936d5bdee4615741bb2a44ddbc95e9f79ca3e2e3f6afd659046645a5f65864cc41faa0297b5cbfb739c0a5311c2f0a611fcbacfe5a0036bfce0c82ee1225331c63380da71d41aa75d10641a10036373768a0c349a8f8d3c52f29f19819832c73fd5629c00a0cccd6ff8bb2fece19fb5f07403c635368ab82a21419e34e2cf8552d6a9cf3fbd049adbdb2406e1b92dd363a201c42196c3e9c2f93ba42635e5c904ac49ad469a27b55066dc1fb1258f6b67aa304c45f047aaf4d46e972e71d5b68e1d47d935feea2349b1aa6cee4ecff2da22c99a1dda4e577818df5c48c3bca87c9e60858ee2d294b3cb6cfa576c6daf4633ab463480e04890408780f1b5933487a1d17f905bfd2abc48cc93ef84f33747dda71948dfe30aaf08f55dcddf5e800e4e95d8c15d2e4e5dffe0fd6c2077afc5de8b187cfa7b64c3c80ad978973196a227e09852aa9ad479b147aca3851f4a0cf2b72aa0ae080e8b42784490be7d958c72a2f0868699b61fa774a991a476c98af44611593b1b991ed2556a6420d78dbeef83bf3b41cae1e1221af61c4e1bc27d3f36fbe14ca00fa90c822e1d6c0055403a68576ac82a72e66fb15860cd77330e8ee4487b3c254e3a3303aa9e0d23b3bf54a9e608c9fac70cc83865d48374264daa422aa332604bb8e22b360fc5ce139b5d682d186a5051c380518b3ecb20439f3e8ed32f30581733397de83f710c5a04ce011db094c83d5f2c18d956e95ad83f6d649542d5ecc489b05f3426d3fa7c93aeb981b5d6d2c888ce29e3fd3f77efab810dab370a980aae1db44f596649f6091d1d640f9bb6415312a2750010c97236b50b795f673b40bf0ba03998e3c94881e2b0a570b62323c13090530def5ef760caa0e25b84ec2afd8401d30e18f13ae934f7dec625368f352825662d55c6e98978bf695f3eacc7c2aa51fc197080e1f5fe1aa7cffcf3fd200e26923280e076df4c6f03e6f8057d65868832f19294b608702ae4e8480a9446f663f08c3ec31328c21bde1c938224e94d676d47a309c6fdf67a81e7a8cd3c26dde90cf03c9832b59d2289c4dc53134bfe2578c1239524efe9ecd56e56e6a97e0f582e0ecedd7404351b470ef83fbd12cdc3474a2b9fe9f5874799942df93575331d4d82f5c6d49f5c48d75c042e4ae0682b72a7b9e8f38d0b069b8d099f4bd61a170cbcc6158f2ab46451e4efe34782db93942b9444511308359bd45c91f8898c9f8fbe8c1b102528fcf88453c0d22bb78d5e326c706d46f5a2623f89d34a29dd816ef485c8b619744d73d94189fa573f029efe5eeb68106a111113fa1226790a57f58138bb8dd4ac28ba56d80b7f409952b751af166ce9823df68a7fae2424d92f19d6675c1eab4e81842004e128679c60c81064cb8103ab82561fe7756347044383bb6266870634f15cce87b87649a90b0679f191d86c1ef48d52ef4e3982fc5785453857a3b2d431671293a421dc82baf73b32829cc8ad1b241008c04b854a3397cabe52ec9437b1ebccf478b218a16a2c1350086232078a6142ac56f1cb32f36a3dc7fd87321cde35cce521d2855303577dc8211a5e2bd215e6ad2d43739ab4e97e866c84be789d7871c1211aa9e9c0c563b809aebedfa9b2ce561c49a1559b8b9daa5c1bee53a0da6dd7948167de2ddad43e7cd1d336d95c0f8f83dd0dfab502aec8d0221e1ce370784f3bd2321943efd84a813c708452997079fbcdb0d1ed60a6afa776368964987b77a9aca926ad3d32c8a24653a22d48a9579316518c028e1dd64d55fac214e295ccaf370d99005df43b445c8620dbc158c285d8846f3c3e8759677025dc21db85576cb3c00a2f4918daee5f14ddb91ab01d28eb1840724635ff45aa5fe48c38b7932daa98ecb87a3bd4854fe30fb9989399319e9001ae5b69ab83bdff54914e3d95c0a1f0f0abb48ed2eced701ef14d8bb38fa0e2de8112255a3c26507972e00d256a3f1036e2ff151d70620b051131a56af7964ec63743ba298ca80a07b706b6fda1fdb1ccc84245859de926f4ef2ee30c236a9c7febe9a1eacea6863888bd4cf3d605b8a18ee196f219e42a54b7b8cd0a48c45fd1a8027cf45aa6656c7cd7ec314b27843e2f1fcd161ded6cd9eca4224ec1d3892a95a2c3fa7ebbbba01606893352eb56532a01ec093f5dc00bd428dca8f22841658e8295afc91808aeda32996442c672d7268ded9ec550f362d2ac5a337c918def2406b075f99aad9561da1e91468f87780882aa01804956e13aab202cf775aedc7073dca25c8b84d56b88204c107a479c08274cfb84f0dbf3e1e33e8ccf429e4876f1ece5769ec1a28603e030d46b229cd6bd44a8f705d36c9d83e9cd70ef8a43ceacbd670a049abcf1de261e1d0f38b9f34a94c38bbeaf9469f9b20cee6d2fa436050a420dd0060529bb1405dea8bea0d668b2c3052cd1594d6e6b793649a06d8b0c670277d85cc7cc2879ee25f1ad1f960cba85a219860f1f4b2e087aec7d1fc9ccc929310b400db3597cb6d029b2b70569e03fcc52f194fd25950c1060e50c55d8c9bd2b5e79a37b4d78187a2442855567cc16ec399c5b484bab9531f2975f38cd3d9415fcda57fa4e2304df25b83a2c56ce52bb4c3cdadd0b31b2a8971c8a072659f8577b0c6bc3cf78cf63050eaf3964af20fee2ab6096c34aa52595e983da8f81b36ca9ccfdce663bab408f4ccd918ecbdb448a7b7bbc3620081cecac95e30bbc8a5356e95fa45517177709dc42be0a8143b7ed135354857758bcad11e6145cf517808b1341e3a78f73aedf5ddb59c4d8f62f7deef852b56ea3a6")

08:15:50 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x10001000008914, &(0x7f0000000180)="0a472d000412620471c0705f239b63ed92d841894d501b5a3c49bc7928578b9234e853480e820895c79921e3d82681728e986cfdd5291faa3dfa5c07f57040fa9cc5266d8e6fe4114f79cd234f735e1e98eb34689ca71ba869167632c3b29891f3e1d0f5b2e0137995d55a34388434")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2373.114882] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2373.137728] CPU: 1 PID: 21000 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2373.145115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2373.145123] Call Trace:
[ 2373.145150]  dump_stack+0x244/0x39d
[ 2373.145177]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2373.145212]  handle_userfault.cold.32+0x47/0x62
[ 2373.145245]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2373.145266]  ? mark_held_locks+0x130/0x130
[ 2373.145291]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2373.170700]  ? futex_wait_setup+0x266/0x3e0
[ 2373.170732]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2373.170755]  ? userfaultfd_ctx_put+0x830/0x830
[ 2373.198649]  ? futex_wait+0x5a1/0xa50
[ 2373.202475]  ? print_usage_bug+0xc0/0xc0
[ 2373.206554]  ? print_usage_bug+0xc0/0xc0
[ 2373.210633]  ? print_usage_bug+0xc0/0xc0
[ 2373.214707]  ? zap_class+0x640/0x640
[ 2373.218435]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2373.223552]  ? futex_wake+0x304/0x760
[ 2373.227381]  ? find_held_lock+0x36/0x1c0
[ 2373.231624]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2373.236227]  ? lock_downgrade+0x900/0x900
[ 2373.240398]  ? kasan_check_read+0x11/0x20
[ 2373.244557]  ? do_raw_spin_unlock+0xa7/0x330
[ 2373.248979]  ? do_raw_spin_trylock+0x270/0x270
[ 2373.253581]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2373.259235]  __handle_mm_fault+0x4bbd/0x5be0
[ 2373.263667]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2373.268529]  ? zap_class+0x640/0x640
[ 2373.272256]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2373.277201]  ? kasan_check_read+0x11/0x20
[ 2373.281370]  ? rcu_softirq_qs+0x20/0x20
[ 2373.285376]  ? zap_class+0x640/0x640
[ 2373.289102]  ? zap_class+0x640/0x640
[ 2373.292843]  ? find_held_lock+0x36/0x1c0
[ 2373.296926]  ? handle_mm_fault+0x42a/0xc70
[ 2373.296946]  ? lock_downgrade+0x900/0x900
[ 2373.296965]  ? check_preemption_disabled+0x48/0x280
[ 2373.296984]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2373.297004]  ? kasan_check_read+0x11/0x20
[ 2373.305388]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2373.305403]  ? rcu_softirq_qs+0x20/0x20
[ 2373.305420]  ? trace_hardirqs_off_caller+0x310/0x310
08:15:51 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x7000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:51 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x89060000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2373.305439]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2373.305462]  ? check_preemption_disabled+0x48/0x280
[ 2373.344435]  handle_mm_fault+0x54f/0xc70
[ 2373.348523]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2373.353129]  ? find_vma+0x34/0x190
[ 2373.356689]  __do_page_fault+0x5e8/0xe60
[ 2373.360764]  ? trace_hardirqs_off+0xb8/0x310
[ 2373.365343]  do_page_fault+0xf2/0x7e0
[ 2373.369159]  ? vmalloc_sync_all+0x30/0x30
[ 2373.373333]  ? error_entry+0x70/0xd0
[ 2373.377068]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2373.382097]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2373.387039]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2373.391992]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2373.396857]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2373.396875]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2373.396893]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2373.396911]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2373.396929]  ? page_fault+0x8/0x30
[ 2373.407396]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2373.407415]  ? page_fault+0x8/0x30
[ 2373.407433]  page_fault+0x1e/0x30
[ 2373.407446] RIP: 0033:0x4510a0
08:15:51 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0xd000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2373.407463] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2373.407477] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2373.460303] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2373.467590] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2373.474870] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2373.482148] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
08:15:51 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0x3, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000180)=ANY=[@ANYRES32=<r2=>0x0, @ANYBLOB="490000007516ed7189a9f465feffffffffffffff6a26b93b3bf3eea106f00286a5f2137738fa1c5d6e08131a678f4eb46d7705f7d28bf3f6523a2e602cc3fdd962bd402d9eef1c7584e72ebb3a"], &(0x7f0000000100)=0x51)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000200)={<r3=>r2, 0x6, 0x1, [0x1f]}, &(0x7f0000000240)=0xa)
setsockopt$packet_int(r1, 0x107, 0x1f, &(0x7f0000000040), 0x4)
getsockopt$inet_mreq(r1, 0x0, 0x0, &(0x7f0000000280)={@multicast1, @empty}, &(0x7f00000002c0)=0x8)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x40, 0x0)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000003c0)={r3, 0x9c, &(0x7f0000000300)=[@in6={0xa, 0x4e20, 0x8, @remote, 0x2}, @in6={0xa, 0x4e21, 0x100000000, @empty, 0x7}, @in={0x2, 0x4e24, @multicast1}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0x16}, 0x400}, @in6={0xa, 0x4e20, 0x2, @empty, 0xc5}, @in6={0xa, 0x4e22, 0x8, @empty, 0xa902}]}, &(0x7f0000000400)=0x10)

