/dev/urandom\x00'}, {0x20, '/dev/urandom\x00'}, {0x20, 'vmnet0'}, {0x20, 'system-'}, {0x20, '#system-+nodev;.[cpuset[%[[/.*bdev$*'}, {0x20, '/dev/urandom\x00'}], 0xa, "a9493a25d03358ff1afaae36a14973b218dbaf36a29ac8ec1e4066f94f6ded484a68b3d7ebe9d5d8d6c9039910a3e4b5237dfab702865e27c13b7f650088f2960e8570a4d5fe001b60f3661e70bf41d12d100e7aa0afa47fdba80c7b5b8a8aa9539c8cf984cffc88ca6182558e0edb9211a72242ea3584b898818d081d3dc7778b70dc0413b1102acf28ecbf501d83b04fb3c612cbe0a7fc5722c11b81d7d210e7efbb9e5bd8855d09d9bec6957ee6e3b26b2f954f7706e1514cc941d9884e2ded4334dece20e05c"}, 0x141)
r2 = dup(r0)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

[ 1279.172640][T28125]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1279.178197][T28125]  ? handle_mm_fault+0x292/0xa80
[ 1279.183146][T28125]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1279.189405][T28125]  ? __kasan_check_read+0x11/0x20
[ 1279.194433][T28125]  handle_mm_fault+0x3b7/0xa80
[ 1279.199202][T28125]  __do_page_fault+0x536/0xdd0
[ 1279.203972][T28125]  do_page_fault+0x38/0x590
[ 1279.208495][T28125]  page_fault+0x39/0x40
[ 1279.212645][T28125] RIP: 0033:0x4533a0
[ 1279.216539][T28125] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1279.236223][T28125] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1279.242286][T28125] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1279.250271][T28125] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1279.258237][T28125] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1279.266329][T28125] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
[ 1279.274298][T28125] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:21 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:21 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x8dffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:21 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
socket(0x10, 0x80002, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x332, 0x0)

01:39:21 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x700)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x6558000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:21 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x242e40, 0x0)
r1 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r3=>0x0)
keyctl$chown(0x4, r1, r2, r3)
write$FUSE_ATTR(r0, &(0x7f0000000200)={0x78, 0x0, 0x7, {0x200, 0x3, 0x0, {0x4, 0x4, 0xffffffffffffffc0, 0x100, 0x3, 0x7fffffff, 0x80000001, 0x40, 0x7, 0x6, 0x8001, 0xee00, r3, 0x1, 0x81}}}, 0x78)
r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={<r5=>0x0, <r6=>0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000000)='/dev/urandom\x00'}, 0x30)
fcntl$lock(r6, 0x42, &(0x7f0000000080)={0x1, 0x2, 0x6, 0xfff, r5})
r7 = getpgrp(0x0)
setpriority(0x0, r7, 0x100)
getpgrp(0x0)
r8 = dup(r4)
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r12 = dup2(r10, r11)
ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200)
mq_notify(r12, &(0x7f0000000180)={0x0, 0x13, 0x4, @tid=r7})
ftruncate(r9, 0xee72)
sendfile(r8, r9, 0x0, 0x8000fffffffe)

01:39:21 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
socket(0x10, 0x80002, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x332, 0x0)

01:39:21 executing program 1:
r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x7, 0x226c00)
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mISDNtimer\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000080))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$EVIOCGABS20(r4, 0x80184560, &(0x7f00000001c0)=""/193)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r6 = dup(r5)
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r7, 0xee72)
sendfile(r6, r7, 0x0, 0x8000fffffffe)
ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, &(0x7f0000000180))

01:39:21 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xa79e010000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:21 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
socket(0x10, 0x80002, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x332, 0x0)

01:39:21 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
r3 = syz_open_dev$sndpcmp(&(0x7f0000001800)='/dev/snd/pcmC#D#p\x00', 0x2, 0x40)
r4 = socket(0x10, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r6=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x70, &(0x7f0000000080)={r6, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r6, 0x80, 0x6}, 0xc)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000001840)={<r7=>r6, 0x86, "08dd033509a7d2ff6979a137c6b531ad5f3a950ebc4c3e3b92bd1b37983a344d6206e34183c0dc10d6c7865eec4fb551d07e06e6d7c289a1346d46814336249c15e106c0314baac0a9bc31f8d95893f0f4aca1d5ed70db345067b51b0518bb55b8fcdf2cfe34d92a46da6692b9cd398a6c0c78021c13cd2daf709288ea2170ec5c3d913849dc"}, &(0x7f0000001900)=0x8e)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000001940)={r7, 0x8, 0x6, [0x7fffffff, 0x5, 0x200, 0x9, 0x2, 0x80000000]}, 0x14)
r8 = semget(0x3, 0x4, 0xb)
semctl$SETVAL(r8, 0x0, 0x10, &(0x7f0000000000)=0x2)
semctl$SETVAL(r8, 0x4, 0x10, &(0x7f0000000000)=0xb12b)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r11 = dup2(r9, r10)
ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200)
sendmsg$rds(r11, &(0x7f00000017c0)={&(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10, &(0x7f0000001640)=[{&(0x7f0000000180)=""/193, 0xc1}, {&(0x7f0000000280)=""/226, 0xe2}, {&(0x7f0000000080)=""/50, 0x32}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/157, 0x9d}, {&(0x7f0000001440)=""/197, 0xc5}, {&(0x7f0000001540)=""/238, 0xee}, {&(0x7f0000002040)=""/4096, 0x1000}], 0x8, &(0x7f0000001740)=[@mask_fadd={0x58, 0x114, 0x8, {{0x1, 0x100000000}, &(0x7f00000016c0)=0x7, &(0x7f0000001700)=0x1, 0xfc46, 0x3, 0xffffffffffffe478, 0xfc, 0x8, 0x10}}], 0x58, 0x10}, 0x1)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1279.874639][T28530] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1279.880007][T28530] CPU: 1 PID: 28530 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1279.887633][T28530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1279.897684][T28530] Call Trace:
[ 1279.900985][T28530]  dump_stack+0x172/0x1f0
[ 1279.905341][T28530]  handle_userfault.cold+0x41/0x5d
[ 1279.910473][T28530]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1279.916748][T28530]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1279.922040][T28530]  ? find_get_entry+0x535/0x880
[ 1279.926894][T28530]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1279.932604][T28530]  ? ___might_sleep+0x163/0x2c0
[ 1279.937455][T28530]  ? __kasan_check_read+0x11/0x20
[ 1279.942476][T28530]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1279.948719][T28530]  ? find_lock_entry+0x1a7/0x560
[ 1279.953656][T28530]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1279.959815][T28530]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1279.964947][T28530]  ? shmem_unuse_inode+0x1010/0x1010
[ 1279.970236][T28530]  ? lock_downgrade+0x920/0x920
[ 1279.975087][T28530]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1279.981316][T28530]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1279.987555][T28530]  shmem_fault+0x22a/0x7b0
[ 1279.991977][T28530]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1279.997958][T28530]  ? find_get_entry+0x880/0x880
[ 1280.002822][T28530]  ? pmd_val+0x85/0x100
[ 1280.002838][T28530]  __do_fault+0x111/0x540
[ 1280.002851][T28530]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1280.002869][T28530]  __handle_mm_fault+0x2dca/0x4040
[ 1280.022631][T28530]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1280.028186][T28530]  ? handle_mm_fault+0x292/0xa80
[ 1280.033135][T28530]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1280.039372][T28530]  ? __kasan_check_read+0x11/0x20
[ 1280.039391][T28530]  handle_mm_fault+0x3b7/0xa80
[ 1280.039412][T28530]  __do_page_fault+0x536/0xdd0
[ 1280.053943][T28530]  do_page_fault+0x38/0x590
[ 1280.058448][T28530]  page_fault+0x39/0x40
[ 1280.062598][T28530] RIP: 0033:0x4533a0
[ 1280.066571][T28530] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1280.066580][T28530] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1280.066590][T28530] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1280.066602][T28530] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1280.108208][T28530] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1280.116191][T28530] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
01:39:21 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x8100000000000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:22 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xc400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:22 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:22 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, 0x0, 0x0, 0x0)

[ 1280.124658][T28530] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1280.315411][T28649] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1280.321479][T28649] CPU: 1 PID: 28649 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1280.329016][T28649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1280.339067][T28649] Call Trace:
[ 1280.342380][T28649]  dump_stack+0x172/0x1f0
[ 1280.346726][T28649]  handle_userfault.cold+0x41/0x5d
[ 1280.351835][T28649]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1280.358099][T28649]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1280.363388][T28649]  ? find_get_entry+0x535/0x880
[ 1280.368313][T28649]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1280.374031][T28649]  ? __kasan_check_read+0x11/0x20
[ 1280.379080][T28649]  ? __kasan_check_read+0x11/0x20
[ 1280.384099][T28649]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1280.390334][T28649]  ? find_lock_entry+0x1a7/0x560
[ 1280.395262][T28649]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1280.401422][T28649]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1280.406534][T28649]  ? shmem_unuse_inode+0x1010/0x1010
[ 1280.411812][T28649]  ? lock_downgrade+0x920/0x920
[ 1280.416658][T28649]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1280.422891][T28649]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1280.429129][T28649]  shmem_fault+0x22a/0x7b0
[ 1280.433548][T28649]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1280.439529][T28649]  ? find_get_entry+0x880/0x880
[ 1280.444487][T28649]  ? pmd_val+0x85/0x100
[ 1280.448647][T28649]  __do_fault+0x111/0x540
[ 1280.452971][T28649]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1280.459229][T28649]  __handle_mm_fault+0x2dca/0x4040
[ 1280.464343][T28649]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1280.469881][T28649]  ? handle_mm_fault+0x292/0xa80
[ 1280.474810][T28649]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1280.474826][T28649]  ? __kasan_check_read+0x11/0x20
[ 1280.486054][T28649]  handle_mm_fault+0x3b7/0xa80
[ 1280.486075][T28649]  __do_page_fault+0x536/0xdd0
[ 1280.486101][T28649]  do_page_fault+0x38/0x590
[ 1280.495571][T28649]  page_fault+0x39/0x40
[ 1280.495582][T28649] RIP: 0033:0x4533a0
01:39:22 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x900)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:22 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, 0x0, 0x0, 0x0)

01:39:22 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xe803000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:22 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
getpid()
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:22 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x88a8ffff00000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:22 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$DRM_IOCTL_AGP_RELEASE(r4, 0x6431)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r1, r5, 0x0, 0x8000fffffffe)

[ 1280.495596][T28649] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1280.495603][T28649] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1280.495618][T28649] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1280.504219][T28649] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1280.504227][T28649] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1280.504234][T28649] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1280.504242][T28649] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:22 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, 0x0, 0x0, 0x0)

[ 1280.697685][T28914] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1280.743292][T28914] CPU: 0 PID: 28914 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1280.750956][T28914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1280.761024][T28914] Call Trace:
[ 1280.764326][T28914]  dump_stack+0x172/0x1f0
[ 1280.768676][T28914]  handle_userfault.cold+0x41/0x5d
[ 1280.773795][T28914]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1280.780052][T28914]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1280.785339][T28914]  ? find_get_entry+0x535/0x880
01:39:22 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
r3 = dup(r2)
ioctl$CAPI_GET_ERRCODE(r2, 0x80024321, &(0x7f0000000000))
statx(r3, &(0x7f0000000040)='./bus\x00', 0x2000, 0x2, &(0x7f0000000180))
r4 = socket(0x10, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r6=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x70, &(0x7f0000000080)={r6, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r6, 0x80, 0x6}, 0xc)
getsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r6, 0xaf9}, &(0x7f0000000280)=0x8)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1280.790201][T28914]  ? __kasan_check_read+0x11/0x20
[ 1280.795262][T28914]  ? mark_lock+0xc2/0x1220
[ 1280.799680][T28914]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1280.805410][T28914]  ? __kasan_check_read+0x11/0x20
[ 1280.810428][T28914]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1280.816662][T28914]  ? find_lock_entry+0x1a7/0x560
[ 1280.821598][T28914]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1280.827751][T28914]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1280.832872][T28914]  ? shmem_unuse_inode+0x1010/0x1010
[ 1280.838159][T28914]  ? lock_downgrade+0x920/0x920
[ 1280.843134][T28914]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1280.849505][T28914]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1280.855755][T28914]  shmem_fault+0x22a/0x7b0
[ 1280.860177][T28914]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1280.866159][T28914]  ? find_get_entry+0x880/0x880
[ 1280.871005][T28914]  ? pmd_val+0x85/0x100
[ 1280.875165][T28914]  __do_fault+0x111/0x540
[ 1280.879504][T28914]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1280.885756][T28914]  __handle_mm_fault+0x2dca/0x4040
[ 1280.890866][T28914]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1280.896410][T28914]  ? handle_mm_fault+0x292/0xa80
[ 1280.901362][T28914]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1280.907612][T28914]  ? __kasan_check_read+0x11/0x20
[ 1280.912635][T28914]  handle_mm_fault+0x3b7/0xa80
[ 1280.917399][T28914]  __do_page_fault+0x536/0xdd0
[ 1280.922160][T28914]  do_page_fault+0x38/0x590
[ 1280.926664][T28914]  page_fault+0x39/0x40
[ 1280.930821][T28914] RIP: 0033:0x4533a0
01:39:23 executing program 0:
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1280.934711][T28914] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1280.954308][T28914] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1280.960365][T28914] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1280.968331][T28914] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1280.976303][T28914] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1280.984352][T28914] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1280.992312][T28914] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:23 executing program 3 (fault-call:4 fault-nth:0):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x9effffff00000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:23 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x192ab1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:23 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x2000)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:23 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000000)='syz0\x00')
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1281.194611][T29271] FAULT_INJECTION: forcing a failure.
[ 1281.194611][T29271] name failslab, interval 1, probability 0, space 0, times 0
[ 1281.262421][T29271] CPU: 1 PID: 29271 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1281.269994][T29271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1281.270001][T29271] Call Trace:
[ 1281.270024][T29271]  dump_stack+0x172/0x1f0
[ 1281.270045][T29271]  should_fail.cold+0xa/0x15
[ 1281.270060][T29271]  ? fault_create_debugfs_attr+0x180/0x180
[ 1281.270081][T29271]  ? ___might_sleep+0x163/0x2c0
[ 1281.302921][T29271]  __should_failslab+0x121/0x190
[ 1281.307858][T29271]  should_failslab+0x9/0x14
[ 1281.312350][T29271]  kmem_cache_alloc_node+0x268/0x740
[ 1281.312378][T29271]  __alloc_skb+0xd5/0x5e0
[ 1281.312397][T29271]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 1281.312413][T29271]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1281.312433][T29271]  ? netlink_autobind.isra.0+0x228/0x310
[ 1281.333853][T29271]  netlink_sendmsg+0x972/0xd60
[ 1281.333875][T29271]  ? netlink_unicast+0x710/0x710
[ 1281.333889][T29271]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1281.333909][T29271]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1281.333928][T29271]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1281.349197][T29271]  ? security_socket_sendmsg+0x8d/0xc0
[ 1281.360153][T29271]  ? netlink_unicast+0x710/0x710
[ 1281.360172][T29271]  sock_sendmsg+0xd7/0x130
[ 1281.360190][T29271]  ___sys_sendmsg+0x3e2/0x920
[ 1281.360209][T29271]  ? copy_msghdr_from_user+0x440/0x440
[ 1281.371874][T29271]  ? lock_downgrade+0x920/0x920
[ 1281.371895][T29271]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1281.371918][T29271]  ? __kasan_check_read+0x11/0x20
[ 1281.371938][T29271]  ? __fget+0x384/0x560
[ 1281.391435][T29271]  ? ksys_dup3+0x3e0/0x3e0
[ 1281.391452][T29271]  ? find_held_lock+0x35/0x130
[ 1281.391470][T29271]  ? get_pid_task+0xc9/0x190
[ 1281.391487][T29271]  ? __fget_light+0x1a9/0x230
[ 1281.391505][T29271]  ? __fdget+0x1b/0x20
[ 1281.402580][T29271]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1281.402598][T29271]  ? sockfd_lookup_light+0xcb/0x180
[ 1281.402616][T29271]  __sys_sendmmsg+0x1bf/0x4d0
[ 1281.402635][T29271]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1281.402668][T29271]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1281.411791][T29271]  ? fput_many+0x12c/0x1a0
[ 1281.411807][T29271]  ? fput+0x1b/0x20
[ 1281.411821][T29271]  ? ksys_write+0x1cf/0x290
[ 1281.411840][T29271]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1281.411860][T29271]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1281.420996][T29271]  ? do_syscall_64+0x26/0x760
[ 1281.421012][T29271]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1281.421026][T29271]  ? do_syscall_64+0x26/0x760
[ 1281.421045][T29271]  __x64_sys_sendmmsg+0x9d/0x100
[ 1281.421062][T29271]  do_syscall_64+0xfa/0x760
[ 1281.421079][T29271]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1281.430317][T29271] RIP: 0033:0x459a09
[ 1281.430331][T29271] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1281.430338][T29271] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1281.430351][T29271] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1281.430358][T29271] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1281.430365][T29271] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1281.430371][T29271] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1281.430382][T29271] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
[ 1281.446141][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1281.446193][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1281.446299][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1281.446343][    C0] protocol 88fb is buggy, dev hsr_slave_1
01:39:23 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf003000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:23 executing program 1:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/hwrng\x00', 0xa1d42e43472fe1c9, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000800))
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