[ 2373.489431] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2373.506826] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2373.511377] CPU: 1 PID: 21002 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2373.518753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2373.528124] Call Trace:
[ 2373.530729]  dump_stack+0x244/0x39d
[ 2373.534372]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2373.539588]  handle_userfault.cold.32+0x47/0x62
[ 2373.544278]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2373.548873]  ? mark_held_locks+0x130/0x130
[ 2373.553119]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2373.558146]  ? futex_wait_setup+0x266/0x3e0
[ 2373.562493]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2373.567689]  ? userfaultfd_ctx_put+0x830/0x830
[ 2373.572273]  ? futex_wait+0x5a1/0xa50
[ 2373.576091]  ? print_usage_bug+0xc0/0xc0
[ 2373.580157]  ? print_usage_bug+0xc0/0xc0
[ 2373.584228]  ? print_usage_bug+0xc0/0xc0
[ 2373.588294]  ? zap_class+0x640/0x640
[ 2373.592025]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2373.597132]  ? futex_wake+0x304/0x760
[ 2373.600947]  ? find_held_lock+0x36/0x1c0
[ 2373.605026]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2373.609618]  ? lock_downgrade+0x900/0x900
[ 2373.613778]  ? kasan_check_read+0x11/0x20
[ 2373.617932]  ? do_raw_spin_unlock+0xa7/0x330
[ 2373.622355]  ? do_raw_spin_trylock+0x270/0x270
[ 2373.626945]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2373.632584]  __handle_mm_fault+0x4bbd/0x5be0
[ 2373.637010]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2373.641862]  ? zap_class+0x640/0x640
[ 2373.645577]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2373.650513]  ? kasan_check_read+0x11/0x20
[ 2373.654670]  ? rcu_softirq_qs+0x20/0x20
[ 2373.658660]  ? zap_class+0x640/0x640
[ 2373.662382]  ? zap_class+0x640/0x640
[ 2373.666107]  ? find_held_lock+0x36/0x1c0
[ 2373.670184]  ? handle_mm_fault+0x42a/0xc70
[ 2373.674433]  ? lock_downgrade+0x900/0x900
[ 2373.678591]  ? check_preemption_disabled+0x48/0x280
[ 2373.683615]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2373.688550]  ? kasan_check_read+0x11/0x20
[ 2373.692701]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2373.697981]  ? rcu_softirq_qs+0x20/0x20
[ 2373.701965]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2373.707078]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2373.712625]  ? check_preemption_disabled+0x48/0x280
[ 2373.717658]  handle_mm_fault+0x54f/0xc70
[ 2373.721732]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2373.726342]  ? find_vma+0x34/0x190
[ 2373.729888]  __do_page_fault+0x5e8/0xe60
[ 2373.733949]  ? trace_hardirqs_off+0xb8/0x310
[ 2373.738374]  do_page_fault+0xf2/0x7e0
[ 2373.742185]  ? vmalloc_sync_all+0x30/0x30
[ 2373.746345]  ? error_entry+0x70/0xd0
[ 2373.750070]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2373.755088]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2373.760021]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2373.764958]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2373.769803]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2373.774827]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2373.780288]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2373.785330]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2373.790361]  ? page_fault+0x8/0x30
[ 2373.793908]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2373.798762]  ? page_fault+0x8/0x30
[ 2373.802308]  page_fault+0x1e/0x30
[ 2373.805782] RIP: 0033:0x4510a0
[ 2373.808980] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2373.827881] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2373.833245] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2373.840515] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2373.847786] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2373.855057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2373.862340] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:15:51 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4c00000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:51 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

08:15:51 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)="2f6465762f696e7075742f6576656e742302", 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:51 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = semget$private(0x0, 0x3, 0x203)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x11)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00')
sendmsg$TIPC_NL_PUBL_GET(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000610}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x50, r4, 0x714, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x3c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4a9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80000001}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
semctl$IPC_INFO(r2, 0x5, 0x3, &(0x7f0000000040)=""/43)

08:15:51 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x14, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:51 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f00000000c0))

08:15:51 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0xe80, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:51 executing program 1:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xfc, 0x114, 0xffffffffffff5707, {"580496662dc4629e54fc6d1f50bab964a2fc4ec58a27c8d26165230449ab07262f46a2736252f13757cdf9f2fa1cdae3492904692bfd5e0a5262494cdb359bbbf5975b9f4c75e1ae43232b6f34447bcad7b1668f28e798cf5a0b137dce5a509c35682021389df7919b85a7b32c801377a7de098f9efc17d72b4f34f182c36869f1a4c009beccd174e30ec0a5dbadd07d632122f01ff9fdc35d1a150c0ae41f4e2256df984224514e85bb0822c419ecf2a07fa5514c0647f3f909517e105995bbda2265e486e48c6a0c4f1978d41431ee99a0b154089cb6d2e9494a4cc371ffe18113160c74b36ebb69bb6963debb7e23f66c1c0b0be2e8fa2f4f95"}}, {0x0, "c0f44b44a235f6eaa56f918d3f79b162f9e0cd808cebeb96bc4a09a36e1da5ccabeda816749189af17777275e1acdd1df2c456648c76ae969a45d189cb1c7a4a737f2fd6957d0ba53662a8255f7d9f12b44d70deda680d9055bd42f8b982155a81cd8f023565ecc933740a588cc6a522194f4f67a8e2634767be5ee29f9683f79be2f4c6da682a3d01821d480cadf655dec28af41f60f402d020308f05d8d0275b8f750b10d93c8dafc9a1be2844c22dc30e0157d818d937d7eab6af72337dcf8094"}}, &(0x7f0000000500), 0x1d8, 0x0, 0x1}, 0x20)
fsetxattr$security_ima(r0, &(0x7f0000000580)='security.ima\x00', &(0x7f00000005c0)=@md5={0x1, "454479ce8cbc894d8c6f767e8ec306b7"}, 0x11, 0x2)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x6, 0x101400)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000000080)={0xfffffffffffffff7, 0x0, 0x5b, 0x17424fa2, <r3=>0x0}, &(0x7f00000000c0)=0x10)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x19, &(0x7f0000000200)={r3, 0xde3}, 0x8)
r4 = perf_event_open(&(0x7f0000014f88)={0x101, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
flock(r4, 0x8)
r5 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x2, 0x210000)
sendto$inet(r5, &(0x7f0000000140)="ff218b2ebb33f812545e1a22c90f8180e2a58eacb7199d90d0a4fbca29ac20b82ae108b5c2fa9f95c56560ec7774adbc7ae1bd9fe425f47586826ceb3dc90f1f2bb0e8f546e060f2ea00517dfd73f6a26a5dd46d17b335d020b363", 0x5b, 0x20040000, &(0x7f00000001c0)={0x2, 0x4e24, @local}, 0x10)
sendmsg$kcm(r2, &(0x7f0000000800)={&(0x7f0000000600)=@sco={0x1f, {0x7, 0xff, 0x81, 0x4, 0x0, 0x6}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000680)="299485f47653bd57602a578d4560b02214f594c97d3f9f91da1298cb2a4831bf7db9277b28d74c8856c72e42205e0668cf1816ed52b20589d2d99e528484e38da842ec1d4ba8afa575744095d1f3f3123f65d9d3cf13e66f8b51fbef139106d56f7b900f50293f7e960a1b44b6389e162bdb91919fd27e2c1ecb4493279c0cd4809158892bf199b82250bfad6ae47f6353ba750c14a226", 0x97}], 0x1, &(0x7f0000000740)=ANY=[@ANYBLOB="b8190000a6aa00001201000006000000121c7e60436a78fa51762f69853b56255ffee3f83babb9cf02c65d98b81994d6c9def69977eb64d9271216eeb29b7d2f283a40f4e1afe5f6d75e869c1b854ba325798644b633c106815931b19a4a69c0adc4fa39ae2e513fc7e0dd79ada3129a3b61c51267b60d77e863eddce5e7420d5a08a74156f8117f5f2afc32996b5f41583a7d2020a5f01e0c7e98039a7be61d0537a7fa42f572d33a25085936b86506d9ae46fd4a000000"], 0xb8}, 0x1)
getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000240)=""/108, &(0x7f00000002c0)=0x6c)
close(r4)

[ 2374.106688] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2374.115770] CPU: 1 PID: 21054 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2374.123152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2374.132517] Call Trace:
[ 2374.135137]  dump_stack+0x244/0x39d
[ 2374.138789]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2374.144017]  handle_userfault.cold.32+0x47/0x62
[ 2374.148724]  ? userfaultfd_ioctl+0x5610/0x5610
08:15:52 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x202, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000400)="637075616363742e737461740081f77c4e9b7b584bbfbfa74a8237ef2f0800000009b4eb2d07648600698a3b70ed2eebfb006fe4b56163020700000000000044323c20d51bd5aa613545078f52d43cc2d21aea3e6a664fb47bb53efb57cc0db0b4fa337c186c46dd49f512401fac9a8834d29e3ff46a763574c71173cee57b878f943f71a367911c202f40428a4a2596744f104a829c25001a53e35da2fa91d89e41", 0x0, 0x0)
ioctl$EVIOCSCLOCKID(r2, 0x400445a0, &(0x7f0000000280)=0x5073)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x800455d1, &(0x7f0000000080))
r3 = fcntl$getown(r0, 0x9)
ptrace$setregset(0x4205, r3, 0x7, &(0x7f0000000040)={&(0x7f00000000c0)="941e95dedf27e38f395a2955936d3c4bf9e51db58444a91e3ea0b782c33abcefea84b58e30010ebf0613cc6ed219e17cb85165cebc62da05788a97f67ba717dcc6deddf6daf8627a1e88088d55ab94cfd90acf35bb1cf7d601164b53d0e6595c2c0abdce5656c3f475566a41e25e509c5c803af575fb05fcb366bacbe6f57da16f5cfea5d3d9e72f158dc0df5879eaa8e6d4bfaea21eedc93e71250752e70d5ee9c5449d41ba7520a8b2c20a86c85d08c8ba04700424fcdb6f0806fcabf5436f7f9ac8dda97d6c46fdb79fbc89889c817d6b13da27422701bff8fee1c893d85c71129e29df340dc6f9ede8e7e133170a39fa7b", 0xf3})
setrlimit(0xf, &(0x7f0000000000)={0x5, 0x68})
ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f00000002c0)={0x2, 0xbc})
r4 = dup(r0)
accept$packet(r4, &(0x7f00000001c0), &(0x7f0000000200)=0x14)
syz_open_dev$sndctrl(&(0x7f0000000300)='/dev/snd/controlC#\x00', 0x7, 0x400000)

[ 2374.153342]  ? mark_held_locks+0x130/0x130
[ 2374.157605]  ? find_held_lock+0x36/0x1c0
[ 2374.161693]  ? userfaultfd_ctx_put+0x830/0x830
[ 2374.166296]  ? kasan_check_read+0x11/0x20
[ 2374.170473]  ? print_usage_bug+0xc0/0xc0
[ 2374.174544]  ? do_raw_spin_trylock+0x270/0x270
[ 2374.179143]  ? print_usage_bug+0xc0/0xc0
[ 2374.183222]  ? print_usage_bug+0xc0/0xc0
[ 2374.187302]  ? zap_class+0x640/0x640
[ 2374.191043]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2374.196156]  ? futex_wake+0x304/0x760
[ 2374.199989]  ? find_held_lock+0x36/0x1c0
[ 2374.204072]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2374.204091]  ? lock_downgrade+0x900/0x900
[ 2374.204117]  ? kasan_check_read+0x11/0x20
[ 2374.217019]  ? do_raw_spin_unlock+0xa7/0x330
[ 2374.217034]  ? do_raw_spin_trylock+0x270/0x270
[ 2374.217059]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2374.231683]  __handle_mm_fault+0x4bbd/0x5be0
[ 2374.236120]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2374.240989]  ? zap_class+0x640/0x640
[ 2374.244713]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2374.249658]  ? kasan_check_read+0x11/0x20
08:15:52 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
fcntl$getown(r0, 0x9)