01:39:23 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000000)={{0xa5, 0x9, 0xfffffffffffff924, 0xfffffffffffffffb}, 'syz0\x00', 0x37})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000200)={r5, &(0x7f0000000080)="71f53eecfd3e2dd3345733eff3e375177520271f2d06c6870114fe60af01c1771cae4bc4a9c31475d1866f90b701cc7bdb788e49bc", &(0x7f0000000180)=""/70, 0x2}, 0x20)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:23 executing program 3 (fault-call:4 fault-nth:1):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1281.446452][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1281.446495][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1281.446598][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1281.446639][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1281.446739][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1281.446781][    C0] protocol 88fb is buggy, dev hsr_slave_1
01:39:23 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xf0ffffff00000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1281.725554][T29501] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1281.761939][T29501] CPU: 0 PID: 29501 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1281.769593][T29501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1281.769776][T29509] FAULT_INJECTION: forcing a failure.
[ 1281.769776][T29509] name failslab, interval 1, probability 0, space 0, times 0
[ 1281.779656][T29501] Call Trace:
[ 1281.779680][T29501]  dump_stack+0x172/0x1f0
[ 1281.779717][T29501]  handle_userfault.cold+0x41/0x5d
[ 1281.779736][T29501]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1281.779763][T29501]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1281.779779][T29501]  ? find_get_entry+0x535/0x880
[ 1281.779794][T29501]  ? __kasan_check_read+0x11/0x20
[ 1281.779807][T29501]  ? mark_lock+0xc2/0x1220
[ 1281.779826][T29501]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1281.836476][T29501]  ? __kasan_check_read+0x11/0x20
[ 1281.841495][T29501]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1281.847735][T29501]  ? find_lock_entry+0x1a7/0x560
[ 1281.852672][T29501]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1281.858822][T29501]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1281.863938][T29501]  ? shmem_unuse_inode+0x1010/0x1010
[ 1281.869217][T29501]  ? lock_downgrade+0x920/0x920
[ 1281.874060][T29501]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1281.880287][T29501]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1281.886531][T29501]  shmem_fault+0x22a/0x7b0
[ 1281.890949][T29501]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1281.896941][T29501]  ? find_get_entry+0x880/0x880
[ 1281.901788][T29501]  ? pmd_val+0x85/0x100
[ 1281.905942][T29501]  __do_fault+0x111/0x540
[ 1281.910277][T29501]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1281.916521][T29501]  __handle_mm_fault+0x2dca/0x4040
[ 1281.921629][T29501]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1281.927163][T29501]  ? handle_mm_fault+0x292/0xa80
[ 1281.932124][T29501]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1281.938356][T29501]  ? __kasan_check_read+0x11/0x20
[ 1281.943381][T29501]  handle_mm_fault+0x3b7/0xa80
[ 1281.948147][T29501]  __do_page_fault+0x536/0xdd0
[ 1281.952911][T29501]  do_page_fault+0x38/0x590
[ 1281.957409][T29501]  page_fault+0x39/0x40
[ 1281.961556][T29501] RIP: 0033:0x4533a0
[ 1281.965448][T29501] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1281.985041][T29501] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1281.991094][T29501] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1281.999055][T29501] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1282.007022][T29501] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1282.014989][T29501] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1282.022949][T29501] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1282.030931][T29509] CPU: 1 PID: 29509 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1282.038496][T29509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1282.048549][T29509] Call Trace:
[ 1282.051845][T29509]  dump_stack+0x172/0x1f0
[ 1282.056183][T29509]  should_fail.cold+0xa/0x15
[ 1282.060782][T29509]  ? fault_create_debugfs_attr+0x180/0x180
[ 1282.066594][T29509]  ? ___might_sleep+0x163/0x2c0
[ 1282.071454][T29509]  __should_failslab+0x121/0x190
[ 1282.076388][T29509]  should_failslab+0x9/0x14
[ 1282.080888][T29509]  kmem_cache_alloc_node_trace+0x274/0x750
[ 1282.086690][T29509]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 1282.086704][T29509]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1282.086723][T29509]  __kmalloc_node_track_caller+0x3d/0x70
[ 1282.086739][T29509]  __kmalloc_reserve.isra.0+0x40/0xf0
[ 1282.086756][T29509]  __alloc_skb+0x10b/0x5e0
[ 1282.113948][T29509]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 1282.119497][T29509]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1282.125842][T29509]  ? netlink_autobind.isra.0+0x228/0x310
[ 1282.131487][T29509]  netlink_sendmsg+0x972/0xd60
[ 1282.136253][T29509]  ? netlink_unicast+0x710/0x710
[ 1282.136268][T29509]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1282.136282][T29509]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1282.136300][T29509]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1282.158429][T29509]  ? security_socket_sendmsg+0x8d/0xc0
[ 1282.163909][T29509]  ? netlink_unicast+0x710/0x710
[ 1282.168852][T29509]  sock_sendmsg+0xd7/0x130
[ 1282.168872][T29509]  ___sys_sendmsg+0x3e2/0x920
[ 1282.168891][T29509]  ? copy_msghdr_from_user+0x440/0x440
[ 1282.168910][T29509]  ? lock_downgrade+0x920/0x920
[ 1282.168929][T29509]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1282.183422][T29509]  ? __kasan_check_read+0x11/0x20
[ 1282.183441][T29509]  ? __fget+0x384/0x560
[ 1282.183460][T29509]  ? ksys_dup3+0x3e0/0x3e0
[ 1282.183475][T29509]  ? find_held_lock+0x35/0x130
[ 1282.183492][T29509]  ? get_pid_task+0xc9/0x190
[ 1282.203676][T29509]  ? __fget_light+0x1a9/0x230
[ 1282.203691][T29509]  ? __fdget+0x1b/0x20
[ 1282.203705][T29509]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1282.203718][T29509]  ? sockfd_lookup_light+0xcb/0x180
[ 1282.203735][T29509]  __sys_sendmmsg+0x1bf/0x4d0
[ 1282.222100][T29509]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1282.222137][T29509]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1282.232415][T29509]  ? fput_many+0x12c/0x1a0
[ 1282.232429][T29509]  ? fput+0x1b/0x20
01:39:24 executing program 0:
set_thread_area(&(0x7f0000000000)={0x5f69c351, 0x0, 0x1000, 0x0, 0x5, 0x7fff, 0xe2, 0x800, 0x7, 0x5})
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:24 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000040), &(0x7f0000000080)=0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = shmget(0x2, 0x2000, 0x1414, &(0x7f0000ffe000/0x2000)=nil)
geteuid()
fstat(r4, &(0x7f0000000140))
r7 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', 0x101000, 0x38)
ioctl$VIDIOC_S_JPEGCOMP(r7, 0x408c563e, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(0xffffffffffffffff, 0xc0945662, 0x0)
r8 = syz_open_dev$midi(0x0, 0x0, 0x101000)
ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f00000001c0))
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r8, 0xc1105511, &(0x7f0000000400)={{0xa, 0x0, 0x0, 0x2, 'syz0\x00'}, 0x6, 0x100, 0x0, 0x0, 0x1, 0x0, 'syz0\x00', &(0x7f0000000200)=['/dev/v4l-subdev#\x00'], 0x11, [], [0x0, 0x0, 0x400, 0x9]})
ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000240))
semget(0x2, 0x4, 0x1)
shmctl$IPC_SET(r6, 0x1, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c0000002200290f0000100000000000000000000000000000000000040000000c00143533a326fde3213c9d527aa057ee0e90f49a040de45dcdba4a9cec468ed50970eca4472e4ad7ad3610da5e6ec7af9a991f1dbcadbc3b46df723b2267589ed4282d029012e3bc6821307659cc7993a7e6344c380900000096fdee980d70cf1aab8a2c5c8e8bbb9120972e48269a2b1f1fca184ba8acda751565cb3c7472119345323c288a8570b67ce55f6d01c8ee7aa86c9a15010b3446d80870e55859ff910050d02342c6f3c8d97ad6ca1c12117248214d03a2c948409d73f8e9991a80125274f46a54839450f29ce0417f8b157d9c3be5302de4580788444373af056eb9552b38448b8da038320fd0d685d323ef761a8161f04b7413ba1feac2d1d29075a04f5c89d9a11f24900667c1c019d00016b2a431f99ecc3713994c2e4cbebfde23cfc7b3b0bc0b62c5602d3fa29a7977f3c23c7cb24c032acbaa38c56b13869fba4d89f4e514fbdcc205fe79c5071400154a11e70b02000000000000005b73be218470cd7ef44a1f6bc148cc1ca55b994dc27030648904732f501d35fab4e24d25b4bf9021aa63ef54e7f947272a06947c29dc3958830877329bf72225e8fd058b4b82cb514df51379500ee4bd00151194990dbff93cef5b388ff3e3ad3c064dabad8d1b03ad74b8ea2357f8f8e5e9615e302e401a2462f2b0614df99924cc878f0a552275ea1d53e57fac82a5e73adb64a51ba2203d3134f209972e832c1879e3faa1215af605c55e5962b7c37b5486b4a8e1c39ee04954c3118ac18070431fa836dfc86e87438dc00733e66d7219acb0a9005b487aecbcc05b1e50379b72d6081ab2a82944176a55142c4fd2ecbfe707bea47b9bb5996a079f5710034fb2a874fb7d5f4a74ff35f87fb3c2b30ae46005de7eefc09d3036acd1be423844e9f4ac74a4f2bc7e0d1e7a8911b4fc3145621f820a42435a3f48debde2a8484805715469ee810000000000000000000000000000e7b05d7165eeefbf638c58d0a822b53c259007238b4e65ce37df6394ebc02301c6e5b3c9411f9b176e14ace99a2052ae2971e310fb0bef7e219fe226fcfb782a39c2784eff4370f73d3abc1f302926f5d172ded825d358559dbe14185deed1c8f8dd3416fe3b1418430fe1ff397a23fe122a3c87c5c9fe2e0d16618882746eb21c9547df50fff4b7bc2c284bf4d420edc919bffc86b2f35e8683b92d6d2d58474917ed4aff7f0000a27d6d1c450000", @ANYRES32=0x0, @ANYRES32=0x0], 0x2c}}, 0x0)
ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x4030560b, &(0x7f0000000000)={0x0, 0x1, &(0x7f00000000c0)="6e2e4656ac88", {0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x236359652e0ae99c}})
r9 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
ioctl$PPPOEIOCSFWD(r9, 0x4008b100, &(0x7f0000000000)={0x18, 0x0, {0x1, @empty, 'rose0\x00'}})
r10 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r10, 0xee72)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='trusted.overlay.opaque\x00', &(0x7f0000000300)='y\x00', 0x2, 0x1)
sendfile(r1, r10, 0x0, 0x8000fffffffe)

[ 1282.232445][T29509]  ? ksys_write+0x1cf/0x290
[ 1282.247368][T29509]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1282.247384][T29509]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1282.247398][T29509]  ? do_syscall_64+0x26/0x760
[ 1282.247413][T29509]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1282.247429][T29509]  ? do_syscall_64+0x26/0x760
[ 1282.261870][T29509]  __x64_sys_sendmmsg+0x9d/0x100
[ 1282.261890][T29509]  do_syscall_64+0xfa/0x760
[ 1282.261909][T29509]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1282.261918][T29509] RIP: 0033:0x459a09
[ 1282.261935][T29509] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1282.277273][T29509] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1282.277287][T29509] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1282.277295][T29509] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1282.277303][T29509] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1282.277312][T29509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1282.277320][T29509] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
01:39:24 executing program 3 (fault-call:4 fault-nth:2):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:24 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xf1ffffff00000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:24 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video0\x00', 0x2, 0x0)
ioctl$VIDIOC_QUERY_DV_TIMINGS(r1, 0x80845663, &(0x7f0000000180)={0x0, @reserved})
r2 = dup(r0)
ioctl$TCSETAW(r2, 0x5407, &(0x7f0000000000)={0x20, 0x3, 0x80000000, 0x8, 0x13, 0x7ff, 0xffffffffffffff81, 0xc5, 0x2, 0x33bbb9cc})
fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000040))
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r6 = dup2(r4, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$RTC_EPOCH_SET(r6, 0x4008700e, 0x0)
r7 = socket$bt_bnep(0x1f, 0x3, 0x4)
sendmsg$sock(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000240)="0ed8bbc6a163a18dbe348ad8bc2cb7cc40f5880a30a585aa72bf0ffd1d8f9544a613c096692617a295e2688e345b1e67f84814487b43f802cf7dbc94be9db5abd55ea1bd88e12ee98321e8f42f06fff022643bd2d56a7bb5a1dc979a47bc245cc3fb0ab198bd5b789a8dcd1a041a2bde06353fb515c8d3e6f01f4edcc8199dd321c7b983b0acca1c340b9b69546021d30c1d25e8500f6ce290a4183b35658482b5622d669c0af6df503912", 0xab}, {&(0x7f0000000300)="1b926ae09f51bff0a7096c52d4377c43885a6f735dce3be48f70e86f4139ad076f7ff803cd1694e579adabc756dd4933c94f13e4996b8bc0b828d529a4ff1e5a94a025f1abe44f56a921e93c38a31988f766b104d7b0fd79a2560ca920111ca26303f94a915588e1d6bc568c7f8c61ce1474f2203445b334f06a98b3f3238f531d8b388bd14efce4ce94f2243e2f510846566e7cbc64840c43cb689bbc25835ed44596e13a75e5305ce2a58e7d5760ebf49a4f714b39f5b30447b051583bf27b08352eec8721a4498d80a62ba03a4220e8de30aafbce4dfd262b16976fc8d0c191330eccc0baa8d249762ecb718e7a80fc6dd69796", 0xf5}, {&(0x7f0000000400)="ee3a55f2975afd450fd15dadc05e0e66745403ba68088dcb8752642fd17a", 0x1e}, {&(0x7f0000000440)="28b935e80248964c3ce8c24476435b7c79de95c48ba6e9b7c0", 0x19}], 0x4, &(0x7f00000004c0)=[@mark={{0x14, 0x1, 0x24, 0x625}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @mark={{0x14, 0x1, 0x24, 0x8}}, @mark={{0x14, 0x1, 0x24, 0x9}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0x80000000}}], 0x90}, 0x800)
ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f00000005c0)=0x1)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

[ 1282.502294][T29501] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1282.529520][T29501] CPU: 1 PID: 29501 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1282.537106][T29501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1282.547201][T29501] Call Trace:
[ 1282.550498][T29501]  dump_stack+0x172/0x1f0
[ 1282.554835][T29501]  handle_userfault.cold+0x41/0x5d
[ 1282.559948][T29501]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1282.566197][T29501]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1282.571485][T29501]  ? find_get_entry+0x535/0x880
[ 1282.576340][T29501]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1282.582047][T29501]  ? ___might_sleep+0x163/0x2c0
[ 1282.582066][T29501]  ? __kasan_check_read+0x11/0x20
[ 1282.582077][T29501]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1282.582093][T29501]  ? find_lock_entry+0x1a7/0x560
[ 1282.603077][T29501]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1282.609239][T29501]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1282.614365][T29501]  ? shmem_unuse_inode+0x1010/0x1010
[ 1282.619662][T29501]  ? lock_downgrade+0x920/0x920
[ 1282.624507][T29501]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1282.624520][T29501]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1282.624537][T29501]  shmem_fault+0x22a/0x7b0
[ 1282.624558][T29501]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1282.641389][T29501]  ? find_get_entry+0x880/0x880
[ 1282.641407][T29501]  ? pmd_val+0x85/0x100
[ 1282.641425][T29501]  __do_fault+0x111/0x540
[ 1282.641444][T29501]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1282.652239][T29501]  __handle_mm_fault+0x2dca/0x4040
[ 1282.652259][T29501]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1282.652273][T29501]  ? handle_mm_fault+0x292/0xa80
[ 1282.652297][T29501]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1282.660854][T29501]  ? __kasan_check_read+0x11/0x20
[ 1282.660873][T29501]  handle_mm_fault+0x3b7/0xa80
[ 1282.660893][T29501]  __do_page_fault+0x536/0xdd0
[ 1282.660915][T29501]  do_page_fault+0x38/0x590
[ 1282.672218][T29501]  page_fault+0x39/0x40
[ 1282.672229][T29501] RIP: 0033:0x4533a0
[ 1282.672243][T29501] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1282.672250][T29501] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1282.682680][T29501] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1282.682688][T29501] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1282.682695][T29501] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1282.682703][T29501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1282.682710][T29501] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1282.785597][T29848] FAULT_INJECTION: forcing a failure.
[ 1282.785597][T29848] name failslab, interval 1, probability 0, space 0, times 0
[ 1282.840411][T29848] CPU: 1 PID: 29848 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1282.840425][T29848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1282.858103][T29848] Call Trace:
[ 1282.858133][T29848]  dump_stack+0x172/0x1f0
[ 1282.858155][T29848]  should_fail.cold+0xa/0x15
[ 1282.858173][T29848]  ? fault_create_debugfs_attr+0x180/0x180
[ 1282.858201][T29848]  __should_failslab+0x121/0x190
[ 1282.865763][T29848]  should_failslab+0x9/0x14
[ 1282.865775][T29848]  kmem_cache_alloc+0x47/0x710
[ 1282.865792][T29848]  ? lock_acquire+0x190/0x410
[ 1282.865805][T29848]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1282.865820][T29848]  skb_clone+0x154/0x3d0
[ 1282.865837][T29848]  netlink_deliver_tap+0x94d/0xbf0
[ 1282.865857][T29848]  netlink_unicast+0x5a2/0x710
[ 1282.876211][T29848]  ? netlink_attachskb+0x7c0/0x7c0
[ 1282.876224][T29848]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1282.876238][T29848]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1282.876253][T29848]  ? __check_object_size+0x3d/0x437
[ 1282.876271][T29848]  netlink_sendmsg+0x8a5/0xd60
[ 1282.876289][T29848]  ? netlink_unicast+0x710/0x710
[ 1282.946298][T29848]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1282.951840][T29848]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1282.957288][T29848]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1282.957305][T29848]  ? security_socket_sendmsg+0x8d/0xc0
[ 1282.957320][T29848]  ? netlink_unicast+0x710/0x710
[ 1282.957338][T29848]  sock_sendmsg+0xd7/0x130
[ 1282.968993][T29848]  ___sys_sendmsg+0x3e2/0x920
[ 1282.969014][T29848]  ? copy_msghdr_from_user+0x440/0x440
[ 1282.969032][T29848]  ? lock_downgrade+0x920/0x920
[ 1282.969059][T29848]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1282.969077][T29848]  ? __kasan_check_read+0x11/0x20
[ 1282.978378][T29848]  ? __fget+0x384/0x560
[ 1282.978398][T29848]  ? ksys_dup3+0x3e0/0x3e0
[ 1282.988494][T29848]  ? find_held_lock+0x35/0x130
[ 1282.988510][T29848]  ? get_pid_task+0xc9/0x190
[ 1282.988528][T29848]  ? __fget_light+0x1a9/0x230
[ 1282.988541][T29848]  ? __fdget+0x1b/0x20
[ 1282.988553][T29848]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1282.988569][T29848]  ? sockfd_lookup_light+0xcb/0x180
[ 1283.042605][T29848]  __sys_sendmmsg+0x1bf/0x4d0
[ 1283.047313][T29848]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1283.052353][T29848]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1283.058699][T29848]  ? fput_many+0x12c/0x1a0
[ 1283.063111][T29848]  ? fput+0x1b/0x20
[ 1283.063126][T29848]  ? ksys_write+0x1cf/0x290
[ 1283.063144][T29848]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1283.076893][T29848]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1283.076906][T29848]  ? do_syscall_64+0x26/0x760
[ 1283.076919][T29848]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1283.076931][T29848]  ? do_syscall_64+0x26/0x760
[ 1283.076946][T29848]  __x64_sys_sendmmsg+0x9d/0x100
[ 1283.076961][T29848]  do_syscall_64+0xfa/0x760
[ 1283.087040][T29848]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1283.087051][T29848] RIP: 0033:0x459a09
[ 1283.087063][T29848] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
01:39:25 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x3f00)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:25 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf103000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:25 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000000)=0x4, 0x4)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socket$kcm(0x29, 0x2, 0x0)

01:39:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xfcffffff00000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:25 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
accept4$tipc(r5, &(0x7f0000000080)=@id, &(0x7f0000000180)=0x10, 0x800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r8 = dup2(r6, r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ftruncate(r8, 0xee75)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1283.087070][T29848] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1283.087082][T29848] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1283.087089][T29848] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1283.087100][T29848] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1283.136558][T29848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1283.136567][T29848] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
01:39:25 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x480, 0x0)
r0 = dup(0xffffffffffffffff)
r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r1, 0xee72)
sendfile(r0, r1, 0x0, 0x8000fffffffe)

01:39:25 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r3, r4)
ioctl$sock_netdev_private(r3, 0x89fd, &(0x7f0000000000)="f5d39be2")
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:25 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xffffff7f00000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:25 executing program 1:
perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x9, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f00000000c0)={0xd946, 0x4, 0x6, 0xfffffffffffff5e7})
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r3 = openat$cgroup(r2, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0)
ftruncate(r2, 0xee72)
signalfd4(r1, &(0x7f0000000080)={0x5}, 0x8, 0xc00)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
fcntl$getownex(r3, 0x10, &(0x7f0000000040))

[ 1283.419820][T30256] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1283.449939][T30256] CPU: 1 PID: 30256 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1283.457515][T30256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1283.467564][T30256] Call Trace:
[ 1283.470859][T30256]  dump_stack+0x172/0x1f0
[ 1283.475199][T30256]  handle_userfault.cold+0x41/0x5d
[ 1283.480311][T30256]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1283.486557][T30256]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1283.491837][T30256]  ? find_get_entry+0x535/0x880
[ 1283.491852][T30256]  ? __kasan_check_read+0x11/0x20
[ 1283.491870][T30256]  ? mark_lock+0xc2/0x1220
[ 1283.506208][T30256]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1283.511928][T30256]  ? __kasan_check_read+0x11/0x20
[ 1283.516947][T30256]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1283.523182][T30256]  ? find_lock_entry+0x1a7/0x560
[ 1283.523196][T30256]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1283.523215][T30256]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1283.539383][T30256]  ? shmem_unuse_inode+0x1010/0x1010
[ 1283.539405][T30256]  ? lock_downgrade+0x920/0x920
[ 1283.549513][T30256]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1283.555747][T30256]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1283.555766][T30256]  shmem_fault+0x22a/0x7b0
[ 1283.555783][T30256]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1283.555800][T30256]  ? find_get_entry+0x880/0x880
[ 1283.566400][T30256]  ? pmd_val+0x85/0x100
[ 1283.566416][T30256]  __do_fault+0x111/0x540
[ 1283.566429][T30256]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1283.566446][T30256]  __handle_mm_fault+0x2dca/0x4040
[ 1283.566464][T30256]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1283.585770][T30256]  ? handle_mm_fault+0x292/0xa80
[ 1283.585795][T30256]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1283.585812][T30256]  ? __kasan_check_read+0x11/0x20
[ 1283.585828][T30256]  handle_mm_fault+0x3b7/0xa80
[ 1283.585848][T30256]  __do_page_fault+0x536/0xdd0
[ 1283.597155][T30256]  do_page_fault+0x38/0x590
[ 1283.597175][T30256]  page_fault+0x39/0x40
[ 1283.607611][T30256] RIP: 0033:0x4533a0
01:39:25 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf203000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:25 executing program 1:
r0 = getuid()
ioprio_set$uid(0x3, r0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000000)={0x2, r5, 0x1})
r6 = dup(r1)
r7 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r7, 0xee72)
sendfile(r6, r7, 0x0, 0x8000fffffffe)

01:39:25 executing program 3 (fault-call:4 fault-nth:3):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1283.607627][T30256] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1283.607635][T30256] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1283.607646][T30256] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1283.607655][T30256] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1283.607663][T30256] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1283.607672][T30256] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1283.607681][T30256] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1283.698131][T30345] FAULT_INJECTION: forcing a failure.
[ 1283.698131][T30345] name failslab, interval 1, probability 0, space 0, times 0
[ 1283.719668][T30345] CPU: 1 PID: 30345 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1283.727200][T30345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1283.737251][T30345] Call Trace:
[ 1283.740537][T30345]  dump_stack+0x172/0x1f0
[ 1283.744869][T30345]  should_fail.cold+0xa/0x15
[ 1283.749458][T30345]  ? fault_create_debugfs_attr+0x180/0x180
[ 1283.755263][T30345]  __should_failslab+0x121/0x190
[ 1283.760193][T30345]  should_failslab+0x9/0x14
[ 1283.764686][T30345]  kmem_cache_alloc+0x47/0x710
[ 1283.769459][T30345]  ? lock_acquire+0x190/0x410
[ 1283.774145][T30345]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1283.780424][T30345]  skb_clone+0x154/0x3d0
[ 1283.784673][T30345]  dev_queue_xmit_nit+0x342/0x990
[ 1283.789701][T30345]  ? validate_xmit_xfrm+0x43c/0xf10
[ 1283.794898][T30345]  dev_hard_start_xmit+0xbb/0x9b0
[ 1283.799929][T30345]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1283.806181][T30345]  __dev_queue_xmit+0x2c6f/0x36f0
[ 1283.811219][T30345]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1283.817459][T30345]  ? netdev_core_pick_tx+0x2f0/0x2f0
[ 1283.822738][T30345]  ? __copy_skb_header+0x2d0/0x550
[ 1283.827839][T30345]  ? rcu_read_lock_sched_held+0x9c/0xd0
[ 1283.827857][T30345]  ? sock_spd_release+0x190/0x190
[ 1283.827880][T30345]  ? __kasan_check_write+0x14/0x20
[ 1283.827904][T30345]  ? __skb_clone+0x5c8/0x820
[ 1283.827914][T30345]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1283.827930][T30345]  dev_queue_xmit+0x18/0x20
[ 1283.843584][T30345]  ? dev_queue_xmit+0x18/0x20
[ 1283.843601][T30345]  netlink_deliver_tap+0x8e2/0xbf0
[ 1283.843623][T30345]  netlink_unicast+0x5a2/0x710
[ 1283.843641][T30345]  ? netlink_attachskb+0x7c0/0x7c0
[ 1283.843657][T30345]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1283.854456][T30345]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1283.854472][T30345]  ? __check_object_size+0x3d/0x437
[ 1283.854495][T30345]  netlink_sendmsg+0x8a5/0xd60
[ 1283.854515][T30345]  ? netlink_unicast+0x710/0x710
[ 1283.854528][T30345]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1283.854543][T30345]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1283.854566][T30345]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1283.868792][T30345]  ? security_socket_sendmsg+0x8d/0xc0
[ 1283.868811][T30345]  ? netlink_unicast+0x710/0x710
[ 1283.868829][T30345]  sock_sendmsg+0xd7/0x130
[ 1283.868846][T30345]  ___sys_sendmsg+0x3e2/0x920
[ 1283.868868][T30345]  ? copy_msghdr_from_user+0x440/0x440
[ 1283.884044][T30345]  ? lock_downgrade+0x920/0x920
[ 1283.884065][T30345]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1283.884081][T30345]  ? __kasan_check_read+0x11/0x20
[ 1283.884120][T30345]  ? __fget+0x384/0x560
[ 1283.894995][T30345]  ? ksys_dup3+0x3e0/0x3e0
[ 1283.895011][T30345]  ? find_held_lock+0x35/0x130
[ 1283.895028][T30345]  ? get_pid_task+0xc9/0x190
[ 1283.895046][T30345]  ? __fget_light+0x1a9/0x230
[ 1283.895065][T30345]  ? __fdget+0x1b/0x20
[ 1283.895079][T30345]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1283.895097][T30345]  ? sockfd_lookup_light+0xcb/0x180
[ 1283.904741][T30345]  __sys_sendmmsg+0x1bf/0x4d0
[ 1283.904760][T30345]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1283.904793][T30345]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1283.904807][T30345]  ? fput_many+0x12c/0x1a0
[ 1283.904820][T30345]  ? fput+0x1b/0x20
[ 1283.904831][T30345]  ? ksys_write+0x1cf/0x290
[ 1283.904849][T30345]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1283.915829][T30345]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1283.915844][T30345]  ? do_syscall_64+0x26/0x760
[ 1283.915859][T30345]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1283.915873][T30345]  ? do_syscall_64+0x26/0x760
[ 1283.915891][T30345]  __x64_sys_sendmmsg+0x9d/0x100
[ 1283.915908][T30345]  do_syscall_64+0xfa/0x760
[ 1283.915924][T30345]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1283.915938][T30345] RIP: 0033:0x459a09
[ 1283.927598][T30345] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1283.927606][T30345] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1283.927620][T30345] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1283.927629][T30345] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1283.927638][T30345] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1283.927646][T30345] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1283.927654][T30345] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
[ 1284.083563][T30256] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1284.110377][T30256] CPU: 1 PID: 30256 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1284.120768][T30256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1284.120774][T30256] Call Trace:
[ 1284.120797][T30256]  dump_stack+0x172/0x1f0
[ 1284.120820][T30256]  handle_userfault.cold+0x41/0x5d
[ 1284.120837][T30256]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1284.120864][T30256]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1284.120880][T30256]  ? find_get_entry+0x535/0x880
[ 1284.120899][T30256]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1284.136823][T30256]  ? __kasan_check_read+0x11/0x20
[ 1284.136844][T30256]  ? __kasan_check_read+0x11/0x20
[ 1284.136861][T30256]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1284.136883][T30256]  ? find_lock_entry+0x1a7/0x560
[ 1284.136897][T30256]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1284.136914][T30256]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1284.136941][T30256]  ? shmem_unuse_inode+0x1010/0x1010
[ 1284.150060][T30256]  ? lock_downgrade+0x920/0x920
[ 1284.150078][T30256]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1284.150094][T30256]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1284.150116][T30256]  shmem_fault+0x22a/0x7b0
[ 1284.150141][T30256]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1284.167693][T30256]  ? find_get_entry+0x880/0x880
[ 1284.167710][T30256]  ? pmd_val+0x85/0x100
[ 1284.167726][T30256]  __do_fault+0x111/0x540
[ 1284.167740][T30256]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1284.167758][T30256]  __handle_mm_fault+0x2dca/0x4040
[ 1284.167779][T30256]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1284.175352][T30256]  ? handle_mm_fault+0x292/0xa80
[ 1284.175377][T30256]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1284.175395][T30256]  ? __kasan_check_read+0x11/0x20
[ 1284.175412][T30256]  handle_mm_fault+0x3b7/0xa80
[ 1284.175431][T30256]  __do_page_fault+0x536/0xdd0
[ 1284.175453][T30256]  do_page_fault+0x38/0x590
[ 1284.186749][T30256]  page_fault+0x39/0x40
[ 1284.186760][T30256] RIP: 0033:0x4533a0
[ 1284.186775][T30256] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1284.186782][T30256] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1284.186793][T30256] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1284.186799][T30256] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1284.186811][T30256] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1284.332437][T30256] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1284.355883][T30256] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:26 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x4000)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:26 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000000))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = userfaultfd(0x0)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080))
read(r6, &(0x7f0000000100)=""/68, 0x22)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1})
close(r6)
fcntl$getownex(r6, 0x10, &(0x7f0000000180)={0x0, <r7=>0x0})
fcntl$lock(r2, 0x5, &(0x7f00000001c0)={0x0, 0xb31ddfdd12941272, 0x0, 0x3, r7})
r8 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x20, 0x800)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={r5, r8, 0x81d78bc6ff3d9f76, 0x3}, 0x10)

01:39:26 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf303000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:26 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
removexattr(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)=@known='trusted.overlay.nlink\x00')
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0)
write$selinux_attr(r0, &(0x7f0000000180)='unconfined\x00', 0xb)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

01:39:26 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xffffffff00000000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:26 executing program 3 (fault-call:4 fault-nth:4):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1284.621598][T30490] FAULT_INJECTION: forcing a failure.
[ 1284.621598][T30490] name failslab, interval 1, probability 0, space 0, times 0
[ 1284.654517][T30490] CPU: 0 PID: 30490 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1284.662081][T30490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1284.672131][T30490] Call Trace:
[ 1284.675431][T30490]  dump_stack+0x172/0x1f0
[ 1284.679763][T30490]  should_fail.cold+0xa/0x15
[ 1284.684354][T30490]  ? fault_create_debugfs_attr+0x180/0x180
[ 1284.690155][T30490]  ? ___might_sleep+0x163/0x2c0
[ 1284.695013][T30490]  __should_failslab+0x121/0x190
[ 1284.699955][T30490]  should_failslab+0x9/0x14
[ 1284.704474][T30490]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1284.704992][T30492] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1284.709845][T30490]  tcf_chain_create+0x9e/0x3b0
[ 1284.719800][T30490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1284.726032][T30490]  ? tcf_chain_lookup+0x11a/0x190
[ 1284.731064][T30490]  __tcf_chain_get+0x148/0x1a0
[ 1284.735820][T30490]  tc_new_tfilter+0x6a5/0x1c70
[ 1284.740585][T30490]  ? tc_del_tfilter+0x1530/0x1530
[ 1284.745644][T30490]  ? __kasan_check_read+0x11/0x20
[ 1284.750660][T30490]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1284.756039][T30490]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1284.761147][T30490]  ? find_held_lock+0x35/0x130
[ 1284.765906][T30490]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1284.771039][T30490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1284.777279][T30490]  ? tc_del_tfilter+0x1530/0x1530
[ 1284.782303][T30490]  ? __kasan_check_read+0x11/0x20
[ 1284.787321][T30490]  ? tc_del_tfilter+0x1530/0x1530
[ 1284.792335][T30490]  rtnetlink_rcv_msg+0x838/0xb00
[ 1284.797268][T30490]  ? rtnetlink_put_metrics+0x580/0x580
[ 1284.802722][T30490]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1284.808003][T30490]  ? find_held_lock+0x35/0x130
[ 1284.812768][T30490]  netlink_rcv_skb+0x177/0x450
[ 1284.817523][T30490]  ? rtnetlink_put_metrics+0x580/0x580
01:39:26 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r0, r1)
getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000180)=<r2=>0x0)
r3 = add_key$user(&(0x7f0000000880)='user\x00', &(0x7f0000000300)={'\x00', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000840)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r5=>0x0)
keyctl$chown(0x4, r3, r4, r5)
getgroups(0x4, &(0x7f00000001c0)=[<r6=>0x0, r5, 0x0, 0xffffffffffffffff])
r7 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe)
lstat(&(0x7f0000000900)='./file0\x00', &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=<r9=>0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r12 = dup2(r10, r11)
ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200)
r13 = openat$cgroup_ro(r12, &(0x7f0000000340)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r14=>0xffffffffffffffff})
r15 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r14, r15)
getsockopt$inet_sctp6_SCTP_CONTEXT(r15, 0x84, 0x11, &(0x7f00000003c0)={<r16=>0x0, 0x1}, &(0x7f0000000580)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r13, 0x84, 0x9, &(0x7f0000000700)={r16, @in6={{0xa, 0x4e20, 0x6, @loopback, 0x10000}}, 0x8000, 0x3ff, 0x8, 0x3, 0x20}, &(0x7f00000007c0)=0x98)
keyctl$chown(0x4, r7, r8, r9)
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000440)=ANY=[@ANYBLOB="02000000010004000000000002000400", @ANYRES32=r2, @ANYBLOB="0400010800000000ff000000afbd47de1c152b31dca044209535d211bd19d226651f128cbb5d5bc1726f0c5eaa605705fafb", @ANYRES32=r6, @ANYBLOB="08000400", @ANYRES32=r9, @ANYBLOB="10000400000000002000000000000000"], 0x3c, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r17 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r18 = dup(r17)
r19 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r19, 0xee72)
sendfile(r18, r19, 0x0, 0x8000fffffffe)
r20 = dup(r17)
r21 = socket(0x10, 0x0, 0x0)
r22 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
nanosleep(&(0x7f0000000240)={0x0, 0x1c9c380}, &(0x7f0000000280))
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r22, 0x84, 0x1d, &(0x7f0000000800)=ANY=[@ANYBLOB="01000001d99a3cbf2f55a16ec16528cc7f232b400100ec7d58bfdd8d36140b79c05f06fe08423fdc3fc34788", @ANYRES32=<r23=>0x0], &(0x7f000095dffc)=0x8)
r24 = socket(0x10, 0x0, 0x0)
r25 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r25, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r26=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r25, 0x84, 0x70, &(0x7f0000000080)={r26, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000600)=0x90)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r24, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r26, 0x80, 0x6}, 0xc)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r22, 0x84, 0x70, &(0x7f0000000080)={r26, @in6={{0xa, 0x4e22, 0x1000, @mcast2, 0x10001}}}, &(0x7f0000000600)=0x90)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r21, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r23, 0x80, 0x6}, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r27=>0xffffffffffffffff})
r28 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r29 = dup2(r27, r28)
ioctl$PERF_EVENT_IOC_ENABLE(r29, 0x8912, 0x400200)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r30=>0xffffffffffffffff})
r31 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r32 = dup2(r30, r31)
ioctl$PERF_EVENT_IOC_ENABLE(r32, 0x8912, 0x400200)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r20, 0x84, 0x77, &(0x7f0000000a00)=ANY=[@ANYPTR=&(0x7f00000009c0)=ANY=[@ANYRES32=0x0, @ANYPTR=&(0x7f00000008c0)=ANY=[@ANYRES64=0x0, @ANYRESDEC=0x0], @ANYPTR64, @ANYRES64=r32, @ANYRES64], @ANYRES64=0x0], 0x2)

[ 1284.822981][T30490]  ? netlink_ack+0xb30/0xb30
[ 1284.827572][T30490]  ? __kasan_check_read+0x11/0x20
[ 1284.832591][T30490]  ? netlink_deliver_tap+0x254/0xbf0
[ 1284.837871][T30490]  rtnetlink_rcv+0x1d/0x30
[ 1284.842313][T30490]  netlink_unicast+0x531/0x710
[ 1284.847068][T30490]  ? netlink_attachskb+0x7c0/0x7c0
[ 1284.852161][T30490]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1284.857522][T30490]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1284.863225][T30490]  ? __check_object_size+0x3d/0x437
[ 1284.868417][T30490]  netlink_sendmsg+0x8a5/0xd60
[ 1284.873178][T30490]  ? netlink_unicast+0x710/0x710
[ 1284.878106][T30490]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1284.883641][T30490]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1284.889089][T30490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1284.895332][T30490]  ? security_socket_sendmsg+0x8d/0xc0
[ 1284.900782][T30490]  ? netlink_unicast+0x710/0x710
[ 1284.905714][T30490]  sock_sendmsg+0xd7/0x130
[ 1284.910120][T30490]  ___sys_sendmsg+0x3e2/0x920
[ 1284.914791][T30490]  ? copy_msghdr_from_user+0x440/0x440
[ 1284.920242][T30490]  ? lock_downgrade+0x920/0x920
[ 1284.925080][T30490]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1284.931324][T30490]  ? __kasan_check_read+0x11/0x20
[ 1284.936362][T30490]  ? __fget+0x384/0x560
[ 1284.940523][T30490]  ? ksys_dup3+0x3e0/0x3e0
[ 1284.944943][T30490]  ? find_held_lock+0x35/0x130
[ 1284.949698][T30490]  ? get_pid_task+0xc9/0x190
[ 1284.954283][T30490]  ? __fget_light+0x1a9/0x230
[ 1284.958954][T30490]  ? __fdget+0x1b/0x20
[ 1284.963020][T30490]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1284.969255][T30490]  ? sockfd_lookup_light+0xcb/0x180
[ 1284.974450][T30490]  __sys_sendmmsg+0x1bf/0x4d0
[ 1284.979132][T30490]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1284.984204][T30490]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1284.990438][T30490]  ? fput_many+0x12c/0x1a0
[ 1284.994860][T30490]  ? fput+0x1b/0x20
[ 1284.998667][T30490]  ? ksys_write+0x1cf/0x290
[ 1285.003176][T30490]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1285.008637][T30490]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1285.014092][T30490]  ? do_syscall_64+0x26/0x760
01:39:27 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x2000000000000, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0xffffffffffff8000, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r0, 0xee72)
sendfile(0xffffffffffffffff, r0, 0x0, 0x8000fffffffe)