[ 2374.253822]  ? rcu_softirq_qs+0x20/0x20
[ 2374.257829]  ? zap_class+0x640/0x640
[ 2374.261565]  ? zap_class+0x640/0x640
[ 2374.265302]  ? find_held_lock+0x36/0x1c0
[ 2374.269401]  ? handle_mm_fault+0x42a/0xc70
[ 2374.273650]  ? lock_downgrade+0x900/0x900
[ 2374.277822]  ? check_preemption_disabled+0x48/0x280
[ 2374.282872]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2374.287814]  ? kasan_check_read+0x11/0x20
[ 2374.291986]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2374.297315]  ? rcu_softirq_qs+0x20/0x20
[ 2374.301316]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2374.306448]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2374.311999]  ? check_preemption_disabled+0x48/0x280
[ 2374.312024]  handle_mm_fault+0x54f/0xc70
[ 2374.312044]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2374.312065]  ? find_vma+0x34/0x190
[ 2374.312086]  __do_page_fault+0x5e8/0xe60
[ 2374.321153]  ? trace_hardirqs_off+0xb8/0x310
[ 2374.321180]  do_page_fault+0xf2/0x7e0
[ 2374.321198]  ? vmalloc_sync_all+0x30/0x30
[ 2374.345705]  ? error_entry+0x70/0xd0
[ 2374.349439]  ? trace_hardirqs_off_caller+0xbb/0x310
08:15:52 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x8035000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2374.354467]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2374.359409]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2374.364364]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2374.369224]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2374.374254]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2374.379721]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2374.384758]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2374.389794]  ? page_fault+0x8/0x30
[ 2374.393364]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2374.393384]  ? page_fault+0x8/0x30
[ 2374.393400]  page_fault+0x1e/0x30
[ 2374.393414] RIP: 0033:0x4510a0
[ 2374.393430] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2374.393439] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2374.393452] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2374.393462] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2374.393471] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2374.393481] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2374.393490] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2374.472005] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2374.476550] CPU: 0 PID: 21058 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2374.483922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2374.493291] Call Trace:
[ 2374.495921]  dump_stack+0x244/0x39d
[ 2374.499576]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2374.504796]  handle_userfault.cold.32+0x47/0x62
[ 2374.509498]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2374.514096]  ? mark_held_locks+0x130/0x130
[ 2374.518360]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2374.523390]  ? futex_wait_setup+0x266/0x3e0
[ 2374.527740]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2374.532953]  ? userfaultfd_ctx_put+0x830/0x830
[ 2374.537557]  ? futex_wait+0x5a1/0xa50
[ 2374.541386]  ? print_usage_bug+0xc0/0xc0
[ 2374.545467]  ? print_usage_bug+0xc0/0xc0
[ 2374.549546]  ? print_usage_bug+0xc0/0xc0
[ 2374.549565]  ? zap_class+0x640/0x640
[ 2374.549584]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2374.549599]  ? futex_wake+0x304/0x760
[ 2374.549629]  ? find_held_lock+0x36/0x1c0
[ 2374.566308]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2374.574955]  ? lock_downgrade+0x900/0x900
[ 2374.579125]  ? kasan_check_read+0x11/0x20
[ 2374.579141]  ? do_raw_spin_unlock+0xa7/0x330
[ 2374.579157]  ? do_raw_spin_trylock+0x270/0x270
[ 2374.579176]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2374.579201]  __handle_mm_fault+0x4bbd/0x5be0
[ 2374.597967]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2374.597989]  ? zap_class+0x640/0x640
[ 2374.598004]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2374.598025]  ? kasan_check_read+0x11/0x20
[ 2374.620049]  ? rcu_softirq_qs+0x20/0x20
[ 2374.624053]  ? zap_class+0x640/0x640
[ 2374.627782]  ? zap_class+0x640/0x640
[ 2374.631514]  ? find_held_lock+0x36/0x1c0
[ 2374.635599]  ? handle_mm_fault+0x42a/0xc70
[ 2374.639846]  ? lock_downgrade+0x900/0x900
[ 2374.644015]  ? check_preemption_disabled+0x48/0x280
[ 2374.649050]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2374.653991]  ? kasan_check_read+0x11/0x20
[ 2374.654010]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2374.663421]  ? rcu_softirq_qs+0x20/0x20
[ 2374.663438]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2374.663457]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2374.663478]  ? check_preemption_disabled+0x48/0x280
[ 2374.683087]  handle_mm_fault+0x54f/0xc70
[ 2374.687168]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2374.691772]  ? find_vma+0x34/0x190
[ 2374.695357]  __do_page_fault+0x5e8/0xe60
[ 2374.699433]  ? trace_hardirqs_off+0xb8/0x310
[ 2374.703887]  do_page_fault+0xf2/0x7e0
[ 2374.707705]  ? vmalloc_sync_all+0x30/0x30
[ 2374.711872]  ? error_entry+0x70/0xd0
[ 2374.715668]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2374.720731]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2374.725687]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2374.730635]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2374.735501]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2374.740542]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2374.746010]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2374.751043]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2374.756075]  ? page_fault+0x8/0x30
08:15:52 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x8906000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:52 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x400000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:52 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$binfmt_script(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f6365632300205c202f6465762f6365632300202576626f786e657430303a2e7b7472757374656473656c696e75786b657972696e670a1514e30c03497ae0c5c78b2ba8a1818e964c58dbf832467db7734d5683cae887889c8f4b9b3e5843e7600c7de68f2e58c7e9ee921b85886ea7da91ea2e286be60cb6371f52bc62327a996f34cf7cd08736045db0760938e867683086f3a74dce59028fe425ff6f9327643864912b4c4555a730704c69c0d9a21a52e36c36303bdba5dd8e8731fbd28b3f0553166aa2d483d65a89eea636023e118c152688e41e4f960f7be805f3384a8035de9781864e0000000000000000000000000000"], 0x104)
select(0x40, &(0x7f0000000240)={0x8, 0x5, 0x3f, 0x6, 0x40, 0x0, 0x40, 0x1}, &(0x7f0000000280)={0x0, 0x0, 0x200, 0x3, 0x0, 0x40, 0x2, 0x9}, &(0x7f00000002c0)={0x8, 0x3, 0x4, 0x8, 0xa5, 0x7, 0x8000, 0x9}, &(0x7f0000000300)={0x0, 0x2710})
openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x440100, 0x0)
fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f00000000c0))
close(r2)
dup3(0xffffffffffffff9c, r1, 0x80000)
ioctl$KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000340)={0x3, 0x0, [{}, {}, {}]})

08:15:52 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f00000002c0))
getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
close(r1)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={0xffffffffffffff9c, 0x10, &(0x7f0000000180)={&(0x7f00000000c0)=""/140, 0x8c, <r2=>0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=r2, 0x4)

[ 2374.759630]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2374.764485]  ? page_fault+0x8/0x30
[ 2374.768036]  page_fault+0x1e/0x30
[ 2374.771496] RIP: 0033:0x4510a0
[ 2374.774704] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2374.782624] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2374.793624] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
08:15:52 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:52 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
write$binfmt_aout(r0, &(0x7f0000000140)={{0x10f, 0xfe13, 0x80, 0x398, 0x3cd, 0x9, 0x67, 0x2}, "5acd0c644882d39d294e8b5f6ff7488d931da57c5d7de2c86ee4042d8e2a07cee76751e970b8fc44a6acc9775bac17a77595fd9b3d7c815aad2c55970ac71624803a181fb5122d0297fec5b013fa9d42fc787f772499b7ebe909b385f7fa4771c81e28773c2f0eb5d075202d3ee5c4f5ad2aac49fb46d7f26fc250bbf374d1580aa612d9935dbd1c85b48efaeb2d0a1efec4ae5bcfdb5e1f434c91364afba468fb263a94deaa58c37a76caaf5953b1", [[], [], [], [], [], [], [], [], [], []]}, 0xacf)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x5, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = dup(r0)
ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:15:52 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x300000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:52 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=<r1=>0x0)
syz_open_procfs(r1, &(0x7f0000000100)='net/if_inet6\x00')
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = dup2(r0, r2)
setsockopt$inet_tcp_TLS_RX(r3, 0x6, 0x2, &(0x7f0000000040), 0x4)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10)
r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r4)

08:15:52 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0xfffffffffffffe57, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa862, 0x401}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2374.793637] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2374.793647] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2374.793657] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2374.793666] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2374.793676] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2374.941138] CPU: 0 PID: 21096 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2374.948543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2374.957903] Call Trace:
[ 2374.960513]  dump_stack+0x244/0x39d
[ 2374.964181]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2374.969406]  handle_userfault.cold.32+0x47/0x62
[ 2374.974101]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2374.978701]  ? mark_held_locks+0x130/0x130
[ 2374.982949]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2374.987985]  ? futex_wait_setup+0x266/0x3e0
[ 2374.992353]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2374.997560]  ? userfaultfd_ctx_put+0x830/0x830
[ 2375.002154]  ? futex_wait+0x5a1/0xa50
[ 2375.005974]  ? print_usage_bug+0xc0/0xc0
[ 2375.010061]  ? print_usage_bug+0xc0/0xc0
[ 2375.014146]  ? print_usage_bug+0xc0/0xc0
[ 2375.018225]  ? zap_class+0x640/0x640
[ 2375.021958]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2375.027074]  ? futex_wake+0x304/0x760
[ 2375.030932]  ? find_held_lock+0x36/0x1c0
[ 2375.035019]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2375.039616]  ? lock_downgrade+0x900/0x900
[ 2375.043789]  ? kasan_check_read+0x11/0x20
[ 2375.047958]  ? do_raw_spin_unlock+0xa7/0x330
[ 2375.052386]  ? do_raw_spin_trylock+0x270/0x270
[ 2375.056988]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2375.062642]  __handle_mm_fault+0x4bbd/0x5be0
[ 2375.067116]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2375.071984]  ? zap_class+0x640/0x640
[ 2375.071998]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2375.072014]  ? kasan_check_read+0x11/0x20
[ 2375.072031]  ? rcu_softirq_qs+0x20/0x20
[ 2375.088822]  ? zap_class+0x640/0x640
[ 2375.092552]  ? zap_class+0x640/0x640
[ 2375.096287]  ? find_held_lock+0x36/0x1c0
[ 2375.100392]  ? handle_mm_fault+0x42a/0xc70
[ 2375.104642]  ? lock_downgrade+0x900/0x900
[ 2375.108805]  ? check_preemption_disabled+0x48/0x280
[ 2375.113838]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2375.118787]  ? kasan_check_read+0x11/0x20
[ 2375.122950]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2375.128239]  ? rcu_softirq_qs+0x20/0x20
[ 2375.132231]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2375.137367]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2375.142923]  ? check_preemption_disabled+0x48/0x280
[ 2375.147967]  handle_mm_fault+0x54f/0xc70
[ 2375.152050]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2375.156650]  ? find_vma+0x34/0x190
[ 2375.160209]  __do_page_fault+0x5e8/0xe60
[ 2375.164281]  ? trace_hardirqs_off+0xb8/0x310
[ 2375.168715]  do_page_fault+0xf2/0x7e0
[ 2375.172531]  ? vmalloc_sync_all+0x30/0x30
[ 2375.176694]  ? error_entry+0x70/0xd0
[ 2375.180424]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2375.185455]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2375.190414]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2375.195370]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2375.200232]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2375.205261]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2375.210724]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2375.215760]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2375.220790]  ? page_fault+0x8/0x30
[ 2375.224362]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2375.229225]  ? page_fault+0x8/0x30
[ 2375.233219]  page_fault+0x1e/0x30
[ 2375.233232] RIP: 0033:0x4510a0
08:15:52 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x88a8ffff, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:52 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0xf000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:52 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x8, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:15:52 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x5c00, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2375.233249] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2375.233262] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2375.259612] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2375.259623] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2375.259632] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2375.259641] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2375.259657] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2375.303989] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2375.316864] CPU: 0 PID: 21116 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2375.324250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2375.333609] Call Trace:
[ 2375.333636]  dump_stack+0x244/0x39d
08:15:53 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x900000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:53 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x800000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:53 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
ioctl$KVM_GET_XSAVE(r1, 0x9000aea4, &(0x7f0000000140))
r2 = msgget$private(0x0, 0x0)
msgrcv(r2, &(0x7f0000000000), 0x8, 0x3, 0x2000)
ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f0000000540)={0x0, {0x1, 0x101}})
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
fstat(r0, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
stat(&(0x7f0000000e40)='./file0\x00', &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getresuid(&(0x7f0000000f00)=<r5=>0x0, &(0x7f0000000f40), &(0x7f0000000f80))
syz_mount_image$ext4(&(0x7f0000000580)='ext2\x00', &(0x7f00000005c0)='./file0\x00', 0xfbb4, 0xa, &(0x7f0000000cc0)=[{&(0x7f0000000600)="21a5bb7c1058fd538565925c23140bc5d624e1df18c98c0dbfe9c80049080938f3c781446c083c6e39c1becc33b5ebc9048be1ea55cd4c8bbac250f65851c35d9737501663f2bd15284ff637335998450a2d1a4f5b5b4ee88719bce39f3ff0e71a6b1c99e35c669d70b5ab93ecb190ab7679d38dd6d533cac461dded14949bc456ecca", 0x83, 0x7}, {&(0x7f00000006c0)="932750ecdda8e647373f8ff12ba17a3a82c82b445380f53e622bf63337446753312e1f87b38e8649db5fa4c8e671eda92f1c1239cabd0b29b21c5736a3fc1af4ba5abe8dbb7e24579bd78b60", 0x4c, 0x2}, {&(0x7f0000000740)="d47f687329d5ca3a224f026eb71b551a200da8dc5f2aaa605602ae2323a1d75ab13810e4cd701c47c277f8c3dca0603ed3cb227d5e0f6ad6dd65619b0739308571a06b35cd6c6f73366e096b3dcc90", 0x4f, 0x7}, {&(0x7f00000007c0)="4f2bd45926dff2be0272e07e6225b0a38860ebcbe7c93744aaa484a65b685f4d75979e0bdcca3a7df8ce311f495804ca5c4cd4dbc60d21d1a8cca8f275de14b28e620285ddd99fc3616361d1bde95c3dc83b00817dc60a39cf5cd6e456b7cabe22178dbef742e40ab0ad057ad8941352563e549f86715699a10b78d689caf0e2ca271d6dcb2311abf5a9965162e7dafb70c1fd3e19f5ac1f70111b11df0fc7bc97fbbefe26d36c99f31aa55b125f526ae4887bc9e402a868883747bf055b37e74dcea66d9124f34b2ae2beb0077886", 0xcf, 0x5}, {&(0x7f00000008c0)="77c798a481df4570b5298cbcbc152833afe584211545ad3df6c78733fd32f3f810a9e3e8836a8e00eacb454fc2119bca1edf6508cc5f28dd04fcd30c959fd941cedba49126da1c16432fd51a149a5ed2ba2f7b434d08c80023db5dcd94f190425d96a00ddaf7f56d3ae4e325d8e19ab0d5211ab0d5e1e63d5f581f979f70be9f986bf7174e2ad548cb469396888c3c40160191211f347c8e07e12115d4a2e646381b3e09464b8405af63adb18c3c27a02d3938e1fc5ff0f5e68ac6278dbade81cfa597a63941c8dbbb68d145f5c7027bd29a3404ade067cbd9d4a343186c85", 0xdf, 0x40}, {&(0x7f00000009c0)="9792f9d6b41d431f857194cd8bc7b544bd63de8005ebd4e455226ab1964c365154e5b10039c4841f0f93dad16e3eeb6f23d180c360b82f1ded0aa311dd946905d8cd52e70f548a214abbf8b768ecddb7d6b406689fc47f53e5", 0x59}, {&(0x7f0000000a40)="af5c290f44c2fd", 0x7, 0x10000}, {&(0x7f0000000a80)="607697920d5e3b731a6d4e0f6f85270f8eb13b32f68d977c8d1c12ae452dc3daa9571a93e14cd77c668f48bd0ca7040caf84f3f1c550b15d9bded895b14f86eb53a77f616f557384c0a515c87b9cdbdb7c78c020b16d21c431ea6f288fa489d00baf828d53494872d506e1d4713e05a775edc8ac6b947e453008f978f72a241983a3d1c7728e0d", 0x87, 0x89}, {&(0x7f0000000b40)="fceb30010faf697e1741ef59d1e256acedd04d753b8e9ab9277d0ca31591a627888bfbeed10ee6904acc0003f834114cc4a7af3e52b9303f80a5f6e34d4db22bbacc3fc1878c9cb6e124486ceff3bc6fbd56ceb0f357328ad2f340776e47149e2382acd530e8739e1055b8361eedc2943f02afc085243ac57b49b7350fa77313131d32adbb400e21f73c", 0x8a, 0x3}, {&(0x7f0000000c00)="c2af6d26ee9e415f76a07c3c46178f1ff81a2b2fab6bb7e26f5ca7e5e9ac01dfbc1a93ca071e8c012c04b2b1c893b5c06ebc1ac0420fa2ff04f21e907bc0b6394a0db2b1f4cab7653fc4671efcde6eb331886428031f698c86dcc2bbae9e5dc70c8c396b0a2cea3d4757234e3ff66bad1a2b5e03b3a40e45c4163e65929f13ac11c0d2e856e885bc21883aded691b9599f5d899ddbbcd3", 0x97, 0x10000}], 0x100000, &(0x7f0000000fc0)={[{@nouid32='nouid32'}, {@debug='debug'}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@quota='quota'}, {@noauto_da_alloc='noauto_da_alloc'}, {@resuid={'resuid', 0x3d, r3}}, {@jqfmt_vfsv0='jqfmt=vfsv0'}], [{@euid_lt={'euid<', r4}}, {@seclabel='seclabel'}, {@euid_lt={'euid<', r5}}]})
ioctl$sock_inet_SIOCGIFPFLAGS(r1, 0x8935, &(0x7f00000000c0)={'bcsh0\x00', 0x3})