[ 1285.018770][T30490]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1285.024836][T30490]  ? do_syscall_64+0x26/0x760
[ 1285.029520][T30490]  __x64_sys_sendmmsg+0x9d/0x100
[ 1285.034462][T30490]  do_syscall_64+0xfa/0x760
[ 1285.038962][T30490]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1285.044843][T30490] RIP: 0033:0x459a09
[ 1285.048733][T30490] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1285.068333][T30490] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1285.076753][T30490] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1285.084738][T30490] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1285.092703][T30490] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1285.100667][T30490] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1285.108635][T30490] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
[ 1285.137482][T30492] CPU: 1 PID: 30492 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1285.145133][T30492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1285.155175][T30492] Call Trace:
[ 1285.158537][T30492]  dump_stack+0x172/0x1f0
[ 1285.162873][T30492]  handle_userfault.cold+0x41/0x5d
[ 1285.167985][T30492]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1285.174235][T30492]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1285.179552][T30492]  ? find_get_entry+0x535/0x880
[ 1285.184408][T30492]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1285.190129][T30492]  ? ___might_sleep+0x163/0x2c0
[ 1285.195006][T30492]  ? __kasan_check_read+0x11/0x20
[ 1285.200037][T30492]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1285.206289][T30492]  ? find_lock_entry+0x1a7/0x560
[ 1285.211227][T30492]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1285.217376][T30492]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1285.222845][T30492]  ? shmem_unuse_inode+0x1010/0x1010
[ 1285.228132][T30492]  ? lock_downgrade+0x920/0x920
[ 1285.232989][T30492]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1285.239227][T30492]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1285.245469][T30492]  shmem_fault+0x22a/0x7b0
[ 1285.249882][T30492]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1285.255863][T30492]  ? find_get_entry+0x880/0x880
[ 1285.260714][T30492]  ? pmd_val+0x85/0x100
[ 1285.264875][T30492]  __do_fault+0x111/0x540
[ 1285.269204][T30492]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1285.275449][T30492]  __handle_mm_fault+0x2dca/0x4040
[ 1285.280565][T30492]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1285.286109][T30492]  ? handle_mm_fault+0x292/0xa80
[ 1285.291047][T30492]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1285.291067][T30492]  ? __kasan_check_read+0x11/0x20
[ 1285.302303][T30492]  handle_mm_fault+0x3b7/0xa80
[ 1285.307071][T30492]  __do_page_fault+0x536/0xdd0
[ 1285.311851][T30492]  do_page_fault+0x38/0x590
[ 1285.316350][T30492]  page_fault+0x39/0x40
[ 1285.320491][T30492] RIP: 0033:0x4533a0
[ 1285.320505][T30492] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1285.320513][T30492] RSP: 002b:00007fbdc8f767a8 EFLAGS: 00010202
[ 1285.320524][T30492] RAX: 00007fbdc8f76850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1285.320531][T30492] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f76850
[ 1285.320544][T30492] RBP: 000000000075bf20 R08: 00000000000003ff R09: 0000000000000000
[ 1285.344011][T30492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f776d4
01:39:27 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf401000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:27 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ftruncate(r2, 0x3)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x7f, 0x903000)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000040))
ftruncate(r3, 0xee72)
sendfile(r1, r3, 0x0, 0x8000fffffffe)

01:39:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0xfffffffffffff000, 0x0, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1285.344020][T30492] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:27 executing program 3 (fault-call:4 fault-nth:5):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1285.536864][T31007] FAULT_INJECTION: forcing a failure.
[ 1285.536864][T31007] name failslab, interval 1, probability 0, space 0, times 0
[ 1285.558677][T31007] CPU: 1 PID: 31007 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1285.566225][T31007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1285.576266][T31007] Call Trace:
[ 1285.579567][T31007]  dump_stack+0x172/0x1f0
[ 1285.583910][T31007]  should_fail.cold+0xa/0x15
[ 1285.588521][T31007]  ? fault_create_debugfs_attr+0x180/0x180
[ 1285.594340][T31007]  ? ___might_sleep+0x163/0x2c0
[ 1285.599199][T31007]  __should_failslab+0x121/0x190
[ 1285.604134][T31007]  should_failslab+0x9/0x14
[ 1285.604146][T31007]  kmem_cache_alloc_node+0x268/0x740
[ 1285.604164][T31007]  ? lock_downgrade+0x920/0x920
[ 1285.613922][T31007]  __alloc_skb+0xd5/0x5e0
[ 1285.613941][T31007]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 1285.613955][T31007]  ? __kasan_check_write+0x14/0x20
[ 1285.613971][T31007]  ? __mutex_unlock_slowpath+0xf8/0x6b0
[ 1285.613994][T31007]  tc_chain_notify+0xdb/0x300
[ 1285.644416][T31007]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1285.650834][T31007]  ? tcf_chain_create+0x2a6/0x3b0
[ 1285.655840][T31007]  __tcf_chain_get+0x185/0x1a0
[ 1285.660580][T31007]  tc_new_tfilter+0x6a5/0x1c70
[ 1285.665322][T31007]  ? tc_del_tfilter+0x1530/0x1530
[ 1285.670320][T31007]  ? __kasan_check_read+0x11/0x20
[ 1285.675340][T31007]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1285.680688][T31007]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1285.685772][T31007]  ? find_held_lock+0x35/0x130
[ 1285.690545][T31007]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1285.695639][T31007]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1285.701855][T31007]  ? tc_del_tfilter+0x1530/0x1530
[ 1285.706852][T31007]  ? __kasan_check_read+0x11/0x20
[ 1285.711849][T31007]  ? tc_del_tfilter+0x1530/0x1530
[ 1285.716847][T31007]  rtnetlink_rcv_msg+0x838/0xb00
[ 1285.721759][T31007]  ? rtnetlink_put_metrics+0x580/0x580
[ 1285.727212][T31007]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1285.732474][T31007]  ? find_held_lock+0x35/0x130
[ 1285.737257][T31007]  netlink_rcv_skb+0x177/0x450
[ 1285.741995][T31007]  ? rtnetlink_put_metrics+0x580/0x580
[ 1285.747442][T31007]  ? netlink_ack+0xb30/0xb30
[ 1285.752003][T31007]  ? __kasan_check_read+0x11/0x20
[ 1285.757003][T31007]  ? netlink_deliver_tap+0x254/0xbf0
[ 1285.762282][T31007]  rtnetlink_rcv+0x1d/0x30
[ 1285.766692][T31007]  netlink_unicast+0x531/0x710
[ 1285.771438][T31007]  ? netlink_attachskb+0x7c0/0x7c0
[ 1285.776522][T31007]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1285.781867][T31007]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1285.787557][T31007]  ? __check_object_size+0x3d/0x437
[ 1285.792731][T31007]  netlink_sendmsg+0x8a5/0xd60
[ 1285.797489][T31007]  ? netlink_unicast+0x710/0x710
[ 1285.802407][T31007]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1285.807962][T31007]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1285.813411][T31007]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1285.819630][T31007]  ? security_socket_sendmsg+0x8d/0xc0
[ 1285.825068][T31007]  ? netlink_unicast+0x710/0x710
[ 1285.829982][T31007]  sock_sendmsg+0xd7/0x130
[ 1285.834376][T31007]  ___sys_sendmsg+0x3e2/0x920
[ 1285.839081][T31007]  ? copy_msghdr_from_user+0x440/0x440
[ 1285.844556][T31007]  ? lock_downgrade+0x920/0x920
[ 1285.849396][T31007]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1285.855610][T31007]  ? __kasan_check_read+0x11/0x20
[ 1285.860613][T31007]  ? __fget+0x384/0x560
[ 1285.864750][T31007]  ? ksys_dup3+0x3e0/0x3e0
[ 1285.869140][T31007]  ? find_held_lock+0x35/0x130
[ 1285.873887][T31007]  ? get_pid_task+0xc9/0x190
[ 1285.878462][T31007]  ? __fget_light+0x1a9/0x230
[ 1285.883115][T31007]  ? __fdget+0x1b/0x20
[ 1285.887205][T31007]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1285.893473][T31007]  ? sockfd_lookup_light+0xcb/0x180
[ 1285.898650][T31007]  __sys_sendmmsg+0x1bf/0x4d0
[ 1285.903304][T31007]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1285.908312][T31007]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1285.914526][T31007]  ? fput_many+0x12c/0x1a0
[ 1285.918930][T31007]  ? fput+0x1b/0x20
[ 1285.922714][T31007]  ? ksys_write+0x1cf/0x290
[ 1285.927202][T31007]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1285.932644][T31007]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1285.938077][T31007]  ? do_syscall_64+0x26/0x760
[ 1285.942784][T31007]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1285.948827][T31007]  ? do_syscall_64+0x26/0x760
[ 1285.953480][T31007]  __x64_sys_sendmmsg+0x9d/0x100
[ 1285.958394][T31007]  do_syscall_64+0xfa/0x760
[ 1285.962874][T31007]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1285.968744][T31007] RIP: 0033:0x459a09
[ 1285.972611][T31007] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1285.992188][T31007] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1286.000569][T31007] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1286.008522][T31007] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1286.016478][T31007] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1286.024436][T31007] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1286.032380][T31007] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
01:39:28 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x4800)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:28 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c2, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x2000000000000000, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, @perf_config_ext={0x5e50, 0x7}, 0x4000, 0x2, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="13d47f95f45da38dca2e3450ed32d8b5", 0x10)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x100)
ftruncate(r2, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm-monitor\x00', 0x400101, 0x0)
ioctl$EVIOCGABS2F(r6, 0x8018456f, &(0x7f00000002c0)=""/13)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$DRM_IOCTL_AGP_INFO(r5, 0x80386433, &(0x7f0000000040)=""/56)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
r7 = semget$private(0x0, 0x1, 0x400)
semctl$IPC_INFO(r7, 0x1, 0x3, &(0x7f0000000180)=""/203)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r10 = dup2(r8, r9)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200)
accept$packet(r10, 0x0, &(0x7f0000000080))

01:39:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x0, 0x2, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:28 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000040), &(0x7f0000000080)=[0x0, 0x0], &(0x7f0000000180)=[0x0], 0x4, 0x0, 0x2, 0x1})
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:39:28 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf403000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:28 executing program 3 (fault-call:4 fault-nth:6):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1286.247231][T31047] FAULT_INJECTION: forcing a failure.
[ 1286.247231][T31047] name failslab, interval 1, probability 0, space 0, times 0
[ 1286.267692][T31047] CPU: 1 PID: 31047 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1286.275247][T31047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1286.285308][T31047] Call Trace:
[ 1286.288597][T31047]  dump_stack+0x172/0x1f0
[ 1286.292951][T31047]  should_fail.cold+0xa/0x15
[ 1286.297570][T31047]  ? fault_create_debugfs_attr+0x180/0x180
[ 1286.303382][T31047]  ? ___might_sleep+0x163/0x2c0
[ 1286.308236][T31047]  __should_failslab+0x121/0x190
[ 1286.313172][T31047]  should_failslab+0x9/0x14
[ 1286.317680][T31047]  kmem_cache_alloc_node_trace+0x274/0x750
[ 1286.323485][T31047]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 1286.323498][T31047]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1286.323515][T31047]  __kmalloc_node_track_caller+0x3d/0x70
[ 1286.340877][T31047]  __kmalloc_reserve.isra.0+0x40/0xf0
01:39:28 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x0, 0x3, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1286.346258][T31047]  __alloc_skb+0x10b/0x5e0
[ 1286.350673][T31047]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 1286.356211][T31047]  ? __kasan_check_write+0x14/0x20
[ 1286.361317][T31047]  ? __mutex_unlock_slowpath+0xf8/0x6b0
[ 1286.366875][T31047]  tc_chain_notify+0xdb/0x300
[ 1286.371546][T31047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1286.377783][T31047]  ? tcf_chain_create+0x2a6/0x3b0
[ 1286.382817][T31047]  __tcf_chain_get+0x185/0x1a0
[ 1286.387571][T31047]  tc_new_tfilter+0x6a5/0x1c70
[ 1286.392326][T31047]  ? tc_del_tfilter+0x1530/0x1530
[ 1286.397371][T31047]  ? __kasan_check_read+0x11/0x20
[ 1286.402383][T31047]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1286.407729][T31047]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1286.412825][T31047]  ? find_held_lock+0x35/0x130
[ 1286.417568][T31047]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1286.422661][T31047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1286.428886][T31047]  ? tc_del_tfilter+0x1530/0x1530
[ 1286.433922][T31047]  ? __kasan_check_read+0x11/0x20
[ 1286.438945][T31047]  ? tc_del_tfilter+0x1530/0x1530
[ 1286.443973][T31047]  rtnetlink_rcv_msg+0x838/0xb00
[ 1286.448931][T31047]  ? rtnetlink_put_metrics+0x580/0x580
[ 1286.454383][T31047]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1286.459658][T31047]  ? find_held_lock+0x35/0x130
[ 1286.464454][T31047]  netlink_rcv_skb+0x177/0x450
[ 1286.469201][T31047]  ? rtnetlink_put_metrics+0x580/0x580
[ 1286.474673][T31047]  ? netlink_ack+0xb30/0xb30
[ 1286.479260][T31047]  ? __kasan_check_read+0x11/0x20
[ 1286.484275][T31047]  ? netlink_deliver_tap+0x254/0xbf0
[ 1286.489536][T31047]  rtnetlink_rcv+0x1d/0x30
[ 1286.493941][T31047]  netlink_unicast+0x531/0x710
[ 1286.498684][T31047]  ? netlink_attachskb+0x7c0/0x7c0
[ 1286.503772][T31047]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1286.509124][T31047]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1286.514841][T31047]  ? __check_object_size+0x3d/0x437
[ 1286.520028][T31047]  netlink_sendmsg+0x8a5/0xd60
[ 1286.524784][T31047]  ? netlink_unicast+0x710/0x710
[ 1286.529708][T31047]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1286.535229][T31047]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1286.540673][T31047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1286.546909][T31047]  ? security_socket_sendmsg+0x8d/0xc0
[ 1286.552355][T31047]  ? netlink_unicast+0x710/0x710
[ 1286.557280][T31047]  sock_sendmsg+0xd7/0x130
[ 1286.561674][T31047]  ___sys_sendmsg+0x3e2/0x920
[ 1286.566327][T31047]  ? copy_msghdr_from_user+0x440/0x440
[ 1286.571758][T31047]  ? lock_downgrade+0x920/0x920
[ 1286.576591][T31047]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1286.582808][T31047]  ? __kasan_check_read+0x11/0x20
[ 1286.587804][T31047]  ? __fget+0x384/0x560
[ 1286.591946][T31047]  ? ksys_dup3+0x3e0/0x3e0
[ 1286.596335][T31047]  ? find_held_lock+0x35/0x130
[ 1286.601073][T31047]  ? get_pid_task+0xc9/0x190
[ 1286.605637][T31047]  ? __fget_light+0x1a9/0x230
[ 1286.610284][T31047]  ? __fdget+0x1b/0x20
[ 1286.614325][T31047]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1286.620540][T31047]  ? sockfd_lookup_light+0xcb/0x180
[ 1286.625715][T31047]  __sys_sendmmsg+0x1bf/0x4d0
[ 1286.630386][T31047]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1286.635406][T31047]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1286.641629][T31047]  ? fput_many+0x12c/0x1a0
[ 1286.646041][T31047]  ? fput+0x1b/0x20
[ 1286.649831][T31047]  ? ksys_write+0x1cf/0x290
[ 1286.654310][T31047]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1286.659745][T31047]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1286.665180][T31047]  ? do_syscall_64+0x26/0x760
[ 1286.669948][T31047]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1286.675986][T31047]  ? do_syscall_64+0x26/0x760
[ 1286.680651][T31047]  __x64_sys_sendmmsg+0x9d/0x100
[ 1286.685579][T31047]  do_syscall_64+0xfa/0x760
[ 1286.690057][T31047]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1286.695920][T31047] RIP: 0033:0x459a09
[ 1286.699788][T31047] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1286.719385][T31047] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1286.727782][T31047] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1286.735724][T31047] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
01:39:28 executing program 3 (fault-call:4 fault-nth:7):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1286.743683][T31047] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1286.751637][T31047] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1286.759592][T31047] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
[ 1286.814677][T31242] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1286.819932][T31242] CPU: 1 PID: 31242 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1286.827471][T31242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1286.837523][T31242] Call Trace:
[ 1286.840814][T31242]  dump_stack+0x172/0x1f0
[ 1286.845151][T31242]  handle_userfault.cold+0x41/0x5d
[ 1286.850259][T31242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1286.856510][T31242]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1286.861796][T31242]  ? find_get_entry+0x535/0x880
[ 1286.866647][T31242]  ? __kasan_check_read+0x11/0x20
[ 1286.871666][T31242]  ? mark_lock+0xc2/0x1220
[ 1286.876242][T31242]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1286.881961][T31242]  ? __kasan_check_read+0x11/0x20
[ 1286.886970][T31242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1286.886988][T31242]  ? find_lock_entry+0x1a7/0x560
[ 1286.886999][T31242]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1286.887017][T31242]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1286.887040][T31242]  ? shmem_unuse_inode+0x1010/0x1010
[ 1286.914690][T31242]  ? lock_downgrade+0x920/0x920
[ 1286.919541][T31242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1286.925819][T31242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1286.925839][T31242]  shmem_fault+0x22a/0x7b0
[ 1286.925859][T31242]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1286.936491][T31242]  ? find_get_entry+0x880/0x880
[ 1286.936507][T31242]  ? pmd_val+0x85/0x100
[ 1286.936522][T31242]  __do_fault+0x111/0x540
[ 1286.936535][T31242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1286.936551][T31242]  __handle_mm_fault+0x2dca/0x4040
[ 1286.967125][T31242]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1286.972688][T31242]  ? handle_mm_fault+0x292/0xa80
[ 1286.977626][T31242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1286.977644][T31242]  ? __kasan_check_read+0x11/0x20
[ 1286.977662][T31242]  handle_mm_fault+0x3b7/0xa80
[ 1286.977683][T31242]  __do_page_fault+0x536/0xdd0
[ 1286.977706][T31242]  do_page_fault+0x38/0x590
[ 1287.002910][T31242]  page_fault+0x39/0x40
[ 1287.005750][T31346] FAULT_INJECTION: forcing a failure.
[ 1287.005750][T31346] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1287.007091][T31242] RIP: 0033:0x4533a0
[ 1287.024132][T31242] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1287.043733][T31242] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1287.049781][T31242] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1287.057733][T31242] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1287.065703][T31242] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1287.073657][T31242] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1287.081624][T31242] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1287.089599][T31346] CPU: 0 PID: 31346 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1287.097132][T31346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1287.107179][T31346] Call Trace:
[ 1287.110468][T31346]  dump_stack+0x172/0x1f0
[ 1287.114795][T31346]  should_fail.cold+0xa/0x15
[ 1287.119386][T31346]  ? __kasan_check_read+0x11/0x20
[ 1287.124424][T31346]  ? fault_create_debugfs_attr+0x180/0x180
[ 1287.130232][T31346]  ? __kasan_check_read+0x11/0x20
[ 1287.135259][T31346]  ? __lock_acquire+0x1703/0x4e70
[ 1287.140289][T31346]  should_fail_alloc_page+0x50/0x60
[ 1287.145503][T31346]  __alloc_pages_nodemask+0x1a1/0x8f0
[ 1287.150871][T31346]  ? fs_reclaim_acquire.part.0+0x30/0x30
[ 1287.156524][T31346]  ? __alloc_pages_slowpath+0x28d0/0x28d0
01:39:29 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xf803000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:29 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$SG_GET_SG_TABLESIZE(r5, 0x227f, &(0x7f0000000000))

01:39:29 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x0, 0x4, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1287.162241][T31346]  ? fs_reclaim_acquire.part.0+0x30/0x30
[ 1287.167874][T31346]  ? fault_create_debugfs_attr+0x180/0x180
[ 1287.173681][T31346]  cache_grow_begin+0x90/0xd20
[ 1287.178441][T31346]  ? __kmalloc_node_track_caller+0x3d/0x70
[ 1287.184250][T31346]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1287.190477][T31346]  kmem_cache_alloc_node_trace+0x689/0x750
[ 1287.196286][T31346]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 1287.202291][T31346]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 1287.208106][T31346]  __kmalloc_node_track_caller+0x3d/0x70
[ 1287.213752][T31346]  __kmalloc_reserve.isra.0+0x40/0xf0
[ 1287.219126][T31346]  __alloc_skb+0x10b/0x5e0
[ 1287.223551][T31346]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 1287.229101][T31346]  ? __kasan_check_write+0x14/0x20
[ 1287.234214][T31346]  ? __mutex_unlock_slowpath+0xf8/0x6b0
[ 1287.239759][T31346]  tc_chain_notify+0xdb/0x300
[ 1287.244424][T31346]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1287.250650][T31346]  ? tcf_chain_create+0x2a6/0x3b0
[ 1287.255655][T31346]  __tcf_chain_get+0x185/0x1a0
[ 1287.260397][T31346]  tc_new_tfilter+0x6a5/0x1c70
[ 1287.265142][T31346]  ? tc_del_tfilter+0x1530/0x1530
[ 1287.270138][T31346]  ? __kasan_check_read+0x11/0x20
[ 1287.275166][T31346]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1287.279607][T31242] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1287.280524][T31346]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1287.280540][T31346]  ? find_held_lock+0x35/0x130
[ 1287.280558][T31346]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1287.300683][T31346]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1287.306914][T31346]  ? tc_del_tfilter+0x1530/0x1530
[ 1287.311928][T31346]  ? __kasan_check_read+0x11/0x20
[ 1287.316938][T31346]  ? tc_del_tfilter+0x1530/0x1530
[ 1287.321965][T31346]  rtnetlink_rcv_msg+0x838/0xb00
[ 1287.326898][T31346]  ? rtnetlink_put_metrics+0x580/0x580
[ 1287.332353][T31346]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1287.337630][T31346]  ? find_held_lock+0x35/0x130
[ 1287.342391][T31346]  netlink_rcv_skb+0x177/0x450
[ 1287.347144][T31346]  ? rtnetlink_put_metrics+0x580/0x580
[ 1287.352595][T31346]  ? netlink_ack+0xb30/0xb30
[ 1287.357174][T31346]  ? __kasan_check_read+0x11/0x20
[ 1287.362193][T31346]  ? netlink_deliver_tap+0x254/0xbf0
[ 1287.367486][T31346]  rtnetlink_rcv+0x1d/0x30
[ 1287.371890][T31346]  netlink_unicast+0x531/0x710
[ 1287.374215][    C1] net_ratelimit: 14 callbacks suppressed
[ 1287.374222][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1287.376766][T31346]  ? netlink_attachskb+0x7c0/0x7c0
[ 1287.376784][T31346]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1287.382425][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1287.388085][T31346]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1287.388101][T31346]  ? __check_object_size+0x3d/0x437
[ 1287.388122][T31346]  netlink_sendmsg+0x8a5/0xd60
[ 1287.388144][T31346]  ? netlink_unicast+0x710/0x710
[ 1287.424801][T31346]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1287.430332][T31346]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1287.435791][T31346]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1287.442018][T31346]  ? security_socket_sendmsg+0x8d/0xc0
[ 1287.447461][T31346]  ? netlink_unicast+0x710/0x710
[ 1287.452398][T31346]  sock_sendmsg+0xd7/0x130
[ 1287.456816][T31346]  ___sys_sendmsg+0x3e2/0x920
[ 1287.461483][T31346]  ? copy_msghdr_from_user+0x440/0x440
[ 1287.466942][T31346]  ? lock_downgrade+0x920/0x920
[ 1287.471804][T31346]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1287.478038][T31346]  ? __kasan_check_read+0x11/0x20
[ 1287.483053][T31346]  ? __fget+0x384/0x560
[ 1287.487219][T31346]  ? ksys_dup3+0x3e0/0x3e0
[ 1287.491669][T31346]  ? find_held_lock+0x35/0x130
[ 1287.496425][T31346]  ? get_pid_task+0xc9/0x190
[ 1287.501008][T31346]  ? __fget_light+0x1a9/0x230
[ 1287.505676][T31346]  ? __fdget+0x1b/0x20
[ 1287.509732][T31346]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1287.515962][T31346]  ? sockfd_lookup_light+0xcb/0x180
[ 1287.521145][T31346]  __sys_sendmmsg+0x1bf/0x4d0
[ 1287.525815][T31346]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1287.530951][T31346]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1287.537180][T31346]  ? fput_many+0x12c/0x1a0
[ 1287.541608][T31346]  ? fput+0x1b/0x20
[ 1287.545415][T31346]  ? ksys_write+0x1cf/0x290
[ 1287.549907][T31346]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1287.555362][T31346]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1287.560814][T31346]  ? do_syscall_64+0x26/0x760
[ 1287.565481][T31346]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1287.571539][T31346]  ? do_syscall_64+0x26/0x760
[ 1287.576213][T31346]  __x64_sys_sendmmsg+0x9d/0x100
[ 1287.581153][T31346]  do_syscall_64+0xfa/0x760
[ 1287.585647][T31346]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1287.591524][T31346] RIP: 0033:0x459a09
[ 1287.595411][T31346] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1287.615005][T31346] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1287.623410][T31346] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1287.631369][T31346] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1287.639336][T31346] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1287.647315][T31346] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1287.655272][T31346] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
[ 1287.663276][T31242] CPU: 1 PID: 31242 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1287.670826][T31242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1287.680881][T31242] Call Trace:
[ 1287.684179][T31242]  dump_stack+0x172/0x1f0
[ 1287.688520][T31242]  handle_userfault.cold+0x41/0x5d
[ 1287.693651][T31242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1287.699906][T31242]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1287.705194][T31242]  ? find_get_entry+0x535/0x880
[ 1287.710053][T31242]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1287.715822][T31242]  ? __kasan_check_read+0x11/0x20
[ 1287.720850][T31242]  ? __kasan_check_read+0x11/0x20
[ 1287.725875][T31242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1287.732141][T31242]  ? find_lock_entry+0x1a7/0x560
[ 1287.737073][T31242]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1287.743236][T31242]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1287.748360][T31242]  ? shmem_unuse_inode+0x1010/0x1010
[ 1287.753645][T31242]  ? lock_downgrade+0x920/0x920
[ 1287.758496][T31242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1287.764740][T31242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1287.770986][T31242]  shmem_fault+0x22a/0x7b0
[ 1287.775435][T31242]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1287.781414][T31242]  ? find_get_entry+0x880/0x880
[ 1287.786263][T31242]  ? pmd_val+0x85/0x100
[ 1287.790416][T31242]  __do_fault+0x111/0x540
[ 1287.794741][T31242]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1287.800999][T31242]  __handle_mm_fault+0x2dca/0x4040
[ 1287.806113][T31242]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1287.811772][T31242]  ? handle_mm_fault+0x292/0xa80
[ 1287.816731][T31242]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1287.822968][T31242]  ? __kasan_check_read+0x11/0x20
[ 1287.827989][T31242]  handle_mm_fault+0x3b7/0xa80
[ 1287.832771][T31242]  __do_page_fault+0x536/0xdd0
[ 1287.837544][T31242]  do_page_fault+0x38/0x590
[ 1287.842050][T31242]  page_fault+0x39/0x40
[ 1287.846199][T31242] RIP: 0033:0x4533a0
01:39:29 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x40000)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x74, r1, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffffffffff7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x401}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x434f}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x5}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x40a00, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001280)={'vcan0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000012c0)={'vcan0\x00', r3})
r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r5 = dup(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r8 = dup2(r6, r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
write$P9_RLOPEN(r8, &(0x7f0000000000)={0x18, 0xd, 0x1, {{0x2, 0x1, 0x8}}}, 0x18)
r9 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r9, 0xee72)
sendfile(r5, r9, 0x0, 0x8000fffffffe)

[ 1287.850088][T31242] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1287.869698][T31242] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1287.875767][T31242] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1287.883731][T31242] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1287.891698][T31242] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1287.899666][T31242] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1287.907635][T31242] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:30 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x4c00)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:30 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r2 = dup2(r0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x480, &(0x7f0000000280), &(0x7f00000002c0)=0x40)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r3 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
r6 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7fffffff, 0x88000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r9 = dup2(r7, r8)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r8, 0x84, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
fsconfig$FSCONFIG_SET_PATH(r6, 0x3, &(0x7f0000000040)='/dev/urandom\x00', &(0x7f0000000080)='./bus/file0\x00', r5)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
r12 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r13, @ANYBLOB="0000000000000000280012000c00010076657468000000e1170002de1300010028b60000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x444, 0x24, 0x507, 0x0, 0x0, {0x0, r13, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbq={{0x8, 0x1, 'cbq\x00'}, {0x418, 0x2, [@TCA_CBQ_RTAB={0x404}, @TCA_CBQ_RATE={0x10, 0x5, {0x22, 0x0, 0x0, 0x0, 0x0, 0x7f}}]}}]}, 0x444}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="340000002c00010700"/20, @ANYRES32=r13, @ANYBLOB="0000000000000000f6fff1ff0c0001007463696e64657800c08e0200"], 0x34}}, 0x0)
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000200)={@mcast2, @mcast1, @empty, 0x5c, 0x9, 0x3, 0x480, 0x40, 0x40010006, r13})
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:39:30 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x0, 0x5, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:30 executing program 3 (fault-call:4 fault-nth:8):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:30 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xff00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

[ 1288.009905][T31465] Unknown ioctl 35123
[ 1288.115870][T31475] FAULT_INJECTION: forcing a failure.
[ 1288.115870][T31475] name failslab, interval 1, probability 0, space 0, times 0
[ 1288.128992][T31475] CPU: 1 PID: 31475 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1288.136557][T31475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1288.146611][T31475] Call Trace:
[ 1288.149904][T31475]  dump_stack+0x172/0x1f0
[ 1288.154248][T31475]  should_fail.cold+0xa/0x15
[ 1288.158863][T31475]  ? fault_create_debugfs_attr+0x180/0x180
[ 1288.164683][T31475]  ? ___might_sleep+0x163/0x2c0
[ 1288.169542][T31475]  __should_failslab+0x121/0x190
[ 1288.174481][T31475]  should_failslab+0x9/0x14
[ 1288.178985][T31475]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1288.184375][T31475]  tc_new_tfilter+0xeb2/0x1c70
[ 1288.189177][T31475]  ? tc_del_tfilter+0x1530/0x1530
[ 1288.194200][T31475]  ? __kasan_check_read+0x11/0x20
[ 1288.199226][T31475]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1288.204609][T31475]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1288.209725][T31475]  ? find_held_lock+0x35/0x130
01:39:30 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x0, 0x6, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1288.214512][T31475]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1288.219641][T31475]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1288.225890][T31475]  ? tc_del_tfilter+0x1530/0x1530
[ 1288.230911][T31475]  ? __kasan_check_read+0x11/0x20
[ 1288.235951][T31475]  ? tc_del_tfilter+0x1530/0x1530
[ 1288.240978][T31475]  rtnetlink_rcv_msg+0x838/0xb00
[ 1288.240997][T31475]  ? rtnetlink_put_metrics+0x580/0x580
[ 1288.241015][T31475]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1288.241046][T31475]  ? find_held_lock+0x35/0x130
[ 1288.256688][T31475]  netlink_rcv_skb+0x177/0x450
[ 1288.256702][T31475]  ? rtnetlink_put_metrics+0x580/0x580
[ 1288.256717][T31475]  ? netlink_ack+0xb30/0xb30
[ 1288.256730][T31475]  ? __kasan_check_read+0x11/0x20
[ 1288.256746][T31475]  ? netlink_deliver_tap+0x254/0xbf0
[ 1288.256764][T31475]  rtnetlink_rcv+0x1d/0x30
[ 1288.291026][T31475]  netlink_unicast+0x531/0x710
[ 1288.295811][T31475]  ? netlink_attachskb+0x7c0/0x7c0
[ 1288.300929][T31475]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1288.306302][T31475]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1288.312013][T31475]  ? __check_object_size+0x3d/0x437
[ 1288.317213][T31475]  netlink_sendmsg+0x8a5/0xd60
[ 1288.322007][T31475]  ? netlink_unicast+0x710/0x710
[ 1288.326947][T31475]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1288.332497][T31475]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1288.337965][T31475]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1288.344207][T31475]  ? security_socket_sendmsg+0x8d/0xc0
[ 1288.349656][T31475]  ? netlink_unicast+0x710/0x710
[ 1288.354584][T31475]  sock_sendmsg+0xd7/0x130
[ 1288.358980][T31475]  ___sys_sendmsg+0x3e2/0x920
[ 1288.363633][T31475]  ? copy_msghdr_from_user+0x440/0x440
[ 1288.369071][T31475]  ? lock_downgrade+0x920/0x920
[ 1288.373902][T31475]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1288.380125][T31475]  ? __kasan_check_read+0x11/0x20
[ 1288.385128][T31475]  ? __fget+0x384/0x560
[ 1288.389304][T31475]  ? ksys_dup3+0x3e0/0x3e0
[ 1288.393710][T31475]  ? find_held_lock+0x35/0x130
[ 1288.398457][T31475]  ? get_pid_task+0xc9/0x190
[ 1288.403070][T31475]  ? __fget_light+0x1a9/0x230
[ 1288.407728][T31475]  ? __fdget+0x1b/0x20
[ 1288.411777][T31475]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1288.418000][T31475]  ? sockfd_lookup_light+0xcb/0x180
[ 1288.423174][T31475]  __sys_sendmmsg+0x1bf/0x4d0
[ 1288.427839][T31475]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1288.432883][T31475]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1288.439112][T31475]  ? fput_many+0x12c/0x1a0
[ 1288.443507][T31475]  ? fput+0x1b/0x20
[ 1288.447289][T31475]  ? ksys_write+0x1cf/0x290
[ 1288.451814][T31475]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1288.457255][T31475]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1288.462687][T31475]  ? do_syscall_64+0x26/0x760
[ 1288.467354][T31475]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1288.473388][T31475]  ? do_syscall_64+0x26/0x760
[ 1288.478043][T31475]  __x64_sys_sendmmsg+0x9d/0x100
[ 1288.482957][T31475]  do_syscall_64+0xfa/0x760
[ 1288.487430][T31475]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1288.493319][T31475] RIP: 0033:0x459a09
[ 1288.497183][T31475] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1288.516878][T31475] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1288.525265][T31475] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1288.533210][T31475] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1288.541162][T31475] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1288.549143][T31475] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1288.557098][T31475] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
01:39:30 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0xdf9ce09f8193c9fb, 0x0)
ftruncate(r0, 0x2)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

01:39:30 executing program 3 (fault-call:4 fault-nth:9):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