[ 2375.333669]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2375.339885]  handle_userfault.cold.32+0x47/0x62
[ 2375.349733]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2375.354352]  ? mark_held_locks+0x130/0x130
[ 2375.358647]  ? find_held_lock+0x36/0x1c0
[ 2375.362906]  ? userfaultfd_ctx_put+0x830/0x830
[ 2375.367515]  ? kasan_check_read+0x11/0x20
[ 2375.371702]  ? print_usage_bug+0xc0/0xc0
[ 2375.375782]  ? do_raw_spin_trylock+0x270/0x270
[ 2375.380376]  ? print_usage_bug+0xc0/0xc0
[ 2375.384455]  ? print_usage_bug+0xc0/0xc0
[ 2375.388534]  ? zap_class+0x640/0x640
[ 2375.392268]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2375.397390]  ? futex_wake+0x304/0x760
[ 2375.401220]  ? find_held_lock+0x36/0x1c0
[ 2375.405305]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2375.409918]  ? lock_downgrade+0x900/0x900
[ 2375.414087]  ? kasan_check_read+0x11/0x20
[ 2375.418256]  ? do_raw_spin_unlock+0xa7/0x330
[ 2375.422680]  ? do_raw_spin_trylock+0x270/0x270
[ 2375.427288]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2375.432956]  __handle_mm_fault+0x4bbd/0x5be0
[ 2375.437387]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2375.437408]  ? zap_class+0x640/0x640
[ 2375.437423]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2375.437438]  ? kasan_check_read+0x11/0x20
[ 2375.437456]  ? rcu_softirq_qs+0x20/0x20
[ 2375.446034]  ? zap_class+0x640/0x640
[ 2375.446050]  ? zap_class+0x640/0x640
[ 2375.446072]  ? find_held_lock+0x36/0x1c0
[ 2375.446097]  ? handle_mm_fault+0x42a/0xc70
[ 2375.474873]  ? lock_downgrade+0x900/0x900
[ 2375.475678] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2375.479054]  ? check_preemption_disabled+0x48/0x280
[ 2375.479075]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2375.479090]  ? kasan_check_read+0x11/0x20
[ 2375.479125]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2375.502987]  ? rcu_softirq_qs+0x20/0x20
[ 2375.506984]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2375.512103]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2375.517653]  ? check_preemption_disabled+0x48/0x280
[ 2375.522690]  handle_mm_fault+0x54f/0xc70
[ 2375.526764]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2375.531388]  ? find_vma+0x34/0x190
[ 2375.534947]  __do_page_fault+0x5e8/0xe60
[ 2375.539020]  ? trace_hardirqs_off+0xb8/0x310
[ 2375.543454]  do_page_fault+0xf2/0x7e0
[ 2375.547271]  ? vmalloc_sync_all+0x30/0x30
[ 2375.551429]  ? error_entry+0x70/0xd0
[ 2375.555156]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2375.560186]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2375.565127]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2375.570071]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2375.574928]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2375.579967]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2375.585427]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2375.590462]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2375.595486]  ? page_fault+0x8/0x30
[ 2375.599051]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2375.603914]  ? page_fault+0x8/0x30
[ 2375.607469]  page_fault+0x1e/0x30
[ 2375.610926] RIP: 0033:0x4510a0
[ 2375.614133] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2375.633043] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2375.638415] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2375.645695] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2375.652974] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2375.660247] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2375.667526] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2375.674838] CPU: 1 PID: 21144 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2375.682227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2375.691591] Call Trace:
[ 2375.694196]  dump_stack+0x244/0x39d
[ 2375.694219]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2375.694246]  handle_userfault.cold.32+0x47/0x62
[ 2375.703063]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2375.703082]  ? mark_held_locks+0x130/0x130
[ 2375.703103]  ? find_held_lock+0x36/0x1c0
[ 2375.703130]  ? userfaultfd_ctx_put+0x830/0x830
[ 2375.725232]  ? kasan_check_read+0x11/0x20
[ 2375.729393]  ? print_usage_bug+0xc0/0xc0
[ 2375.733446]  ? do_raw_spin_trylock+0x270/0x270
[ 2375.738018]  ? print_usage_bug+0xc0/0xc0
[ 2375.742071]  ? print_usage_bug+0xc0/0xc0
[ 2375.746133]  ? zap_class+0x640/0x640
[ 2375.749850]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2375.754943]  ? futex_wake+0x304/0x760
[ 2375.758740]  ? find_held_lock+0x36/0x1c0
[ 2375.762799]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2375.767414]  ? lock_downgrade+0x900/0x900
[ 2375.771584]  ? kasan_check_read+0x11/0x20
[ 2375.775721]  ? do_raw_spin_unlock+0xa7/0x330
[ 2375.780155]  ? do_raw_spin_trylock+0x270/0x270
[ 2375.784727]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2375.790354]  __handle_mm_fault+0x4bbd/0x5be0
[ 2375.794762]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2375.799593]  ? zap_class+0x640/0x640
[ 2375.803295]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2375.808221]  ? kasan_check_read+0x11/0x20
[ 2375.812360]  ? rcu_softirq_qs+0x20/0x20
[ 2375.816339]  ? zap_class+0x640/0x640
[ 2375.820055]  ? zap_class+0x640/0x640
[ 2375.823771]  ? find_held_lock+0x36/0x1c0
[ 2375.827845]  ? handle_mm_fault+0x42a/0xc70
[ 2375.832088]  ? lock_downgrade+0x900/0x900
[ 2375.836247]  ? check_preemption_disabled+0x48/0x280
[ 2375.841268]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2375.846199]  ? kasan_check_read+0x11/0x20
[ 2375.850353]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2375.855621]  ? rcu_softirq_qs+0x20/0x20
[ 2375.859589]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2375.864685]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2375.870210]  ? check_preemption_disabled+0x48/0x280
[ 2375.875219]  handle_mm_fault+0x54f/0xc70
[ 2375.879283]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2375.883882]  ? find_vma+0x34/0x190
[ 2375.887418]  __do_page_fault+0x5e8/0xe60
[ 2375.891469]  ? trace_hardirqs_off+0xb8/0x310
[ 2375.895871]  do_page_fault+0xf2/0x7e0
[ 2375.899665]  ? vmalloc_sync_all+0x30/0x30
[ 2375.903802]  ? error_entry+0x70/0xd0
[ 2375.907505]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2375.912508]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2375.917451]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2375.922386]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2375.927218]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2375.932222]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2375.937672]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2375.942678]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2375.947701]  ? page_fault+0x8/0x30
[ 2375.951242]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2375.956106]  ? page_fault+0x8/0x30
[ 2375.959639]  page_fault+0x1e/0x30
[ 2375.963081] RIP: 0033:0x4510a0
[ 2375.966265] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2375.985155] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
08:15:53 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#H', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:53 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x400000, 0x0)

08:15:53 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x80, 0x0, 0x2000000000000, 0x0, 0x0, 0x4, 0x40000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

08:15:53 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x400000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:53 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x5000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2375.990503] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2375.997759] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2376.005015] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2376.012275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2376.019532] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:15:53 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x7, &(0x7f0000000180)="cfbb022f0bb9f2903a2abf03fee500")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:15:53 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x43050000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:54 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={<r2=>r0})
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x4e20, @rand_addr=0x9}, @in={0x2, 0x4e24, @local}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e20, @empty}], 0x40)

08:15:54 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0xa000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:54 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:15:54 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x189000, 0x0)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000080)=0xe7, 0x2)
fcntl$setsig(r0, 0xa, 0x26)
close(r1)

08:15:54 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
io_setup(0x100000000, &(0x7f0000000000)=<r1=>0x0)
io_pgetevents(r1, 0x6, 0x7, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000040), &(0x7f0000000240)={&(0x7f00000000c0)={0x4}, 0x8})
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:15:54 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:54 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x81000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:54 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6800000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:54 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x6e, 0x400000)
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000080)={0x7, 0x0, 0x3, 0x8, <r3=>0x0}, &(0x7f00000000c0)=0x10)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000140)={'nat\x00'}, &(0x7f00000001c0)=0x54)
ioctl$KVM_PPC_GET_PVINFO(r2, 0x4080aea1, &(0x7f00000003c0)=""/218)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000100)={r3, 0x100000001, 0x7fffffff, 0x100, 0xbe, 0xffffffff}, 0x14)
ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205649, &(0x7f0000000540)={0x9d0000, 0x625, 0x1, [], &(0x7f0000000500)={0xbf093f, 0xba8d, [], @p_u8=&(0x7f00000004c0)=0xa2}})
close(r1)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000280)={{{@in=@loopback, @in=@broadcast}}, {{}, 0x0, @in=@broadcast}}, &(0x7f0000000380)=0xe8)
openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/attr/current\x00', 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000240)=0xce9, 0x4)

08:15:54 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000080)={0x3, 0xffffffffffffff9c})
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {&(0x7f0000000100)={<r3=>0xffffffffffffffff}, 0x2, {0xa, 0x4e22, 0x6, @ipv4={[], [], @remote}, 0x2}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f00000000c0), r3}}, 0x18)
close(r2)

08:15:54 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x4000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:54 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:54 executing program 1:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x80, 0x0)
ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000180))
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000280)={0x2, 0x20, [{0x95, 0x0, 0x1}, {0x8, 0x0, 0xff}]})
close(r1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10000, 0x80)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000080)={<r3=>0x0, 0x80000, 0xffffffffffffff9c})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
r5 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x0, 0x204000)
ioctl$BLKRESETZONE(r5, 0x40101283, &(0x7f0000000100)={0x4, 0x1ff})
sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={<r7=>0x0, <r8=>0x0, <r9=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f00000001c0)='./file0\x00', r8, r9)
lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000940)={{}, {}, [{}], {}, [{0x8, 0x2, r9}, {0x8, 0x2, r9}, {0x8, 0x0, r9}, {0x8, 0x2, r9}, {0x8, 0x4, r9}], {0x10, 0x2}, {0x20, 0x1}}, 0x54, 0x1)
chdir(&(0x7f0000000540)='./file0\x00')
symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f00000007c0)='./file0\x00')
r10 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x101001, 0x0)
perf_event_open(&(0x7f0000000380)={0x3, 0x70, 0xffffffffffffffe0, 0x1, 0x7ff, 0x29bc61e, 0x0, 0x6481c43d, 0xa000, 0x2, 0x0, 0x8, 0x401, 0xb35, 0xfff, 0x100000001, 0xffffffff, 0x8, 0xfffffffffffffff9, 0x6, 0x9, 0x9, 0x8a, 0x2, 0xd73a, 0x382, 0x39cf, 0x0, 0x8001, 0x1, 0x10001, 0x7, 0x7fff, 0x400, 0x4, 0x1, 0xff, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x61}, 0x8100, 0x1, 0xbd, 0x7, 0x2, 0x6, 0x8000}, r7, 0x0, r10, 0xb)
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f00000008c0), 0xffffffffffffffff)
lstat(&(0x7f0000000600)='./file0/file0\x00', &(0x7f0000000680))
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r10, 0x84, 0x12, &(0x7f0000000240), &(0x7f0000000440)=0x4)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r3, 0x80000, r4})

08:15:54 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x7a00000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:54 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x500, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:54 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$VIDIOC_CROPCAP(r1, 0xc02c563a, &(0x7f0000000040)={0xb, {0x1, 0x1, 0x10001}, {0x400, 0x7fff, 0x9, 0x2}, {0x6, 0x3ff}})

08:15:54 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:54 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x8, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:54 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x2000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:54 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x4200, 0x0)
write$vnet(r1, &(0x7f0000000240)={0x1, {&(0x7f0000000080)=""/163, 0xa3, &(0x7f0000000200)=""/54, 0x3, 0x2}}, 0xfffffffffffffda1)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

08:15:54 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x700000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2376.894765] handle_userfault: 8 callbacks suppressed
[ 2376.894774] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2376.897238] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2376.900623] CPU: 0 PID: 21254 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2376.916305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2376.925678] Call Trace:
[ 2376.928286]  dump_stack+0x244/0x39d
[ 2376.931949]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2376.931978]  handle_userfault.cold.32+0x47/0x62
[ 2376.932005]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2376.941848]  ? mark_held_locks+0x130/0x130
[ 2376.941866]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2376.941887]  ? futex_wait_setup+0x266/0x3e0
[ 2376.965840]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2376.971054]  ? userfaultfd_ctx_put+0x830/0x830
[ 2376.975659]  ? futex_wait+0x5a1/0xa50
[ 2376.979488]  ? print_usage_bug+0xc0/0xc0
[ 2376.983566]  ? print_usage_bug+0xc0/0xc0
[ 2376.987640]  ? print_usage_bug+0xc0/0xc0
[ 2376.991715]  ? zap_class+0x640/0x640
[ 2376.995443]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2377.000553]  ? futex_wake+0x304/0x760
[ 2377.004385]  ? find_held_lock+0x36/0x1c0
[ 2377.008473]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2377.013067]  ? lock_downgrade+0x900/0x900
[ 2377.017300]  ? kasan_check_read+0x11/0x20
[ 2377.021569]  ? do_raw_spin_unlock+0xa7/0x330
[ 2377.025990]  ? do_raw_spin_trylock+0x270/0x270
[ 2377.030585]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2377.036231]  __handle_mm_fault+0x4bbd/0x5be0
[ 2377.040659]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2377.045513]  ? zap_class+0x640/0x640
[ 2377.049232]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2377.054171]  ? kasan_check_read+0x11/0x20
[ 2377.058353]  ? rcu_softirq_qs+0x20/0x20
[ 2377.062367]  ? zap_class+0x640/0x640
[ 2377.066091]  ? zap_class+0x640/0x640
[ 2377.069821]  ? find_held_lock+0x36/0x1c0
[ 2377.073905]  ? handle_mm_fault+0x42a/0xc70
[ 2377.078152]  ? lock_downgrade+0x900/0x900
[ 2377.082311]  ? check_preemption_disabled+0x48/0x280
[ 2377.087363]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2377.092311]  ? kasan_check_read+0x11/0x20
[ 2377.096480]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2377.101784]  ? rcu_softirq_qs+0x20/0x20
[ 2377.105772]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2377.110890]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2377.116441]  ? check_preemption_disabled+0x48/0x280
[ 2377.121479]  handle_mm_fault+0x54f/0xc70
[ 2377.125556]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2377.130154]  ? find_vma+0x34/0x190
[ 2377.133710]  __do_page_fault+0x5e8/0xe60
[ 2377.137780]  ? trace_hardirqs_off+0xb8/0x310
[ 2377.142205]  do_page_fault+0xf2/0x7e0
[ 2377.146016]  ? vmalloc_sync_all+0x30/0x30
[ 2377.150180]  ? error_entry+0x70/0xd0
[ 2377.153907]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2377.158929]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2377.163870]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2377.168806]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2377.173656]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2377.178679]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2377.184137]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2377.189162]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2377.194187]  ? page_fault+0x8/0x30
[ 2377.197739]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2377.202595]  ? page_fault+0x8/0x30
[ 2377.206148]  page_fault+0x1e/0x30
[ 2377.209610] RIP: 0033:0x4510a0
[ 2377.212811] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2377.232180] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2377.237547] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2377.244819] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2377.252096] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2377.259374] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2377.266648] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2377.273949] CPU: 1 PID: 21255 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2377.281339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2377.290699] Call Trace:
[ 2377.293309]  dump_stack+0x244/0x39d
[ 2377.296969]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2377.302192]  handle_userfault.cold.32+0x47/0x62
[ 2377.306894]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2377.311494]  ? mark_held_locks+0x130/0x130
[ 2377.315747]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2377.320791]  ? futex_wait_setup+0x266/0x3e0
[ 2377.325137]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2377.325158]  ? userfaultfd_ctx_put+0x830/0x830
[ 2377.325173]  ? futex_wait+0x5a1/0xa50
[ 2377.325196]  ? print_usage_bug+0xc0/0xc0
[ 2377.334963]  ? print_usage_bug+0xc0/0xc0
[ 2377.334984]  ? print_usage_bug+0xc0/0xc0
[ 2377.335002]  ? zap_class+0x640/0x640
[ 2377.335020]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2377.335036]  ? futex_wake+0x304/0x760
[ 2377.335064]  ? find_held_lock+0x36/0x1c0
[ 2377.335092]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2377.335111]  ? lock_downgrade+0x900/0x900
[ 2377.351082]  ? kasan_check_read+0x11/0x20
[ 2377.359882]  ? do_raw_spin_unlock+0xa7/0x330
[ 2377.359899]  ? do_raw_spin_trylock+0x270/0x270
[ 2377.359919]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2377.359950]  __handle_mm_fault+0x4bbd/0x5be0
[ 2377.391977] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2377.395424]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2377.395446]  ? zap_class+0x640/0x640
[ 2377.395460]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2377.395481]  ? kasan_check_read+0x11/0x20
[ 2377.421996]  ? rcu_softirq_qs+0x20/0x20
[ 2377.425992]  ? zap_class+0x640/0x640
[ 2377.429713]  ? zap_class+0x640/0x640
[ 2377.433457]  ? find_held_lock+0x36/0x1c0
[ 2377.437539]  ? handle_mm_fault+0x42a/0xc70
[ 2377.441785]  ? lock_downgrade+0x900/0x900
[ 2377.445953]  ? check_preemption_disabled+0x48/0x280
[ 2377.450986]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2377.455929]  ? kasan_check_read+0x11/0x20
[ 2377.460092]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2377.465386]  ? rcu_softirq_qs+0x20/0x20
[ 2377.469371]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2377.474486]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2377.480034]  ? check_preemption_disabled+0x48/0x280
[ 2377.485071]  handle_mm_fault+0x54f/0xc70
[ 2377.489148]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2377.493757]  ? find_vma+0x34/0x190
[ 2377.497312]  __do_page_fault+0x5e8/0xe60
[ 2377.501393]  ? trace_hardirqs_off+0xb8/0x310
[ 2377.505821]  do_page_fault+0xf2/0x7e0
[ 2377.509641]  ? vmalloc_sync_all+0x30/0x30
[ 2377.513800]  ? error_entry+0x70/0xd0
[ 2377.517548]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2377.522574]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2377.527514]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2377.532452]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2377.537306]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2377.542352]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2377.547815]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2377.552863]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2377.557892]  ? page_fault+0x8/0x30
[ 2377.561449]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2377.566305]  ? page_fault+0x8/0x30
[ 2377.569879]  page_fault+0x1e/0x30
[ 2377.573349] RIP: 0033:0x4510a0
[ 2377.576559] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2377.595476] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2377.600863] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2377.608138] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2377.615420] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2377.622699] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2377.629981] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2377.637286] CPU: 0 PID: 21264 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2377.644694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2377.654053] Call Trace:
[ 2377.656654]  dump_stack+0x244/0x39d
[ 2377.660301]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2377.665524]  handle_userfault.cold.32+0x47/0x62
[ 2377.670188]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2377.674758]  ? mark_held_locks+0x130/0x130
[ 2377.678981]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2377.684016]  ? futex_wait_setup+0x266/0x3e0
[ 2377.688341]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2377.693524]  ? userfaultfd_ctx_put+0x830/0x830
[ 2377.698089]  ? futex_wait+0x5a1/0xa50
[ 2377.701894]  ? print_usage_bug+0xc0/0xc0
[ 2377.705941]  ? print_usage_bug+0xc0/0xc0
[ 2377.709993]  ? print_usage_bug+0xc0/0xc0
[ 2377.714043]  ? zap_class+0x640/0x640
[ 2377.717746]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2377.722839]  ? futex_wake+0x304/0x760
[ 2377.726664]  ? find_held_lock+0x36/0x1c0
[ 2377.730720]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2377.735290]  ? lock_downgrade+0x900/0x900
[ 2377.739432]  ? kasan_check_read+0x11/0x20
[ 2377.743568]  ? do_raw_spin_unlock+0xa7/0x330
[ 2377.747965]  ? do_raw_spin_trylock+0x270/0x270
[ 2377.752540]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2377.758158]  __handle_mm_fault+0x4bbd/0x5be0
[ 2377.762559]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2377.767388]  ? zap_class+0x640/0x640
[ 2377.771085]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2377.776000]  ? kasan_check_read+0x11/0x20
[ 2377.780136]  ? rcu_softirq_qs+0x20/0x20
[ 2377.784104]  ? zap_class+0x640/0x640
[ 2377.787805]  ? zap_class+0x640/0x640
[ 2377.791506]  ? find_held_lock+0x36/0x1c0
[ 2377.795558]  ? handle_mm_fault+0x42a/0xc70
[ 2377.799779]  ? lock_downgrade+0x900/0x900
[ 2377.803917]  ? check_preemption_disabled+0x48/0x280
[ 2377.808918]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2377.813836]  ? kasan_check_read+0x11/0x20
[ 2377.817988]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2377.823253]  ? rcu_softirq_qs+0x20/0x20
[ 2377.827233]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2377.832339]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2377.837868]  ? check_preemption_disabled+0x48/0x280
[ 2377.843060]  handle_mm_fault+0x54f/0xc70
[ 2377.847110]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2377.851694]  ? find_vma+0x34/0x190
[ 2377.855225]  __do_page_fault+0x5e8/0xe60
[ 2377.859352]  ? trace_hardirqs_off+0xb8/0x310
[ 2377.863757]  do_page_fault+0xf2/0x7e0
[ 2377.867546]  ? vmalloc_sync_all+0x30/0x30
[ 2377.871680]  ? error_entry+0x70/0xd0
[ 2377.875381]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2377.880384]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2377.885301]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2377.890225]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2377.895069]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2377.900072]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2377.905509]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2377.910513]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[ 2377.917165]  ? __switch_to_asm+0x40/0x70
[ 2377.921216]  ? page_fault+0x8/0x30
[ 2377.924747]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2377.929576]  ? page_fault+0x8/0x30
[ 2377.933103]  page_fault+0x1e/0x30
[ 2377.936540] RIP: 0033:0x4510a0
[ 2377.939722] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2377.958621] RSP: 002b:00007efdea14d7a8 EFLAGS: 00010202
[ 2377.963969] RAX: 00007efdea14d850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2377.971223] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea14d850
[ 2377.978475] RBP: 000000000072bfa0 R08: 00000000000003ff R09: 0000000000000000
[ 2377.985729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea14e6d4
[ 2377.992986] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:15:55 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:15:55 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x1, 0x0)
getsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:15:55 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x5c000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:55 executing program 1:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x80440)
name_to_handle_at(r0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="9b00000033a50000a8e2240fc77a072cfb22e6fb62c90deef74ef2840f1809185cd3ba07e4bc315cf543d501e39a8211ef77e73668ccb83c8e7831cabda55f464aebe8976a432435e4ae377e144118d421054489d83802fcf99f37eabae530bd086a48456fc55a7dc8c62c37fcec759b6226df8d7cfb9126ea173728fd5edf84ecf80f71a82c83419d0deb99b36ce62c98f6000000000000000000"], &(0x7f0000000180), 0x400)
ioctl$KDGETLED(r0, 0x4b31, &(0x7f00000001c0))
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:15:55 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)="2f6465762f696e7075742f6576656e742306", 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:55 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6c000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:55 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x4000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:55 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x2000000000009, &(0x7f0000000140)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x4e21, @remote}], 0x10)
close(r1)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000000c0))
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x1, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x4, 0xffffffff})