01:39:30 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000040)={0xfffffffffffff001, 0x1, 0x5})
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000000)=@generic={0x0, 0x8, 0x101})
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:30 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x0, 0x8, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1288.670839][T31725] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1288.690538][T31795] FAULT_INJECTION: forcing a failure.
[ 1288.690538][T31795] name failslab, interval 1, probability 0, space 0, times 0
[ 1288.703485][T31725] CPU: 1 PID: 31725 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1288.711050][T31725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1288.721109][T31725] Call Trace:
[ 1288.721133][T31725]  dump_stack+0x172/0x1f0
[ 1288.721158][T31725]  handle_userfault.cold+0x41/0x5d
[ 1288.721184][T31725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1288.740118][T31725]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1288.745402][T31725]  ? find_get_entry+0x535/0x880
[ 1288.745424][T31725]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1288.745440][T31725]  ? ___might_sleep+0x163/0x2c0
[ 1288.745461][T31725]  ? __kasan_check_read+0x11/0x20
[ 1288.745480][T31725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1288.772070][T31725]  ? find_lock_entry+0x1a7/0x560
[ 1288.777019][T31725]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1288.783177][T31725]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1288.788299][T31725]  ? shmem_unuse_inode+0x1010/0x1010
[ 1288.793581][T31725]  ? lock_downgrade+0x920/0x920
[ 1288.798432][T31725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1288.804705][T31725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1288.810981][T31725]  shmem_fault+0x22a/0x7b0
[ 1288.815457][T31725]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1288.821445][T31725]  ? find_get_entry+0x880/0x880
[ 1288.826303][T31725]  ? pmd_val+0x85/0x100
[ 1288.830468][T31725]  __do_fault+0x111/0x540
[ 1288.834799][T31725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1288.841047][T31725]  __handle_mm_fault+0x2dca/0x4040
[ 1288.846166][T31725]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1288.851713][T31725]  ? handle_mm_fault+0x292/0xa80
[ 1288.856660][T31725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1288.862900][T31725]  ? __kasan_check_read+0x11/0x20
[ 1288.867922][T31725]  handle_mm_fault+0x3b7/0xa80
[ 1288.872680][T31725]  __do_page_fault+0x536/0xdd0
[ 1288.877441][T31725]  do_page_fault+0x38/0x590
[ 1288.881941][T31725]  page_fault+0x39/0x40
[ 1288.886087][T31725] RIP: 0033:0x4533a0
[ 1288.889975][T31725] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1288.909587][T31725] RSP: 002b:00007fbdc8f557a8 EFLAGS: 00010202
01:39:30 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
getgid()
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1288.915647][T31725] RAX: 00007fbdc8f55850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1288.923605][T31725] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f55850
[ 1288.931565][T31725] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1288.939530][T31725] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f566d4
[ 1288.947496][T31725] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1288.969313][T31795] CPU: 1 PID: 31795 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1288.976867][T31795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1288.986910][T31795] Call Trace:
[ 1288.990200][T31795]  dump_stack+0x172/0x1f0
[ 1288.994536][T31795]  should_fail.cold+0xa/0x15
[ 1288.999142][T31795]  ? fault_create_debugfs_attr+0x180/0x180
[ 1289.004955][T31795]  ? ___might_sleep+0x163/0x2c0
[ 1289.009806][T31795]  __should_failslab+0x121/0x190
[ 1289.014751][T31795]  should_failslab+0x9/0x14
[ 1289.019254][T31795]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1289.024636][T31795]  tc_new_tfilter+0xeb2/0x1c70
[ 1289.029410][T31795]  ? tc_del_tfilter+0x1530/0x1530
[ 1289.034442][T31795]  ? __kasan_check_read+0x11/0x20
[ 1289.039468][T31795]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1289.044846][T31795]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1289.049957][T31795]  ? find_held_lock+0x35/0x130
[ 1289.054730][T31795]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1289.059856][T31795]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1289.066099][T31795]  ? tc_del_tfilter+0x1530/0x1530
01:39:31 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000180)={0xb2, 0x5, 0x246})
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)
r4 = getpgid(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r7 = dup2(r5, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
getsockopt$inet_dccp_buf(r7, 0x21, 0xf, &(0x7f00000001c0)=""/193, &(0x7f00000002c0)=0xc1)
perf_event_open(&(0x7f0000000040)={0x4, 0x70, 0x66c6, 0xeb, 0x1, 0x3, 0x0, 0xdcd, 0x40, 0x4, 0x0, 0x2, 0x3ff, 0xffffffffffffcd70, 0x8, 0x0, 0x3ff, 0x10001, 0x4, 0x6, 0x223, 0x101, 0x80000001, 0x0, 0x80, 0x7087, 0x6e3, 0x3, 0x7, 0x22, 0x6, 0x100000001, 0x2, 0x6, 0x2, 0x1b6, 0x10000, 0xffffffffffffffe0, 0x0, 0x0, 0x7, @perf_config_ext={0x8, 0x1}, 0x17290, 0x8, 0x5, 0x0, 0x3, 0x300000000000, 0x9}, r4, 0xe, r3, 0x10)

[ 1289.071125][T31795]  ? __kasan_check_read+0x11/0x20
[ 1289.076147][T31795]  ? tc_del_tfilter+0x1530/0x1530
[ 1289.081171][T31795]  rtnetlink_rcv_msg+0x838/0xb00
[ 1289.086137][T31795]  ? rtnetlink_put_metrics+0x580/0x580
[ 1289.091598][T31795]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1289.096882][T31795]  ? find_held_lock+0x35/0x130
[ 1289.101658][T31795]  netlink_rcv_skb+0x177/0x450
[ 1289.106423][T31795]  ? rtnetlink_put_metrics+0x580/0x580
[ 1289.111885][T31795]  ? netlink_ack+0xb30/0xb30
[ 1289.116478][T31795]  ? __kasan_check_read+0x11/0x20
[ 1289.121516][T31795]  ? netlink_deliver_tap+0x254/0xbf0
[ 1289.126828][T31795]  rtnetlink_rcv+0x1d/0x30
[ 1289.131246][T31795]  netlink_unicast+0x531/0x710
[ 1289.136021][T31795]  ? netlink_attachskb+0x7c0/0x7c0
[ 1289.141129][T31795]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1289.146507][T31795]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1289.152220][T31795]  ? __check_object_size+0x3d/0x437
[ 1289.157420][T31795]  netlink_sendmsg+0x8a5/0xd60
[ 1289.162186][T31795]  ? netlink_unicast+0x710/0x710
[ 1289.167103][T31795]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1289.167119][T31795]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1289.167134][T31795]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1289.167149][T31795]  ? security_socket_sendmsg+0x8d/0xc0
[ 1289.167165][T31795]  ? netlink_unicast+0x710/0x710
[ 1289.194736][T31795]  sock_sendmsg+0xd7/0x130
[ 1289.199160][T31795]  ___sys_sendmsg+0x3e2/0x920
[ 1289.203834][T31795]  ? copy_msghdr_from_user+0x440/0x440
[ 1289.209398][T31795]  ? lock_downgrade+0x920/0x920
[ 1289.214255][T31795]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1289.220499][T31795]  ? __kasan_check_read+0x11/0x20
[ 1289.225539][T31795]  ? __fget+0x384/0x560
[ 1289.229698][T31795]  ? ksys_dup3+0x3e0/0x3e0
[ 1289.234116][T31795]  ? find_held_lock+0x35/0x130
[ 1289.238885][T31795]  ? get_pid_task+0xc9/0x190
[ 1289.243490][T31795]  ? __fget_light+0x1a9/0x230
[ 1289.248158][T31795]  ? __fdget+0x1b/0x20
[ 1289.252219][T31795]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1289.258455][T31795]  ? sockfd_lookup_light+0xcb/0x180
[ 1289.263651][T31795]  __sys_sendmmsg+0x1bf/0x4d0
[ 1289.268326][T31795]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1289.273348][T31795]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1289.279566][T31795]  ? fput_many+0x12c/0x1a0
[ 1289.283962][T31795]  ? fput+0x1b/0x20
[ 1289.287760][T31795]  ? ksys_write+0x1cf/0x290
[ 1289.292263][T31795]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1289.297864][T31795]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1289.303310][T31795]  ? do_syscall_64+0x26/0x760
[ 1289.307998][T31795]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1289.314048][T31795]  ? do_syscall_64+0x26/0x760
[ 1289.318722][T31795]  __x64_sys_sendmmsg+0x9d/0x100
[ 1289.323664][T31795]  do_syscall_64+0xfa/0x760
[ 1289.328173][T31795]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1289.334053][T31795] RIP: 0033:0x459a09
[ 1289.337946][T31795] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1289.357538][T31795] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1289.365925][T31795] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1289.373988][T31795] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1289.381932][T31795] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1289.389877][T31795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1289.397832][T31795] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
[ 1289.463053][T31725] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1289.492809][T31725] CPU: 1 PID: 31725 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1289.500397][T31725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1289.500405][T31725] Call Trace:
[ 1289.500426][T31725]  dump_stack+0x172/0x1f0
[ 1289.500451][T31725]  handle_userfault.cold+0x41/0x5d
[ 1289.523158][T31725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1289.529403][T31725]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1289.534690][T31725]  ? find_get_entry+0x535/0x880
[ 1289.539544][T31725]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1289.545273][T31725]  ? __kasan_check_read+0x11/0x20
[ 1289.550300][T31725]  ? __kasan_check_read+0x11/0x20
[ 1289.555317][T31725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1289.561553][T31725]  ? find_lock_entry+0x1a7/0x560
[ 1289.566495][T31725]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1289.572643][T31725]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1289.577769][T31725]  ? shmem_unuse_inode+0x1010/0x1010
[ 1289.583053][T31725]  ? lock_downgrade+0x920/0x920
[ 1289.587911][T31725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1289.594158][T31725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1289.600421][T31725]  shmem_fault+0x22a/0x7b0
[ 1289.604870][T31725]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1289.610854][T31725]  ? find_get_entry+0x880/0x880
[ 1289.615690][T31725]  ? pmd_val+0x85/0x100
[ 1289.619823][T31725]  __do_fault+0x111/0x540
[ 1289.624131][T31725]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1289.630354][T31725]  __handle_mm_fault+0x2dca/0x4040
[ 1289.635444][T31725]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1289.640965][T31725]  ? handle_mm_fault+0x292/0xa80
[ 1289.645897][T31725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1289.652114][T31725]  ? __kasan_check_read+0x11/0x20
[ 1289.657144][T31725]  handle_mm_fault+0x3b7/0xa80
[ 1289.661918][T31725]  __do_page_fault+0x536/0xdd0
[ 1289.666665][T31725]  do_page_fault+0x38/0x590
[ 1289.671146][T31725]  page_fault+0x39/0x40
[ 1289.675284][T31725] RIP: 0033:0x4533a0
[ 1289.679153][T31725] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1289.698734][T31725] RSP: 002b:00007fbdc8f557a8 EFLAGS: 00010202
[ 1289.704778][T31725] RAX: 00007fbdc8f55850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1289.712812][T31725] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f55850
[ 1289.720754][T31725] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000
[ 1289.728707][T31725] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f566d4
01:39:31 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x6000)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:31 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x100000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
sendmsg$rds(r5, &(0x7f00000017c0)={&(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x1}, 0x10, &(0x7f0000001640)=[{&(0x7f0000000180)=""/134, 0x86}, {&(0x7f0000000240)=""/108, 0x6c}, {&(0x7f00000002c0)=""/240, 0xf0}, {&(0x7f00000003c0)=""/116, 0x74}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/225, 0xe1}, {&(0x7f0000001540)=""/236, 0xec}], 0x7, &(0x7f0000001740)=[@fadd={0x58, 0x114, 0x6, {{0xff, 0x9}, &(0x7f00000016c0)=0x1, &(0x7f0000001700), 0xb7, 0x20, 0x0, 0x4, 0x2}}], 0x58, 0x60044811}, 0x20040801)
r6 = dup2(r2, r4)
ioctl$VIDIOC_S_EDID(r6, 0xc0285629, &(0x7f0000000040)={0x0, 0x92d1, 0x3f, [], &(0x7f0000000000)=0x6})
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:31 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:31 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x0, 0x9, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:31 executing program 3 (fault-call:4 fault-nth:10):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1289.736668][T31725] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
01:39:31 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r5, 0x6, 0x15, &(0x7f0000000000)=0x10001, 0x4)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1289.789338][T32120] FAULT_INJECTION: forcing a failure.
[ 1289.789338][T32120] name failslab, interval 1, probability 0, space 0, times 0
[ 1289.832094][T32120] CPU: 1 PID: 32120 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1289.839663][T32120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1289.849742][T32120] Call Trace:
[ 1289.853040][T32120]  dump_stack+0x172/0x1f0
[ 1289.857376][T32120]  should_fail.cold+0xa/0x15
[ 1289.861977][T32120]  ? fault_create_debugfs_attr+0x180/0x180
[ 1289.867787][T32120]  ? ___might_sleep+0x163/0x2c0
[ 1289.872636][T32120]  __should_failslab+0x121/0x190
[ 1289.877576][T32120]  should_failslab+0x9/0x14
[ 1289.882095][T32120]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1289.887468][T32120]  ? do_raw_read_unlock+0x3f/0x70
[ 1289.892498][T32120]  ? lockdep_init_map+0x1be/0x6d0
[ 1289.897529][T32120]  route4_init+0x40/0xa0
[ 1289.901790][T32120]  tc_new_tfilter+0x1097/0x1c70
[ 1289.906709][T32120]  ? tc_del_tfilter+0x1530/0x1530
[ 1289.911732][T32120]  ? __kasan_check_read+0x11/0x20
[ 1289.916771][T32120]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1289.922149][T32120]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1289.927271][T32120]  ? find_held_lock+0x35/0x130
01:39:31 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/devanuom\xd9\x00', 0x8000000000202085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1289.932042][T32120]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1289.937173][T32120]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1289.943424][T32120]  ? tc_del_tfilter+0x1530/0x1530
[ 1289.948445][T32120]  ? __kasan_check_read+0x11/0x20
[ 1289.953491][T32120]  ? tc_del_tfilter+0x1530/0x1530
[ 1289.958526][T32120]  rtnetlink_rcv_msg+0x838/0xb00
[ 1289.963466][T32120]  ? rtnetlink_put_metrics+0x580/0x580
[ 1289.968922][T32120]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1289.968944][T32120]  ? find_held_lock+0x35/0x130
[ 1289.978974][T32120]  netlink_rcv_skb+0x177/0x450
[ 1289.983731][T32120]  ? rtnetlink_put_metrics+0x580/0x580
[ 1289.983750][T32120]  ? netlink_ack+0xb30/0xb30
[ 1289.983765][T32120]  ? __kasan_check_read+0x11/0x20
[ 1289.983784][T32120]  ? netlink_deliver_tap+0x254/0xbf0
[ 1289.983803][T32120]  rtnetlink_rcv+0x1d/0x30
[ 1289.983819][T32120]  netlink_unicast+0x531/0x710
[ 1290.013268][T32120]  ? netlink_attachskb+0x7c0/0x7c0
[ 1290.018374][T32120]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1290.023747][T32120]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
01:39:32 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = semget(0x3, 0x4, 0xb)
semctl$SETVAL(r1, 0x0, 0x10, &(0x7f0000000000)=0x2)
semctl$GETPID(r1, 0x3, 0xb, &(0x7f0000000000)=""/52)
r2 = dup(r0)
r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

[ 1290.029465][T32120]  ? __check_object_size+0x3d/0x437
[ 1290.034685][T32120]  netlink_sendmsg+0x8a5/0xd60
[ 1290.039462][T32120]  ? netlink_unicast+0x710/0x710
[ 1290.044403][T32120]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1290.049953][T32120]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1290.055458][T32120]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1290.061707][T32120]  ? security_socket_sendmsg+0x8d/0xc0
[ 1290.067171][T32120]  ? netlink_unicast+0x710/0x710
[ 1290.072117][T32120]  sock_sendmsg+0xd7/0x130
[ 1290.076541][T32120]  ___sys_sendmsg+0x3e2/0x920
[ 1290.081244][T32120]  ? copy_msghdr_from_user+0x440/0x440
[ 1290.086712][T32120]  ? lock_downgrade+0x920/0x920
[ 1290.091652][T32120]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1290.097897][T32120]  ? __kasan_check_read+0x11/0x20
[ 1290.102930][T32120]  ? __fget+0x384/0x560
[ 1290.107109][T32120]  ? ksys_dup3+0x3e0/0x3e0
[ 1290.111528][T32120]  ? find_held_lock+0x35/0x130
[ 1290.116297][T32120]  ? get_pid_task+0xc9/0x190
[ 1290.120892][T32120]  ? __fget_light+0x1a9/0x230
[ 1290.125590][T32120]  ? __fdget+0x1b/0x20
[ 1290.129658][T32120]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1290.135913][T32120]  ? sockfd_lookup_light+0xcb/0x180
[ 1290.141115][T32120]  __sys_sendmmsg+0x1bf/0x4d0
[ 1290.145804][T32120]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1290.150852][T32120]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1290.157181][T32120]  ? fput_many+0x12c/0x1a0
[ 1290.161603][T32120]  ? fput+0x1b/0x20
[ 1290.165417][T32120]  ? ksys_write+0x1cf/0x290
[ 1290.170015][T32120]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1290.175476][T32120]  ? trace_hardirqs_on_thunk+0x1a/0x20
01:39:32 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x9, 0x80000, 0x0, 0x7d24, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x84b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0xfff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
r5 = add_key(&(0x7f0000000240)='rxrpc\x00', &(0x7f0000000280)={'syz', 0x3}, &(0x7f00000002c0)="a916fa1e467c811cf66c47461d816b516849569d67c730289c5dc56d3a2912d088", 0x21, 0xfffffffffffffff9)
keyctl$KEYCTL_PKEY_QUERY(0x18, r5, 0x0, &(0x7f0000000300)='/dev/urandom\x00', &(0x7f0000000340))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r8 = dup2(r6, r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
getsockopt$SO_TIMESTAMPING(r8, 0x1, 0xe3, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$TIOCGETD(r4, 0x5424, &(0x7f0000000000))
getsockopt$inet_pktinfo(r8, 0x0, 0x8, &(0x7f0000000180)={0x0, @broadcast, @local}, &(0x7f00000001c0)=0xc)
r9 = open(&(0x7f0000002000)='./bus\x00', 0x20000, 0x1)
ftruncate(r9, 0xee72)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r12 = dup2(r10, r11)
ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200)
setsockopt$netlink_NETLINK_TX_RING(r12, 0x10e, 0x7, &(0x7f0000000200)={0x5, 0x1, 0x800, 0x1}, 0x10)
sendfile(r1, r9, 0x0, 0x8000fffffffe)

01:39:32 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
lstat(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040))
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r5 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
setsockopt$inet_mreq(r5, 0x0, 0x7fb9b187145b00f, &(0x7f0000000180)={@dev={0xac, 0x14, 0x14, 0x1c}, @broadcast}, 0x8)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1290.180952][T32120]  ? do_syscall_64+0x26/0x760
[ 1290.185631][T32120]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1290.191711][T32120]  ? do_syscall_64+0x26/0x760
[ 1290.196385][T32120]  __x64_sys_sendmmsg+0x9d/0x100
[ 1290.201326][T32120]  do_syscall_64+0xfa/0x760
[ 1290.205833][T32120]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1290.211721][T32120] RIP: 0033:0x459a09
[ 1290.215612][T32120] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1290.235214][T32120] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1290.243623][T32120] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1290.251593][T32120] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1290.259563][T32120] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1290.267536][T32120] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1290.275507][T32120] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
01:39:32 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x0, 0xa, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