[ 2378.154344] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2378.156680] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2378.158910] CPU: 0 PID: 21285 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2378.158921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2378.158934] Call Trace:
[ 2378.182734]  dump_stack+0x244/0x39d
[ 2378.186382]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2378.191600]  handle_userfault.cold.32+0x47/0x62
[ 2378.196295]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2378.200911]  ? mark_held_locks+0x130/0x130
[ 2378.205163]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2378.210192]  ? futex_wait_setup+0x266/0x3e0
[ 2378.214542]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2378.219751]  ? userfaultfd_ctx_put+0x830/0x830
[ 2378.224367]  ? futex_wait+0x5a1/0xa50
[ 2378.228193]  ? print_usage_bug+0xc0/0xc0
[ 2378.232268]  ? print_usage_bug+0xc0/0xc0
[ 2378.236367]  ? print_usage_bug+0xc0/0xc0
[ 2378.240445]  ? zap_class+0x640/0x640
[ 2378.244171]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2378.249283]  ? futex_wake+0x304/0x760
[ 2378.253106]  ? find_held_lock+0x36/0x1c0
[ 2378.257195]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2378.261790]  ? lock_downgrade+0x900/0x900
[ 2378.265963]  ? kasan_check_read+0x11/0x20
[ 2378.270131]  ? do_raw_spin_unlock+0xa7/0x330
[ 2378.274557]  ? do_raw_spin_trylock+0x270/0x270
[ 2378.279156]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2378.284801]  __handle_mm_fault+0x4bbd/0x5be0
[ 2378.289231]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2378.294092]  ? zap_class+0x640/0x640
[ 2378.297819]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2378.302758]  ? kasan_check_read+0x11/0x20
[ 2378.306919]  ? rcu_softirq_qs+0x20/0x20
[ 2378.310915]  ? zap_class+0x640/0x640
[ 2378.314646]  ? zap_class+0x640/0x640
[ 2378.318387]  ? find_held_lock+0x36/0x1c0
[ 2378.322471]  ? handle_mm_fault+0x42a/0xc70
[ 2378.326725]  ? lock_downgrade+0x900/0x900
[ 2378.330886]  ? check_preemption_disabled+0x48/0x280
[ 2378.335922]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2378.340868]  ? kasan_check_read+0x11/0x20
[ 2378.345024]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2378.350319]  ? rcu_softirq_qs+0x20/0x20
[ 2378.354332]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2378.359463]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2378.365013]  ? check_preemption_disabled+0x48/0x280
[ 2378.370046]  handle_mm_fault+0x54f/0xc70
[ 2378.374125]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2378.378723]  ? find_vma+0x34/0x190
[ 2378.382277]  __do_page_fault+0x5e8/0xe60
[ 2378.386362]  ? trace_hardirqs_off+0xb8/0x310
[ 2378.390796]  do_page_fault+0xf2/0x7e0
[ 2378.394615]  ? vmalloc_sync_all+0x30/0x30
[ 2378.398773]  ? error_entry+0x70/0xd0
[ 2378.402499]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2378.407533]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2378.412473]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2378.417411]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2378.422270]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2378.427303]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2378.432786]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2378.437818]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2378.442847]  ? page_fault+0x8/0x30
[ 2378.446403]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2378.451262]  ? page_fault+0x8/0x30
[ 2378.454818]  page_fault+0x1e/0x30
[ 2378.458278] RIP: 0033:0x4510a0
[ 2378.461488] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2378.480400] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2378.485769] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2378.493045] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2378.500340] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2378.507622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2378.514901] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2378.522239] CPU: 1 PID: 21287 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2378.529630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2378.529641] Call Trace:
[ 2378.541591]  dump_stack+0x244/0x39d
[ 2378.545240]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2378.550458]  handle_userfault.cold.32+0x47/0x62
[ 2378.555152]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2378.559757]  ? mark_held_locks+0x130/0x130
[ 2378.564005]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2378.564021]  ? futex_wait_setup+0x266/0x3e0
[ 2378.564049]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2378.564068]  ? userfaultfd_ctx_put+0x830/0x830
[ 2378.573404]  ? futex_wait+0x5a1/0xa50
[ 2378.573426]  ? print_usage_bug+0xc0/0xc0
[ 2378.573443]  ? print_usage_bug+0xc0/0xc0
[ 2378.573463]  ? print_usage_bug+0xc0/0xc0
[ 2378.599193]  ? zap_class+0x640/0x640
08:15:56 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:15:56 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.selinux\x00', &(0x7f00000000c0)='u:object_r:app_data_file:s0:c512,c768\x00', 0x26, 0x2)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:15:56 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000040)='y\x00', 0x2, 0x2)
fsetxattr$trusted_overlay_opaque(r0, &(0x7f00000002c0)='trusted.overlay.opaque\x00', &(0x7f0000000300)='y\x00', 0x2, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000500)={{{@in=@multicast2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@loopback}, 0x0, @in6=@dev}}, &(0x7f0000000600)=0xe8)
fsetxattr$system_posix_acl(r1, &(0x7f00000004c0)='system.posix_acl_access\x00', &(0x7f0000000640)={{}, {0x1, 0x4}, [{0x2, 0x4, r2}], {0x4, 0x4}, [], {0x10, 0x4}, {0x20, 0x4}}, 0x2c, 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000340)='/dev/snd/pcmC#D#c\x00', 0x610, 0x1)
ioctl$EVIOCSABS0(r3, 0x401845c0, &(0x7f0000000380)={0x6f887220, 0x6, 0xff, 0xbfe0, 0xf3f6, 0x9})
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000080)={0x5, 0x6, 0x928, 0xfffffffffffffffe, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}]})
llistxattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/180, 0xb4)
ioctl$VIDIOC_CROPCAP(r3, 0xc02c563a, &(0x7f0000000680)={0x0, {0x6, 0x97, 0x4, 0x81}, {0x4, 0x0, 0x8, 0x7}, {0x5, 0x1}})

[ 2378.599211]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2378.599229]  ? futex_wake+0x304/0x760
[ 2378.611862]  ? find_held_lock+0x36/0x1c0
[ 2378.615951]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2378.620558]  ? lock_downgrade+0x900/0x900
[ 2378.624735]  ? kasan_check_read+0x11/0x20
[ 2378.628905]  ? do_raw_spin_unlock+0xa7/0x330
[ 2378.633345]  ? do_raw_spin_trylock+0x270/0x270
[ 2378.637952]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2378.643607]  __handle_mm_fault+0x4bbd/0x5be0
[ 2378.648042]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2378.652906]  ? zap_class+0x640/0x640
[ 2378.656639]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2378.661583]  ? kasan_check_read+0x11/0x20
[ 2378.665747]  ? rcu_softirq_qs+0x20/0x20
[ 2378.669748]  ? zap_class+0x640/0x640
[ 2378.673481]  ? zap_class+0x640/0x640
[ 2378.677218]  ? find_held_lock+0x36/0x1c0
[ 2378.681298]  ? handle_mm_fault+0x42a/0xc70
[ 2378.685553]  ? lock_downgrade+0x900/0x900
[ 2378.689721]  ? check_preemption_disabled+0x48/0x280
[ 2378.694756]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2378.699701]  ? kasan_check_read+0x11/0x20
[ 2378.703872]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2378.709168]  ? rcu_softirq_qs+0x20/0x20
[ 2378.713161]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2378.718277]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2378.723833]  ? check_preemption_disabled+0x48/0x280
[ 2378.728881]  handle_mm_fault+0x54f/0xc70
[ 2378.732956]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2378.737561]  ? find_vma+0x34/0x190
[ 2378.741123]  __do_page_fault+0x5e8/0xe60
[ 2378.745195]  ? trace_hardirqs_off+0xb8/0x310
[ 2378.749625]  do_page_fault+0xf2/0x7e0
08:15:56 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = getpgid(0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/4\x00')
perf_event_open(&(0x7f0000000140)={0x3, 0x70, 0x6, 0x0, 0x100000000, 0x366, 0x0, 0x3, 0x20, 0x8, 0x0, 0x400080, 0x3f, 0x15, 0x1ff, 0x0, 0x7fffffff, 0x3f, 0x6, 0x101, 0x1, 0x100000000, 0x8, 0x100000000, 0x3, 0x4, 0x9, 0x7ff, 0xfffffffffffffff9, 0x5, 0x0, 0x56, 0xffffffff, 0xc8, 0xe7, 0x100000000, 0x791, 0xfffffffffffff9da, 0x0, 0x8f, 0x1, @perf_bp={&(0x7f0000000100)}, 0x2000, 0x1, 0x5, 0x6, 0x9, 0x8, 0x8}, r1, 0x4, r2, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
pipe(&(0x7f0000000280)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_open_procfs(r1, &(0x7f0000000300)='fdinfo/3\x00')
r5 = gettid()
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
sendfile(r3, r4, 0x0, 0x100000080000000)
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_ENDIAN(0x14, 0x0)
r7 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffc, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r8 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x2, 0x2)
connect$vsock_stream(r8, &(0x7f00000000c0)={0x28, 0x0, 0x0, @reserved}, 0x10)
close(r7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000040)='/\x00')

08:15:56 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
getpid()
ioctl(r0, 0x1, &(0x7f0000000240)="0a5c2d023c126285718070")
r1 = open(&(0x7f0000000000)='./file0\x00', 0x140, 0x84)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000002c0)={0x5, 0xd5d0})
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000200)=0x101, &(0x7f0000000280)=0x1)
close(r2)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)
r3 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0xffffffffffff3d38, 0x141001)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000080)=ANY=[@ANYRES32=<r4=>0x0, @ANYBLOB="7d0000003df7ff472fc35bb8b9923a4b4cf6b59f730a63ce3ed841584eea5748588d6f3e2cc10041fd3bc58555567ab793344299ae50d3ee809acc5f40f17b9147733e7fed479d4d13547328b4aff510b39101000000689886d6f0be46e6137b0810c3f4dc08ee0603fc9f1ce5be9626dd6324bbf6abfd537bd212f31e80d106aa"], &(0x7f0000000140)=0x85)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000180)={r4, 0xffff, 0x100000000, 0xf9, 0x6, 0x1}, &(0x7f00000001c0)=0x14)

[ 2378.753444]  ? vmalloc_sync_all+0x30/0x30
[ 2378.757618]  ? error_entry+0x70/0xd0
[ 2378.761360]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2378.766399]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2378.771359]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2378.776302]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2378.781173]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2378.786201]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2378.786222]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2378.796687]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2378.796702]  ? page_fault+0x8/0x30
[ 2378.796721]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2378.796738]  ? page_fault+0x8/0x30
[ 2378.796755]  page_fault+0x1e/0x30
[ 2378.796771] RIP: 0033:0x4510a0
[ 2378.820340] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2378.839252] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2378.844625] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
08:15:56 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:56 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x8100, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2378.851910] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2378.859192] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2378.866476] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2378.873762] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:15:56 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x608, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2378.987848] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2378.999494] CPU: 0 PID: 21323 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2379.006882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2379.016243] Call Trace:
[ 2379.018859]  dump_stack+0x244/0x39d
[ 2379.022522]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2379.027750]  handle_userfault.cold.32+0x47/0x62
[ 2379.032461]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2379.037069]  ? mark_held_locks+0x130/0x130
[ 2379.041357]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2379.046398]  ? futex_wait_setup+0x266/0x3e0
[ 2379.050746]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2379.055956]  ? userfaultfd_ctx_put+0x830/0x830
[ 2379.060551]  ? futex_wait+0x5a1/0xa50
[ 2379.064380]  ? print_usage_bug+0xc0/0xc0
[ 2379.068455]  ? print_usage_bug+0xc0/0xc0
[ 2379.072531]  ? print_usage_bug+0xc0/0xc0
[ 2379.076606]  ? zap_class+0x640/0x640
[ 2379.080353]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2379.085470]  ? futex_wake+0x304/0x760
[ 2379.086610] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2379.089299]  ? find_held_lock+0x36/0x1c0
[ 2379.089343]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2379.089365]  ? lock_downgrade+0x900/0x900
[ 2379.106653]  ? kasan_check_read+0x11/0x20
[ 2379.110820]  ? do_raw_spin_unlock+0xa7/0x330
[ 2379.115243]  ? do_raw_spin_trylock+0x270/0x270
[ 2379.119844]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2379.125492]  __handle_mm_fault+0x4bbd/0x5be0
[ 2379.129921]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2379.134786]  ? zap_class+0x640/0x640
[ 2379.138515]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2379.143463]  ? kasan_check_read+0x11/0x20
[ 2379.147626]  ? rcu_softirq_qs+0x20/0x20
[ 2379.151624]  ? zap_class+0x640/0x640
[ 2379.155367]  ? zap_class+0x640/0x640
[ 2379.159102]  ? find_held_lock+0x36/0x1c0
[ 2379.163188]  ? handle_mm_fault+0x42a/0xc70
[ 2379.167440]  ? lock_downgrade+0x900/0x900
[ 2379.171606]  ? check_preemption_disabled+0x48/0x280
[ 2379.176645]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2379.181590]  ? kasan_check_read+0x11/0x20
[ 2379.185753]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2379.191050]  ? rcu_softirq_qs+0x20/0x20
[ 2379.195039]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2379.200164]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2379.205723]  ? check_preemption_disabled+0x48/0x280
[ 2379.210764]  handle_mm_fault+0x54f/0xc70
[ 2379.214841]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2379.219443]  ? find_vma+0x34/0x190
[ 2379.222999]  __do_page_fault+0x5e8/0xe60
[ 2379.227074]  ? trace_hardirqs_off+0xb8/0x310
[ 2379.232025]  do_page_fault+0xf2/0x7e0
[ 2379.235839]  ? vmalloc_sync_all+0x30/0x30
[ 2379.239998]  ? error_entry+0x70/0xd0
[ 2379.243731]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2379.248764]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2379.253710]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2379.258660]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2379.263522]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2379.268549]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2379.274011]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2379.279041]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2379.284071]  ? page_fault+0x8/0x30
[ 2379.287623]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2379.292483]  ? page_fault+0x8/0x30
[ 2379.296037]  page_fault+0x1e/0x30
[ 2379.299596] RIP: 0033:0x4510a0
[ 2379.302805] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2379.321718] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2379.327096] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
08:15:56 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x68)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:56 executing program 1:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x5, 0x80)
r1 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000140)={<r3=>0x0, 0x3b, "9fb214307f2079751d42a5775a43793acf495b1ee628f810a014c8d9f759c17342688f1211e169f73b2ff0e7e8b8de0f33a3b47a82a1a6cf0d6d76"}, &(0x7f00000001c0)=0x43)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000200)={r3, 0x7ff}, 0x8)
r4 = open(&(0x7f0000000040)='./file0\x00', 0x4040, 0x181)
ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x400, 0x3f, 0x2017, 0xe, 0x2, 0x1, 0x1}})
ioctl$VT_DISALLOCATE(r4, 0x5608)

08:15:56 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x88470000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:57 executing program 1:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='net/ip6_flowlabel\x00')
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000500)={0x1c, 0x3, 0x17, 0x1, 0x1, 0x200, 0x5, 0x14})
r1 = socket$l2tp(0x18, 0x1, 0x1)
pread64(r1, &(0x7f00000003c0)=""/158, 0x9e, 0x35)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000540)={0x13b, 0xffffffffffffff01})
r2 = syz_open_dev$swradio(&(0x7f0000000180)='/dev/swradio#\x00', 0x0, 0x2)
r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r3)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f0000000380)=0x1, 0x8)
llistxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/235, 0xeb)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0xc0, r4, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x28, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x57}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2a, 0x3}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x58, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@remote}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x1e}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2d, 0x8}}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10001}]}, 0xc0}}, 0x4000000)
write$eventfd(r2, &(0x7f0000000480)=0x4, 0x8)

08:15:57 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0xb00, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:57 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x5, 0x400)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
close(r1)

[ 2379.334379] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2379.341659] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2379.348937] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2379.356214] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2379.363699] CPU: 1 PID: 21334 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2379.371086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2379.371097] Call Trace:
[ 2379.381534] audit: type=1800 audit(1544688956.827:188): pid=21338 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="file0" dev="sda1" ino=17071 res=0
[ 2379.383043]  dump_stack+0x244/0x39d
[ 2379.383066]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2379.383093]  handle_userfault.cold.32+0x47/0x62
[ 2379.416161]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2379.420761]  ? mark_held_locks+0x130/0x130
[ 2379.425015]  ? find_held_lock+0x36/0x1c0
[ 2379.425044]  ? userfaultfd_ctx_put+0x830/0x830
[ 2379.425067]  ? kasan_check_read+0x11/0x20
[ 2379.425087]  ? print_usage_bug+0xc0/0xc0
[ 2379.432151] audit: type=1800 audit(1544688956.827:189): pid=21338 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="file0" dev="sda1" ino=17071 res=0
[ 2379.433725]  ? do_raw_spin_trylock+0x270/0x270
[ 2379.441929]  ? print_usage_bug+0xc0/0xc0
[ 2379.441949]  ? print_usage_bug+0xc0/0xc0
[ 2379.441966]  ? zap_class+0x640/0x640
[ 2379.441984]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2379.442002]  ? futex_wake+0x304/0x760
[ 2379.466186]  ? find_held_lock+0x36/0x1c0
[ 2379.474294]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2379.474312]  ? lock_downgrade+0x900/0x900
[ 2379.474351]  ? kasan_check_read+0x11/0x20
[ 2379.474370]  ? do_raw_spin_unlock+0xa7/0x330
[ 2379.483180]  ? do_raw_spin_trylock+0x270/0x270
[ 2379.483200]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2379.483227]  __handle_mm_fault+0x4bbd/0x5be0
[ 2379.483251]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2379.491107]  ? zap_class+0x640/0x640
[ 2379.499827]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2379.508373]  ? kasan_check_read+0x11/0x20
[ 2379.518573]  ? rcu_softirq_qs+0x20/0x20
[ 2379.527813]  ? zap_class+0x640/0x640
[ 2379.536439]  ? zap_class+0x640/0x640
[ 2379.536461]  ? find_held_lock+0x36/0x1c0
[ 2379.536489]  ? handle_mm_fault+0x42a/0xc70
[ 2379.536510]  ? lock_downgrade+0x900/0x900
[ 2379.564488]  ? check_preemption_disabled+0x48/0x280
[ 2379.569530]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2379.574476]  ? kasan_check_read+0x11/0x20
[ 2379.578637]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2379.583932]  ? rcu_softirq_qs+0x20/0x20
[ 2379.587928]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2379.593055]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2379.598616]  ? check_preemption_disabled+0x48/0x280
[ 2379.603658]  handle_mm_fault+0x54f/0xc70
[ 2379.607746]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2379.612361]  ? find_vma+0x34/0x190
[ 2379.615926]  __do_page_fault+0x5e8/0xe60
[ 2379.620003]  ? trace_hardirqs_off+0xb8/0x310
[ 2379.624441]  do_page_fault+0xf2/0x7e0
[ 2379.628261]  ? vmalloc_sync_all+0x30/0x30
[ 2379.632425]  ? error_entry+0x70/0xd0
[ 2379.636162]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2379.641192]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2379.646136]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2379.646153]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2379.646171]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2379.646191]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2379.655963]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2379.655981]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2379.656000]  ? page_fault+0x8/0x30
[ 2379.680013]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2379.684883]  ? page_fault+0x8/0x30
08:15:57 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x42000, 0x0)
ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000200)={0xffffffffffffffff, 0xfffffffffffffff9, 0x9, 0x6, 0x9, 0x3})
r2 = getuid()
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, <r3=>0x0}, &(0x7f0000000140)=0xc)
write$FUSE_ATTR(r1, &(0x7f0000000180)={0x78, 0xffffffffffffffda, 0x3, {0x5, 0x800, 0x0, {0x4, 0x3, 0x101, 0x7, 0x4, 0xf32, 0x7fffffff, 0x7f, 0x0, 0x8000, 0x1f, r2, r3, 0x8, 0x3f}}}, 0x78)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000000)=0x7)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:15:57 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
modify_ldt$read(0x0, &(0x7f0000000040)=""/157, 0x9d)
r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

08:15:57 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040), 0x4000)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))

[ 2379.688436]  page_fault+0x1e/0x30
[ 2379.691896] RIP: 0033:0x4510a0
[ 2379.695106] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2379.714025] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2379.719424] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2379.726722] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2379.734003] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
08:15:57 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:57 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x600, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2379.741286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2379.748576] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:15:57 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2379.889235] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2379.923276] CPU: 1 PID: 21371 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2379.930714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2379.930726] Call Trace:
[ 2379.942681]  dump_stack+0x244/0x39d
[ 2379.946338]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2379.951559]  handle_userfault.cold.32+0x47/0x62
[ 2379.956268]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2379.960875]  ? mark_held_locks+0x130/0x130
[ 2379.965121]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
08:15:57 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x48)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:57 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x2, &(0x7f0000000000)="0a495c5c2d023c12628571")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:15:57 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:57 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x38042000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:15:57 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x400001010008912, &(0x7f0000000300)="0a4bf3d510e33497720001c56e")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x544, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x750, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180), 0x10)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000140)=@get={0x1, &(0x7f0000000040)=""/242, 0x6})

[ 2379.965137]  ? futex_wait_setup+0x266/0x3e0
[ 2379.965167]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2379.965186]  ? userfaultfd_ctx_put+0x830/0x830
[ 2379.984290]  ? futex_wait+0x5a1/0xa50
[ 2379.988125]  ? print_usage_bug+0xc0/0xc0
[ 2379.988144]  ? print_usage_bug+0xc0/0xc0
[ 2379.988163]  ? print_usage_bug+0xc0/0xc0
[ 2379.988182]  ? zap_class+0x640/0x640
[ 2380.004066]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2380.009183]  ? futex_wake+0x304/0x760
[ 2380.013018]  ? find_held_lock+0x36/0x1c0
[ 2380.017112]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2380.021718]  ? lock_downgrade+0x900/0x900
[ 2380.025890]  ? kasan_check_read+0x11/0x20
[ 2380.025907]  ? do_raw_spin_unlock+0xa7/0x330
[ 2380.025923]  ? do_raw_spin_trylock+0x270/0x270
[ 2380.025943]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2380.025967]  __handle_mm_fault+0x4bbd/0x5be0
[ 2380.049121]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2380.053979]  ? zap_class+0x640/0x640
[ 2380.057702]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2380.062651]  ? kasan_check_read+0x11/0x20
[ 2380.066815]  ? rcu_softirq_qs+0x20/0x20
08:15:57 executing program 1:
r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x2, 0xca000)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000080)={{0x6000000, 0x4}, 'port1\x00', 0x40, 0x424, 0x5, 0xae22, 0x2, 0x8, 0x40, 0x0, 0x1, 0x5})
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