[ 1290.284479][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1290.290259][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1290.296091][    C0] protocol 88fb is buggy, dev hsr_slave_0
01:39:32 executing program 3 (fault-call:4 fault-nth:11):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1290.377570][T32344] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1290.406726][T32344] CPU: 0 PID: 32344 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1290.414296][T32344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1290.424344][T32344] Call Trace:
[ 1290.427645][T32344]  dump_stack+0x172/0x1f0
[ 1290.431999][T32344]  handle_userfault.cold+0x41/0x5d
[ 1290.437114][T32344]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1290.443372][T32344]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1290.448667][T32344]  ? find_get_entry+0x535/0x880
[ 1290.453519][T32344]  ? __kasan_check_read+0x11/0x20
[ 1290.455839][T32447] FAULT_INJECTION: forcing a failure.
[ 1290.455839][T32447] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1290.458542][T32344]  ? mark_lock+0xc2/0x1220
[ 1290.476132][T32344]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1290.481844][T32344]  ? __kasan_check_read+0x11/0x20
[ 1290.486855][T32344]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1290.493087][T32344]  ? find_lock_entry+0x1a7/0x560
[ 1290.498010][T32344]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1290.504152][T32344]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1290.509295][T32344]  ? shmem_unuse_inode+0x1010/0x1010
[ 1290.514568][T32344]  ? lock_downgrade+0x920/0x920
[ 1290.519408][T32344]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1290.525687][T32344]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1290.531933][T32344]  shmem_fault+0x22a/0x7b0
[ 1290.536344][T32344]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1290.542315][T32344]  ? find_get_entry+0x880/0x880
[ 1290.547153][T32344]  ? pmd_val+0x85/0x100
[ 1290.551295][T32344]  __do_fault+0x111/0x540
[ 1290.555625][T32344]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1290.561854][T32344]  __handle_mm_fault+0x2dca/0x4040
[ 1290.566958][T32344]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1290.572487][T32344]  ? handle_mm_fault+0x292/0xa80
[ 1290.577419][T32344]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1290.583652][T32344]  ? __kasan_check_read+0x11/0x20
[ 1290.588697][T32344]  handle_mm_fault+0x3b7/0xa80
[ 1290.593452][T32344]  __do_page_fault+0x536/0xdd0
[ 1290.598216][T32344]  do_page_fault+0x38/0x590
[ 1290.602713][T32344]  page_fault+0x39/0x40
[ 1290.606851][T32344] RIP: 0033:0x4533a0
[ 1290.610732][T32344] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1290.630318][T32344] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1290.636402][T32344] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1290.644363][T32344] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1290.652318][T32344] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1290.660275][T32344] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1290.668234][T32344] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1290.676219][T32447] CPU: 1 PID: 32447 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1290.683774][T32447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1290.693827][T32447] Call Trace:
[ 1290.697134][T32447]  dump_stack+0x172/0x1f0
[ 1290.701479][T32447]  should_fail.cold+0xa/0x15
[ 1290.706086][T32447]  ? __kasan_check_read+0x11/0x20
[ 1290.711116][T32447]  ? fault_create_debugfs_attr+0x180/0x180
[ 1290.716926][T32447]  ? __kasan_check_read+0x11/0x20
[ 1290.721955][T32447]  ? __lock_acquire+0x1703/0x4e70
[ 1290.726982][T32447]  should_fail_alloc_page+0x50/0x60
[ 1290.732173][T32447]  __alloc_pages_nodemask+0x1a1/0x8f0
[ 1290.737543][T32447]  ? fs_reclaim_acquire.part.0+0x30/0x30
[ 1290.743173][T32447]  ? __alloc_pages_slowpath+0x28d0/0x28d0
[ 1290.748891][T32447]  ? fs_reclaim_acquire.part.0+0x30/0x30
[ 1290.754530][T32447]  ? fault_create_debugfs_attr+0x180/0x180
[ 1290.760335][T32447]  cache_grow_begin+0x90/0xd20
[ 1290.765105][T32447]  ? route4_init+0x40/0xa0
[ 1290.769533][T32447]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1290.775793][T32447]  kmem_cache_alloc_trace+0x6b3/0x790
[ 1290.781168][T32447]  ? do_raw_read_unlock+0x3f/0x70
[ 1290.786193][T32447]  route4_init+0x40/0xa0
[ 1290.790421][T32447]  tc_new_tfilter+0x1097/0x1c70
[ 1290.790448][T32447]  ? tc_del_tfilter+0x1530/0x1530
[ 1290.800281][T32447]  ? __kasan_check_read+0x11/0x20
[ 1290.800299][T32447]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1290.800323][T32447]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1290.810672][T32447]  ? find_held_lock+0x35/0x130
[ 1290.810687][T32447]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1290.810712][T32447]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1290.831859][T32447]  ? tc_del_tfilter+0x1530/0x1530
[ 1290.836888][T32447]  ? __kasan_check_read+0x11/0x20
[ 1290.841915][T32447]  ? tc_del_tfilter+0x1530/0x1530
[ 1290.846941][T32447]  rtnetlink_rcv_msg+0x838/0xb00
[ 1290.851869][T32447]  ? rtnetlink_put_metrics+0x580/0x580
[ 1290.857305][T32447]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1290.862570][T32447]  ? find_held_lock+0x35/0x130
[ 1290.867310][T32447]  netlink_rcv_skb+0x177/0x450
[ 1290.872048][T32447]  ? rtnetlink_put_metrics+0x580/0x580
[ 1290.877483][T32447]  ? netlink_ack+0xb30/0xb30
[ 1290.882046][T32447]  ? __kasan_check_read+0x11/0x20
[ 1290.887098][T32447]  ? netlink_deliver_tap+0x254/0xbf0
[ 1290.892368][T32447]  rtnetlink_rcv+0x1d/0x30
[ 1290.896763][T32447]  netlink_unicast+0x531/0x710
[ 1290.901504][T32447]  ? netlink_attachskb+0x7c0/0x7c0
[ 1290.906598][T32447]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1290.911945][T32447]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1290.917647][T32447]  ? __check_object_size+0x3d/0x437
[ 1290.922823][T32447]  netlink_sendmsg+0x8a5/0xd60
[ 1290.927566][T32447]  ? netlink_unicast+0x710/0x710
[ 1290.932507][T32447]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1290.938029][T32447]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1290.943467][T32447]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1290.949719][T32447]  ? security_socket_sendmsg+0x8d/0xc0
[ 1290.955245][T32447]  ? netlink_unicast+0x710/0x710
[ 1290.960170][T32447]  sock_sendmsg+0xd7/0x130
[ 1290.964586][T32447]  ___sys_sendmsg+0x3e2/0x920
[ 1290.969260][T32447]  ? copy_msghdr_from_user+0x440/0x440
[ 1290.974697][T32447]  ? lock_downgrade+0x920/0x920
[ 1290.979527][T32447]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1290.985770][T32447]  ? __kasan_check_read+0x11/0x20
[ 1290.990774][T32447]  ? __fget+0x384/0x560
[ 1290.994922][T32447]  ? ksys_dup3+0x3e0/0x3e0
[ 1290.999318][T32447]  ? find_held_lock+0x35/0x130
[ 1291.004079][T32447]  ? get_pid_task+0xc9/0x190
[ 1291.008648][T32447]  ? __fget_light+0x1a9/0x230
[ 1291.013328][T32447]  ? __fdget+0x1b/0x20
[ 1291.017372][T32447]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1291.023585][T32447]  ? sockfd_lookup_light+0xcb/0x180
[ 1291.028758][T32447]  __sys_sendmmsg+0x1bf/0x4d0
[ 1291.033415][T32447]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1291.038433][T32447]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1291.044650][T32447]  ? fput_many+0x12c/0x1a0
[ 1291.049062][T32447]  ? fput+0x1b/0x20
[ 1291.052844][T32447]  ? ksys_write+0x1cf/0x290
[ 1291.057345][T32447]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1291.062780][T32447]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1291.068217][T32447]  ? do_syscall_64+0x26/0x760
[ 1291.072912][T32447]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1291.079064][T32447]  ? do_syscall_64+0x26/0x760
[ 1291.083754][T32447]  __x64_sys_sendmmsg+0x9d/0x100
[ 1291.088681][T32447]  do_syscall_64+0xfa/0x760
[ 1291.093162][T32447]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1291.099030][T32447] RIP: 0033:0x459a09
[ 1291.102909][T32447] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1291.122493][T32447] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1291.130877][T32447] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1291.138840][T32447] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1291.146789][T32447] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1291.154735][T32447] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1291.162685][T32447] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
01:39:33 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x6800)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:33 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r0, r1)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000040)=0x4)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r3 = dup(r2)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
dup2(r5, r6)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r6, 0x84, 0x21, &(0x7f0000000080), &(0x7f0000000180)=0x4)
ftruncate(r4, 0xee72)
sendfile(r3, r4, 0x0, 0x8000fffffffe)

01:39:33 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x0, 0xb, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:33 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:33 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:33 executing program 3 (fault-call:4 fault-nth:12):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1291.333789][T32563] FAULT_INJECTION: forcing a failure.
[ 1291.333789][T32563] name failslab, interval 1, probability 0, space 0, times 0
[ 1291.360471][T32563] CPU: 1 PID: 32563 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1291.368027][T32563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1291.378075][T32563] Call Trace:
[ 1291.381388][T32563]  dump_stack+0x172/0x1f0
[ 1291.385745][T32563]  should_fail.cold+0xa/0x15
[ 1291.390342][T32563]  ? fault_create_debugfs_attr+0x180/0x180
[ 1291.396150][T32563]  ? ___might_sleep+0x163/0x2c0
[ 1291.401038][T32563]  __should_failslab+0x121/0x190
[ 1291.405975][T32563]  should_failslab+0x9/0x14
[ 1291.410474][T32563]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1291.415845][T32563]  ? __nla_parse+0x43/0x60
[ 1291.420268][T32563]  route4_change+0x2a1/0x2165
[ 1291.424949][T32563]  ? mutex_trylock+0x2d0/0x2d0
[ 1291.429711][T32563]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1291.435884][T32563]  ? route4_delete+0x910/0x910
[ 1291.440646][T32563]  ? __kasan_check_write+0x14/0x20
[ 1291.445767][T32563]  ? wait_for_completion+0x440/0x440
[ 1291.451054][T32563]  ? route4_delete+0x910/0x910
[ 1291.455844][T32563]  tc_new_tfilter+0xa4b/0x1c70
[ 1291.460625][T32563]  ? tc_del_tfilter+0x1530/0x1530
[ 1291.465649][T32563]  ? __kasan_check_read+0x11/0x20
[ 1291.470668][T32563]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1291.476061][T32563]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1291.481199][T32563]  ? find_held_lock+0x35/0x130
[ 1291.485959][T32563]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1291.491098][T32563]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1291.497335][T32563]  ? tc_del_tfilter+0x1530/0x1530
[ 1291.502355][T32563]  ? __kasan_check_read+0x11/0x20
[ 1291.507379][T32563]  ? tc_del_tfilter+0x1530/0x1530
[ 1291.512399][T32563]  rtnetlink_rcv_msg+0x838/0xb00
[ 1291.517355][T32563]  ? rtnetlink_put_metrics+0x580/0x580
[ 1291.522814][T32563]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1291.528103][T32563]  ? find_held_lock+0x35/0x130
[ 1291.532875][T32563]  netlink_rcv_skb+0x177/0x450
[ 1291.537654][T32563]  ? rtnetlink_put_metrics+0x580/0x580
[ 1291.543122][T32563]  ? netlink_ack+0xb30/0xb30
[ 1291.547721][T32563]  ? __kasan_check_read+0x11/0x20
[ 1291.552748][T32563]  ? netlink_deliver_tap+0x254/0xbf0
[ 1291.558042][T32563]  rtnetlink_rcv+0x1d/0x30
[ 1291.562465][T32563]  netlink_unicast+0x531/0x710
[ 1291.567233][T32563]  ? netlink_attachskb+0x7c0/0x7c0
[ 1291.572339][T32563]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1291.577711][T32563]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1291.583430][T32563]  ? __check_object_size+0x3d/0x437
[ 1291.588633][T32563]  netlink_sendmsg+0x8a5/0xd60
[ 1291.593396][T32563]  ? netlink_unicast+0x710/0x710
[ 1291.598331][T32563]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1291.603873][T32563]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1291.609329][T32563]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1291.615597][T32563]  ? security_socket_sendmsg+0x8d/0xc0
[ 1291.621061][T32563]  ? netlink_unicast+0x710/0x710
[ 1291.626000][T32563]  sock_sendmsg+0xd7/0x130
[ 1291.630420][T32563]  ___sys_sendmsg+0x3e2/0x920
[ 1291.635115][T32563]  ? copy_msghdr_from_user+0x440/0x440
[ 1291.640579][T32563]  ? lock_downgrade+0x920/0x920
[ 1291.645431][T32563]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1291.651671][T32563]  ? __kasan_check_read+0x11/0x20
[ 1291.656713][T32563]  ? __fget+0x384/0x560
[ 1291.660874][T32563]  ? ksys_dup3+0x3e0/0x3e0
[ 1291.665298][T32563]  ? find_held_lock+0x35/0x130
[ 1291.670072][T32563]  ? get_pid_task+0xc9/0x190
[ 1291.674669][T32563]  ? __fget_light+0x1a9/0x230
[ 1291.679346][T32563]  ? __fdget+0x1b/0x20
[ 1291.683415][T32563]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1291.689659][T32563]  ? sockfd_lookup_light+0xcb/0x180
[ 1291.694868][T32563]  __sys_sendmmsg+0x1bf/0x4d0
[ 1291.699551][T32563]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1291.704604][T32563]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1291.710841][T32563]  ? fput_many+0x12c/0x1a0
[ 1291.715251][T32563]  ? fput+0x1b/0x20
[ 1291.719059][T32563]  ? ksys_write+0x1cf/0x290
[ 1291.723563][T32563]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1291.729023][T32563]  ? trace_hardirqs_on_thunk+0x1a/0x20
01:39:33 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000000))
sendfile(r1, r2, 0x0, 0x8000fffffffe)

01:39:33 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0)
r2 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x41)
r3 = dup2(r2, r1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'})
setsockopt$inet6_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000080)="f388261fb26dfafe6147685f8a25ee75ea58b6886a71168ce16baf2dc262d8", 0x1f)
write$sndseq(r3, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}], 0xff97)
r4 = dup(r0)
r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

01:39:33 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x2000000, 0x0, 0x2}, 0x10)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1291.734486][T32563]  ? do_syscall_64+0x26/0x760
[ 1291.739168][T32563]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1291.745239][T32563]  ? do_syscall_64+0x26/0x760
[ 1291.749924][T32563]  __x64_sys_sendmmsg+0x9d/0x100
[ 1291.754858][T32563]  do_syscall_64+0xfa/0x760
[ 1291.759366][T32563]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1291.765258][T32563] RIP: 0033:0x459a09
01:39:33 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
r3 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x3f, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r6 = dup2(r4, r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
getpeername$packet(r6, &(0x7f00000001c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000200)=0x14)
ioctl$sock_inet6_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000240)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4a, r7})
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1291.769143][T32563] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1291.769152][T32563] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1291.769171][T32563] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1291.805103][T32563] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1291.813071][T32563] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1291.821056][T32563] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
01:39:33 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1291.829023][T32563] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
[ 1291.837289][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1291.843077][    C1] protocol 88fb is buggy, dev hsr_slave_1
01:39:33 executing program 3 (fault-call:4 fault-nth:13):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00\f\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="340000002c000107008be4000000000000000000", @ANYRES32=r1, @ANYBLOB="00d400f0000000000e00000009000100726f75746500000004000200"], 0x34}}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x332, 0x0)

[ 1291.951032][  T417] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1291.964333][  T417] CPU: 1 PID: 417 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1291.971719][  T417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1291.981771][  T417] Call Trace:
[ 1291.985072][  T417]  dump_stack+0x172/0x1f0
[ 1291.989426][  T417]  handle_userfault.cold+0x41/0x5d
[ 1291.994554][  T417]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1292.000976][  T417]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1292.006269][  T417]  ? find_get_entry+0x535/0x880
[ 1292.011149][  T417]  ? __kasan_check_read+0x11/0x20
[ 1292.016176][  T417]  ? mark_lock+0xc2/0x1220
[ 1292.020645][  T417]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1292.026372][  T417]  ? __kasan_check_read+0x11/0x20
[ 1292.031399][  T417]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1292.037648][  T417]  ? find_lock_entry+0x1a7/0x560
[ 1292.042584][  T417]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1292.048758][  T417]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1292.053885][  T417]  ? shmem_unuse_inode+0x1010/0x1010
[ 1292.059174][  T417]  ? lock_downgrade+0x920/0x920
[ 1292.064024][  T417]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1292.070266][  T417]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1292.076521][  T417]  shmem_fault+0x22a/0x7b0
[ 1292.080943][  T417]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1292.086927][  T417]  ? find_get_entry+0x880/0x880
[ 1292.091781][  T417]  ? pmd_val+0x85/0x100
[ 1292.096033][  T417]  __do_fault+0x111/0x540
[ 1292.100375][  T417]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1292.106625][  T417]  __handle_mm_fault+0x2dca/0x4040
[ 1292.107350][  T473] FAULT_INJECTION: forcing a failure.
[ 1292.107350][  T473] name failslab, interval 1, probability 0, space 0, times 0
[ 1292.111741][  T417]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1292.111757][  T417]  ? handle_mm_fault+0x292/0xa80
[ 1292.111783][  T417]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1292.141009][  T417]  ? __kasan_check_read+0x11/0x20
[ 1292.146030][  T417]  handle_mm_fault+0x3b7/0xa80
[ 1292.150790][  T417]  __do_page_fault+0x536/0xdd0
[ 1292.155548][  T417]  do_page_fault+0x38/0x590
[ 1292.160044][  T417]  page_fault+0x39/0x40
[ 1292.164184][  T417] RIP: 0033:0x4533a0
[ 1292.168067][  T417] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1292.187691][  T417] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1292.193744][  T417] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1292.201706][  T417] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1292.209697][  T417] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1292.217659][  T417] R10: 00007fbdc8f359d0 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1292.225624][  T417] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1292.233762][  T473] CPU: 0 PID: 473 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1292.241130][  T473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1292.241136][  T473] Call Trace:
[ 1292.241155][  T473]  dump_stack+0x172/0x1f0
[ 1292.241175][  T473]  should_fail.cold+0xa/0x15
[ 1292.263360][  T473]  ? fault_create_debugfs_attr+0x180/0x180
[ 1292.269168][  T473]  ? ___might_sleep+0x163/0x2c0
[ 1292.269190][  T473]  __should_failslab+0x121/0x190
[ 1292.269208][  T473]  should_failslab+0x9/0x14
[ 1292.269220][  T473]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1292.269237][  T473]  ? __nla_parse+0x43/0x60
[ 1292.269259][  T473]  route4_change+0x381/0x2165
[ 1292.269274][  T473]  ? mutex_trylock+0x2d0/0x2d0
[ 1292.269292][  T473]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1292.302784][  T473]  ? route4_delete+0x910/0x910
[ 1292.302797][  T473]  ? __kasan_check_write+0x14/0x20
[ 1292.302818][  T473]  ? wait_for_completion+0x440/0x440
[ 1292.318771][  T473]  ? route4_delete+0x910/0x910
[ 1292.318789][  T473]  tc_new_tfilter+0xa4b/0x1c70
[ 1292.318817][  T473]  ? tc_del_tfilter+0x1530/0x1530
[ 1292.338676][  T473]  ? __kasan_check_read+0x11/0x20
[ 1292.343691][  T473]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1292.343708][  T473]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1292.343724][  T473]  ? find_held_lock+0x35/0x130
[ 1292.354169][  T473]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1292.354197][  T473]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1292.354213][  T473]  ? tc_del_tfilter+0x1530/0x1530
[ 1292.354224][  T473]  ? __kasan_check_read+0x11/0x20
[ 1292.354236][  T473]  ? tc_del_tfilter+0x1530/0x1530
[ 1292.354248][  T473]  rtnetlink_rcv_msg+0x838/0xb00
[ 1292.354263][  T473]  ? rtnetlink_put_metrics+0x580/0x580
[ 1292.395730][  T473]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1292.401015][  T473]  ? find_held_lock+0x35/0x130
[ 1292.405789][  T473]  netlink_rcv_skb+0x177/0x450
[ 1292.410570][  T473]  ? rtnetlink_put_metrics+0x580/0x580
[ 1292.416033][  T473]  ? netlink_ack+0xb30/0xb30
[ 1292.420622][  T473]  ? __kasan_check_read+0x11/0x20
[ 1292.425658][  T473]  ? netlink_deliver_tap+0x254/0xbf0
[ 1292.430952][  T473]  rtnetlink_rcv+0x1d/0x30
[ 1292.435381][  T473]  netlink_unicast+0x531/0x710
[ 1292.440157][  T473]  ? netlink_attachskb+0x7c0/0x7c0
[ 1292.445266][  T473]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1292.450634][  T473]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1292.456348][  T473]  ? __check_object_size+0x3d/0x437
[ 1292.459612][  T417] FAULT_FLAG_ALLOW_RETRY missing 70
[ 1292.461548][  T473]  netlink_sendmsg+0x8a5/0xd60
[ 1292.461571][  T473]  ? netlink_unicast+0x710/0x710
[ 1292.461589][  T473]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1292.481975][  T473]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1292.487436][  T473]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1292.493692][  T473]  ? security_socket_sendmsg+0x8d/0xc0
[ 1292.499172][  T473]  ? netlink_unicast+0x710/0x710
[ 1292.504111][  T473]  sock_sendmsg+0xd7/0x130
[ 1292.508571][  T473]  ___sys_sendmsg+0x3e2/0x920
[ 1292.513245][  T473]  ? copy_msghdr_from_user+0x440/0x440
[ 1292.518700][  T473]  ? lock_downgrade+0x920/0x920
[ 1292.523549][  T473]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1292.529786][  T473]  ? __kasan_check_read+0x11/0x20
[ 1292.534801][  T473]  ? __fget+0x384/0x560
[ 1292.538951][  T473]  ? ksys_dup3+0x3e0/0x3e0
[ 1292.543361][  T473]  ? find_held_lock+0x35/0x130
[ 1292.548119][  T473]  ? get_pid_task+0xc9/0x190
[ 1292.552696][  T473]  ? __fget_light+0x1a9/0x230
[ 1292.557363][  T473]  ? __fdget+0x1b/0x20
[ 1292.561427][  T473]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1292.567674][  T473]  ? sockfd_lookup_light+0xcb/0x180
[ 1292.572865][  T473]  __sys_sendmmsg+0x1bf/0x4d0
[ 1292.577552][  T473]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1292.582590][  T473]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1292.588815][  T473]  ? fput_many+0x12c/0x1a0
[ 1292.593216][  T473]  ? fput+0x1b/0x20
[ 1292.597011][  T473]  ? ksys_write+0x1cf/0x290
[ 1292.601510][  T473]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1292.606966][  T473]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1292.612416][  T473]  ? do_syscall_64+0x26/0x760
[ 1292.617078][  T473]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1292.623128][  T473]  ? do_syscall_64+0x26/0x760
[ 1292.627799][  T473]  __x64_sys_sendmmsg+0x9d/0x100
[ 1292.632733][  T473]  do_syscall_64+0xfa/0x760
[ 1292.637237][  T473]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1292.643128][  T473] RIP: 0033:0x459a09
[ 1292.647215][  T473] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1292.666805][  T473] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1292.675204][  T473] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1292.683160][  T473] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1292.691111][  T473] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1292.699069][  T473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1292.707035][  T473] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
[ 1292.715031][  T417] CPU: 1 PID: 417 Comm: syz-executor.5 Not tainted 5.3.0+ #0
[ 1292.715329][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1292.722397][  T417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1292.728142][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1292.738104][  T417] Call Trace:
[ 1292.738125][  T417]  dump_stack+0x172/0x1f0
[ 1292.738147][  T417]  handle_userfault.cold+0x41/0x5d
[ 1292.743914][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1292.747082][  T417]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1292.747108][  T417]  ? userfaultfd_ioctl+0x3ad0/0x3ad0
[ 1292.751423][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1292.756481][  T417]  ? find_get_entry+0x535/0x880
[ 1292.756497][  T417]  ? find_get_pages_range_tag+0xd50/0xd50
[ 1292.756511][  T417]  ? __kasan_check_read+0x11/0x20
[ 1292.762266][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1292.768412][  T417]  ? __kasan_check_read+0x11/0x20
[ 1292.768422][  T417]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1292.768438][  T417]  ? find_lock_entry+0x1a7/0x560
[ 1292.773714][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1292.779377][  T417]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1292.779401][  T417]  shmem_getpage_gfp+0x1f4c/0x2680
[ 1292.784324][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1292.789938][  T417]  ? shmem_unuse_inode+0x1010/0x1010
[ 1292.794993][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1292.800647][  T417]  ? lock_downgrade+0x920/0x920
[ 1292.805731][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1292.811882][  T417]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1292.816836][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1292.822497][  T417]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1292.832791][  T473] kasan: CONFIG_KASAN_INLINE enabled
[ 1292.833723][  T417]  shmem_fault+0x22a/0x7b0
[ 1292.839536][  T473] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 1292.844685][  T417]  ? shmem_read_mapping_page_gfp+0x1a0/0x1a0
[ 1292.844707][  T417]  ? find_get_entry+0x880/0x880
[ 1292.844741][  T417]  ? pmd_val+0x85/0x100
[ 1292.844763][  T417]  __do_fault+0x111/0x540
[ 1292.850537][  T473] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 1292.855307][  T417]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1292.861019][  T473] CPU: 0 PID: 473 Comm: syz-executor.3 Not tainted 5.3.0+ #0
[ 1292.867232][  T417]  __handle_mm_fault+0x2dca/0x4040
[ 1292.872909][  T473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1292.879120][  T417]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1292.884372][  T473] RIP: 0010:tcf_action_destroy+0x71/0x160
[ 1292.888757][  T417]  ? handle_mm_fault+0x292/0xa80
[ 1292.896785][  T473] Code: c3 08 44 89 ee e8 0f 2e b5 fb 41 83 fd 20 0f 84 c9 00 00 00 e8 80 2c b5 fb 48 89 d8 48 b9 00 00 00 00 00 fc ff df 48 c1 e8 03 <80> 3c 08 00 0f 85 c0 00 00 00 4c 8b 33 4d 85 f6 0f 84 9d 00 00 00
[ 1292.902736][  T417]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1292.907586][  T473] RSP: 0018:ffff8880521d7220 EFLAGS: 00010246
[ 1292.911726][  T417]  ? __kasan_check_read+0x11/0x20
[ 1292.916013][  T473] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000
[ 1292.922917][  T417]  handle_mm_fault+0x3b7/0xa80
[ 1292.929119][  T473] RDX: 0000000000040000 RSI: ffffffff85bddcc0 RDI: 0000000000000000
[ 1292.936464][  T417]  __do_page_fault+0x536/0xdd0
[ 1292.941537][  T473] RBP: ffff8880521d7250 R08: 0000000000000000 R09: ffffed1015d06ad5
[ 1292.951563][  T417]  do_page_fault+0x38/0x590
[ 1292.957066][  T473] R10: ffffed1015d06ad4 R11: ffff8880ae8356a3 R12: 0000000000000000
[ 1292.962756][  T417]  page_fault+0x39/0x40
[ 1292.967652][  T473] R13: 0000000000000000 R14: ffff8880521d7538 R15: 0000000000000001
[ 1292.987225][  T417] RIP: 0033:0x4533a0
[ 1292.993430][  T473] FS:  00007f02c0c06700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[ 1292.999466][  T417] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 1293.004463][  T473] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1293.012401][  T417] RSP: 002b:00007fbdc8f347a8 EFLAGS: 00010202
[ 1293.017128][  T473] CR2: 0000001b2ca21000 CR3: 000000008df4b000 CR4: 00000000001406f0
[ 1293.025070][  T417] RAX: 00007fbdc8f34850 RBX: 0000000000000003 RCX: 000000000000000e
[ 1293.029799][  T473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1293.037744][  T417] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007fbdc8f34850
[ 1293.042212][  T473] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1293.050184][  T417] RBP: 000000000075c070 R08: 00000000000003ff R09: 0000000000000000
[ 1293.054312][  T473] Call Trace:
[ 1293.062283][  T417] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdc8f356d4
[ 1293.066164][  T473]  tcf_exts_destroy+0x38/0xb0
[ 1293.075058][  T417] R13: 00000000004c8dbc R14: 00000000004dfed8 R15: 00000000ffffffff
[ 1293.094646][  T473]  route4_change+0xe87/0x2165
[ 1293.183562][  T473]  ? mutex_trylock+0x2d0/0x2d0
[ 1293.188299][  T473]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 1293.194443][  T473]  ? route4_delete+0x910/0x910
[ 1293.199240][  T473]  ? __kasan_check_write+0x14/0x20
[ 1293.204346][  T473]  ? wait_for_completion+0x440/0x440
[ 1293.209741][  T473]  ? route4_delete+0x910/0x910
[ 1293.214477][  T473]  tc_new_tfilter+0xa4b/0x1c70
[ 1293.219220][  T473]  ? tc_del_tfilter+0x1530/0x1530
[ 1293.224228][  T473]  ? __kasan_check_read+0x11/0x20
[ 1293.229237][  T473]  ? merge_extent_mapping+0x1d0/0x4c0
[ 1293.234585][  T473]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1293.239717][  T473]  ? find_held_lock+0x35/0x130
[ 1293.244488][  T473]  ? rtnetlink_rcv_msg+0x7f2/0xb00
[ 1293.249593][  T473]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1293.255807][  T473]  ? tc_del_tfilter+0x1530/0x1530
[ 1293.260819][  T473]  ? __kasan_check_read+0x11/0x20
[ 1293.265828][  T473]  ? tc_del_tfilter+0x1530/0x1530
[ 1293.270831][  T473]  rtnetlink_rcv_msg+0x838/0xb00
[ 1293.275744][  T473]  ? rtnetlink_put_metrics+0x580/0x580
[ 1293.281217][  T473]  ? netlink_deliver_tap+0x22d/0xbf0
[ 1293.286501][  T473]  ? find_held_lock+0x35/0x130
[ 1293.291253][  T473]  netlink_rcv_skb+0x177/0x450
[ 1293.295984][  T473]  ? rtnetlink_put_metrics+0x580/0x580
[ 1293.301412][  T473]  ? netlink_ack+0xb30/0xb30
[ 1293.305978][  T473]  ? __kasan_check_read+0x11/0x20
[ 1293.310983][  T473]  ? netlink_deliver_tap+0x254/0xbf0
[ 1293.316240][  T473]  rtnetlink_rcv+0x1d/0x30
[ 1293.320673][  T473]  netlink_unicast+0x531/0x710
[ 1293.325535][  T473]  ? netlink_attachskb+0x7c0/0x7c0
[ 1293.330692][  T473]  ? _copy_from_iter_full+0x25d/0x8a0
[ 1293.336042][  T473]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1293.341741][  T473]  ? __check_object_size+0x3d/0x437
[ 1293.346910][  T473]  netlink_sendmsg+0x8a5/0xd60
[ 1293.351646][  T473]  ? netlink_unicast+0x710/0x710
[ 1293.356575][  T473]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 1293.362097][  T473]  ? apparmor_socket_sendmsg+0x2a/0x30
[ 1293.367529][  T473]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1293.373737][  T473]  ? security_socket_sendmsg+0x8d/0xc0
[ 1293.379166][  T473]  ? netlink_unicast+0x710/0x710
[ 1293.384077][  T473]  sock_sendmsg+0xd7/0x130
[ 1293.388471][  T473]  ___sys_sendmsg+0x3e2/0x920
[ 1293.393126][  T473]  ? copy_msghdr_from_user+0x440/0x440
[ 1293.398562][  T473]  ? lock_downgrade+0x920/0x920
[ 1293.403391][  T473]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1293.409605][  T473]  ? __kasan_check_read+0x11/0x20
[ 1293.414618][  T473]  ? __fget+0x384/0x560
[ 1293.418758][  T473]  ? ksys_dup3+0x3e0/0x3e0
[ 1293.423157][  T473]  ? find_held_lock+0x35/0x130
[ 1293.427892][  T473]  ? get_pid_task+0xc9/0x190
[ 1293.432454][  T473]  ? __fget_light+0x1a9/0x230
[ 1293.437098][  T473]  ? __fdget+0x1b/0x20
[ 1293.441140][  T473]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1293.447374][  T473]  ? sockfd_lookup_light+0xcb/0x180
[ 1293.452554][  T473]  __sys_sendmmsg+0x1bf/0x4d0
[ 1293.457199][  T473]  ? __ia32_sys_sendmsg+0xb0/0xb0
[ 1293.462215][  T473]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1293.468429][  T473]  ? fput_many+0x12c/0x1a0
[ 1293.472837][  T473]  ? fput+0x1b/0x20
[ 1293.476618][  T473]  ? ksys_write+0x1cf/0x290
[ 1293.481093][  T473]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1293.486533][  T473]  ? trace_hardirqs_on_thunk+0x1a/0x20
[ 1293.491959][  T473]  ? do_syscall_64+0x26/0x760
[ 1293.496606][  T473]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1293.502653][  T473]  ? do_syscall_64+0x26/0x760
[ 1293.507313][  T473]  __x64_sys_sendmmsg+0x9d/0x100
[ 1293.512240][  T473]  do_syscall_64+0xfa/0x760
[ 1293.516714][  T473]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1293.522588][  T473] RIP: 0033:0x459a09
[ 1293.526465][  T473] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1293.546057][  T473] RSP: 002b:00007f02c0c05c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1293.554456][  T473] RAX: ffffffffffffffda RBX: 00007f02c0c05c90 RCX: 0000000000459a09
[ 1293.562438][  T473] RDX: 0000000000000332 RSI: 0000000020000140 RDI: 0000000000000004
[ 1293.570380][  T473] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1293.578350][  T473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f02c0c066d4
[ 1293.586328][  T473] R13: 00000000004c71e8 R14: 00000000004dca10 R15: 0000000000000005
[ 1293.594273][  T473] Modules linked in:
[ 1293.599949][  T473] ---[ end trace 1ecf82c4821088bd ]---
01:39:35 executing program 5:
mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
read(r0, &(0x7f0000000100)=""/199, 0xc7)
syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x6c00)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000})
shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)

01:39:35 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, &(0x7f0000000000)='/dev/urandom\x00', 0xd)

01:39:35 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x400004e21, 0x0, @empty}, 0x1c)
setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dcbc0d5e0bcfe47bf070")
write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="a43f7a10bc918dba707335df9c4fe2e3dd545ee4c838fdcc46a7540a012dcf04a12f99172a6f3583cd5498000448f3ae533c2845496e9b0a050d5e4e05f5f8188edecc091727ed7a25a91998bf61aeec90e8718f9aa9fd5da3aa3181c0080975dee42b7d8686ca8f92f314380c2a02a90e6efeaf9d6acdb213cd260c116f495d9569a33c798d369967f6690fd59a8b3bd789702d552fe262fe738e874609724467e7d1be8518f803b96022e1f0f0de7d3720bec96ede000000000000000000"], 0x10098)
write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="ba"], 0x1)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78)

01:39:35 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000000080000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x32d, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x148, 0x24, 0x507, 0x0, 0xc, {0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8, 0x1, 'red\x00'}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "fbf84ce9dbecf3d5851ae060c0ec8d55c9c65cb98d69f6f43f1d64d475f279dd204e54f6719de408d640f2dcd4c0c8c615650de0531b139380f912f808e5d3e1118f76144d1568be425bddb29fa48b1251d5cc8b78fb742bd61674f4cd92a93f8dafea3bc823ccd7591d59d252a275012101f39ab9478cc5dc4a8a2e71f186ce688ae869907b40b62231d243db1eca472440f1203b691b7b85864a73f1a3a9664d075ac973158948f7c44b4f8e2348e8046b08dcb423647eff2539993b8985028d7f0a50e94ee6b2fdacff6aee496b13807eb8d406a8440af14e339713f93a2bd76d46d34452c9bf604ac61d66e9ff34503a7ff400"}, @TCA_RED_PARMS={0x14, 0x1, {0x20}}]}}]}, 0x148}}, 0x0)

01:39:35 executing program 0:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)
r3 = dup2(r2, r1)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ADD(r3, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8440}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x2c0, r4, 0x10, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0xa0, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd19}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffc01}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6b7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x69fb}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xc35}]}, @TIPC_NLA_LINK={0x84, 0x4, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x41}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0xe4, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x75b3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @remote}}, {0x14, 0x2, @in={0x2, 0x4e24, @remote}}}}]}, @TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xff}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xf4a}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffe000000000000}]}]}, 0x2c0}, 0x1, 0x0, 0x0, 0x4}, 0x24000082)

[ 1293.606369][  T473] RIP: 0010:tcf_action_destroy+0x71/0x160
[ 1293.612206][  T473] Code: c3 08 44 89 ee e8 0f 2e b5 fb 41 83 fd 20 0f 84 c9 00 00 00 e8 80 2c b5 fb 48 89 d8 48 b9 00 00 00 00 00 fc ff df 48 c1 e8 03 <80> 3c 08 00 0f 85 c0 00 00 00 4c 8b 33 4d 85 f6 0f 84 9d 00 00 00
[ 1293.632282][  T473] RSP: 0018:ffff8880521d7220 EFLAGS: 00010246
[ 1293.640311][  T473] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000
[ 1293.665339][ T3891] kobject: 'loop5' (00000000cfaf4e47): kobject_uevent_env
[ 1293.672490][ T3891] kobject: 'loop5' (00000000cfaf4e47): fill_kobj_path: path = '/devices/virtual/block/loop5'
[ 1293.682716][  T473] RDX: 0000000000040000 RSI: ffffffff85bddcc0 RDI: 0000000000000000
01:39:35 executing program 1:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x8000000000000085, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
r7 = dup2(r5, r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
ioctl$KVM_SET_NR_MMU_PAGES(r7, 0xae44, 0x4)
r8 = dup2(r3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ioctl$TUNGETSNDBUF(r8, 0x800454d3, &(0x7f0000000000))
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

[ 1293.706849][  T473] RBP: ffff8880521d7250 R08: 0000000000000000 R09: ffffed1015d06ad5
[ 1293.744001][  T473] R10: ffffed1015d06ad4 R11: ffff8880ae8356a3 R12: 0000000000000000
[ 1293.755958][  T473] R13: 0000000000000000 R14: ffff8880521d7538 R15: 0000000000000001
[ 1293.765603][ T3891] kobject: 'loop1' (000000002d2cc060): kobject_uevent_env
[ 1293.772084][  T473] FS:  00007f02c0c06700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[ 1293.772742][ T3891] kobject: 'loop1' (000000002d2cc060): fill_kobj_path: path = '/devices/virtual/block/loop1'
[ 1293.781998][  T473] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1293.800727][  T473] CR2: 000000000075c000 CR3: 000000008df4b000 CR4: 00000000001406e0
[ 1293.808839][  T473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1293.819981][  T473] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1293.834538][  T473] Kernel panic - not syncing: Fatal exception
[ 1293.842133][  T473] Kernel Offset: disabled
[ 1293.846451][  T473] Rebooting in 86400 seconds..