[ 2380.070824]  ? zap_class+0x640/0x640
[ 2380.074559]  ? zap_class+0x640/0x640
[ 2380.078300]  ? find_held_lock+0x36/0x1c0
[ 2380.082402]  ? handle_mm_fault+0x42a/0xc70
[ 2380.086657]  ? lock_downgrade+0x900/0x900
[ 2380.090824]  ? check_preemption_disabled+0x48/0x280
[ 2380.095884]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2380.100841]  ? kasan_check_read+0x11/0x20
[ 2380.105001]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2380.110291]  ? rcu_softirq_qs+0x20/0x20
[ 2380.114306]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2380.119441]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2380.125002]  ? check_preemption_disabled+0x48/0x280
[ 2380.130041]  handle_mm_fault+0x54f/0xc70
[ 2380.134121]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2380.138726]  ? find_vma+0x34/0x190
[ 2380.142288]  __do_page_fault+0x5e8/0xe60
[ 2380.146374]  ? trace_hardirqs_off+0xb8/0x310
[ 2380.150810]  do_page_fault+0xf2/0x7e0
[ 2380.154635]  ? vmalloc_sync_all+0x30/0x30
[ 2380.158805]  ? error_entry+0x70/0xd0
[ 2380.162549]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2380.167581]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2380.172530]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2380.177480]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2380.182352]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2380.187389]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2380.192862]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2380.197905]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2380.202942]  ? page_fault+0x8/0x30
[ 2380.206501]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2380.211373]  ? page_fault+0x8/0x30
[ 2380.214934]  page_fault+0x1e/0x30
[ 2380.218419] RIP: 0033:0x4510a0
08:15:58 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x3, 0x10000)
ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f0000000080)={0x7931, 0xc4, 0x7, 0x301})
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2380.221642] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2380.240553] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2380.245924] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2380.253207] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2380.260490] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2380.267771] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
08:15:58 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
prctl$PR_GET_FPEXC(0xb, &(0x7f0000000040))
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getgroups(0x8, &(0x7f0000000080)=[0xee00, 0xee00, 0xee01, 0x0, 0xee01, 0x0, <r2=>0xee00, 0xffffffffffffffff])
bind$vsock_stream(r1, &(0x7f00000000c0)={0x28, 0x0, 0x0, @my=0x0}, 0x10)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000100)={0x0, @speck128, 0x1, "155554ea01010008"})
setgid(r2)
close(r1)

08:15:58 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2380.275054] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:15:58 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x7400000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:58 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x800000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:58 executing program 5:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/nfsfs\x00')
r1 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x6, 0x50200)
ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000440))
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000002c0)={<r3=>0x0, @dev, @local}, &(0x7f0000000340)=0xc)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000380)={r3, 0x7, 0x2, 0x4, 0x2, 0x7fff, 0xfffffffffffffff8})
ioctl(r2, 0x1000008913, &(0x7f0000000000)="0a5c2d023c126285718070")
r4 = fcntl$getown(r0, 0x9)
write$cgroup_pid(r1, &(0x7f0000000400)=r4, 0x12)
r5 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000100)={0x101, 0x1, 0x3, 0x4, 0x6, 0x6, 0x2, 0x58, 0x2b90, 0x100000001, 0x8, 0x4})
r6 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r6)
fstat(r5, &(0x7f0000000240))
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vsock\x00', 0x2000803f8, 0x0)
r8 = syz_open_dev$vbi(&(0x7f0000000180)='/dev/vbi#\x00', 0x3, 0x2)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)
ioctl$VT_GETSTATE(r7, 0x5603, &(0x7f0000000080)={0x400, 0x2})
ioctl$SIOCGIFMTU(r7, 0x8921, &(0x7f0000000040))
write$P9_RRENAME(r8, &(0x7f00000003c0)={0x7, 0x15, 0x2}, 0x7)

08:15:58 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1, &(0x7f0000000080)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x8000000000000800, 0x0)
ioctl$UI_SET_RELBIT(r2, 0x40045566, 0xe)
close(r1)

08:15:58 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x1)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
accept(r0, &(0x7f0000000140)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x80)

08:15:58 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:58 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x300000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:58 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xffffdd86, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:58 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
getresuid(&(0x7f0000000040)=<r1=>0x0, &(0x7f0000000080), &(0x7f00000000c0))
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, <r2=>0x0}, &(0x7f0000000140)=0xc)
setreuid(r1, r2)
r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r3)

08:15:58 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5c00, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:58 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x4000)
ioctl$EVIOCGKEYCODE(r1, 0x80084504, &(0x7f00000000c0)=""/31)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

08:15:58 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:58 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x500000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:58 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2400007fff, 0x800)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0xa40, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xfffffffffffffffd)
prctl$PR_SET_PDEATHSIG(0x1, 0x1d)

08:15:58 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x200)

08:15:58 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xf000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:58 executing program 5:
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0\x00', 0x2, 0x0)
ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000080)={0x1, "20ac5d296e6c5d6294343506b6784504f1b39684563517b27fe8b2fc12c5ea08", 0x5, 0x1026, 0x3, 0x8, 0x0, 0x2, 0x205, 0x6})
r1 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0xff, 0x40001)
write$P9_RRENAMEAT(r2, &(0x7f00000002c0)={0x7, 0x4b, 0x2}, 0x7)
ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000240)={0x80000000, "32be9dffa9452203833554d8232daaabf11644ea3ade6adeb5ad65c2c4a3088f", 0x1, 0x2, 0x10001, 0x7, 0x4, 0x1, 0x100000000, 0x1})
r3 = socket$inet6(0xa, 0xcf9e2386243a7d9, 0x200)
ioctl$VIDIOC_SUBDEV_S_CROP(r3, 0xc038563c, &(0x7f0000000140)={0x0, 0x0, {0x1ff, 0x8970, 0x1000, 0xd6}})
shutdown(r1, 0x0)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f0000000100)=0x800, 0x4)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r4)

08:15:58 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83a5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2090}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r1, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'nq\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@broadcast}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8081}, 0x4000000)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x2f46b61a8f429988, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00')
setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000240)=0x8126, 0x4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r3, 0x300, 0x70bd25, 0x25dfdbfd, {{}, 0x0, 0x4101, 0x0, {0x20, 0x17, {0xc, 0x6d, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}}, [""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x4044004)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000340)=<r5=>0x0)
perf_event_open(&(0x7f00000002c0)={0x7, 0x70, 0x8, 0x2, 0x10000, 0x7, 0x0, 0x3ff, 0x0, 0x6, 0x98b, 0x6b, 0x1, 0x7, 0x401, 0x2, 0x5d4f, 0x10000, 0x9, 0x7f, 0x6, 0x200, 0x80000001, 0x8, 0x6000, 0x1, 0x3, 0x3f, 0x9, 0x7fffffff, 0x8000, 0x7, 0xffffffff, 0x1, 0x690, 0x0, 0x4c3, 0x9c, 0x0, 0x2, 0x2, @perf_bp={&(0x7f0000000280), 0x4}, 0x80, 0xe2e, 0x5, 0xf, 0x8000, 0x7, 0x100000001}, r5, 0x3, r2, 0x8)
close(r4)

08:15:58 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x3, 0x2)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000100)=0xfdf)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{<r3=>0x0}]})
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f00000001c0)={r3, 0x1})

08:15:58 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:58 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x700000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:58 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:58 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3f000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:59 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = request_key(&(0x7f00000001c0)='asymmetric\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)='em1\x00', 0xfffffffffffffff9)
r2 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, r1)
r3 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$reject(0x13, r2, 0x4ff60a68, 0x8000, r3)
ioctl(r0, 0x7, &(0x7f0000000040)="0a5c2d023c126285718070")
r4 = openat$zero(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/zero\x00', 0x501000, 0x0)
getsockname$inet(r4, &(0x7f0000000300)={0x2, 0x0, @broadcast}, &(0x7f0000000340)=0x10)
r5 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)
r6 = dup2(r0, r0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000280)=0x3)
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0)
bind$bt_sco(r7, &(0x7f0000000180)={0x1f, {0x4550000, 0x40, 0x14400000, 0x2, 0xc2, 0x401}}, 0x8)

08:15:59 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x60000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:59 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
personality(0x414000e)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2)
openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:15:59 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x10000, 0x0)
futex(&(0x7f0000000140)=0x2, 0x85, 0x0, &(0x7f0000000180)={0x77359400}, &(0x7f0000000240), 0x1)
getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000080)={'nat\x00'}, &(0x7f0000000100)=0x54)

08:15:59 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)="2f6465762f696e7075742f6576656e742304", 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:59 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:59 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14, 0x800)
setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x100, 0x3, 0x93b2, 0x7, 0xfffffffffffffffe, 0x3, 0x1}, 0x1c)
close(r1)

08:15:59 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:59 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x8001, 0x22180)
connect$bt_rfcomm(r2, &(0x7f0000000080)={0x1f, {0x650b5e8, 0x7, 0x7, 0x5, 0x6, 0x401}, 0x5}, 0xa)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xf3d4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:15:59 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3580, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:59 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:59 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1fe, &(0x7f0000000080)="126285718170000000000001000000000000")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:15:59 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x4, 0x400)
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r2, 0x40505330, &(0x7f0000000080)={{0xf0, 0x1}, {0x40, 0x20}, 0x40, 0x0, 0x6})
close(r1)

08:15:59 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3f00000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:59 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000140)={{{@in6=@ipv4={[], [], @multicast2}, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0, <r2=>0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000000040)=0xe8)
r3 = creat(&(0x7f0000001a00)='./file0\x00', 0x10)
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000001a40)={0x0, 0x0, <r4=>0x0}, &(0x7f0000001a80)=0xc)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000001ac0)={0xa0, 0x0, 0x5, {{0x2, 0x3, 0x44, 0x0, 0x7f, 0xcc, {0x4, 0x400, 0x6, 0x4, 0x1ff, 0x7ff, 0x0, 0xe3, 0x4, 0x6, 0x5, r2, r4, 0x300000000, 0x800}}, {0x0, 0x1}}}, 0xa0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0, <r5=>0x0}, &(0x7f0000000240)=0xc)
r6 = getuid()
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, <r7=>0x0}, &(0x7f00000002c0)=0xc)
r8 = getgid()
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, <r9=>0x0}, &(0x7f0000000340)=0xc)
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000380)=ANY=[@ANYBLOB="02000000010001000000000002000100", @ANYRES32=r2, @ANYBLOB="02000100", @ANYRES32=r5, @ANYBLOB="02000200", @ANYRES32=r6, @ANYBLOB="040001000000000008000400", @ANYRES32=r7, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r8, @ANYBLOB="29100500", @ANYRES32=r9, @ANYBLOB="10000300000000002000030000000000"], 0x54, 0x1)
r10 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001980)='/dev/autofs\x00', 0x101002, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(r10, 0x8918, &(0x7f00000019c0)={@ipv4={[], [], @local}, 0xb, r1})
r11 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
r12 = syz_open_dev$vcsn(&(0x7f0000000400)='/dev/vcs#\x00', 0xfc6e, 0x50000)
getsockopt$bt_rfcomm_RFCOMM_LM(r12, 0x12, 0x3, &(0x7f0000000440), &(0x7f0000000480)=0x4)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r12, 0x4058534c, &(0x7f0000000500)={0x20, 0x606c, 0xd4, 0x9, 0x196b, 0x4})
ioctl$UI_DEV_SETUP(r10, 0x405c5503, &(0x7f0000001b80)={{0x800, 0x2, 0x8d, 0x200}, 'syz0\x00', 0xd})
fcntl$F_SET_FILE_RW_HINT(r11, 0x40e, &(0x7f0000001940)=0x2)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
ioctl$EVIOCRMFF(r12, 0x40044581, &(0x7f00000004c0))
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
sendmsg$kcm(r12, &(0x7f0000001900)={&(0x7f0000000580)=@nl=@kern={0x10, 0x0, 0x0, 0x220000}, 0x80, &(0x7f0000001840)=[{&(0x7f0000000600)="e40f2aea9927a58f8511ac1364498bb2c6fc2e93a3a107b7d5df06b45008837ebcbfd281a91788a9b18768c52ea4973061e91ddba7b53397b0952d045619369652de4ca55dafb5f3f382b0d3ade04fbf31faada2bf919e24e0be8c7cc1ad50417532e654df646bae7d1995944b5f3c51fa7699481dbf9c5e2d0cdbe439f7d66549dfaea8625de095d973", 0x8a}, {&(0x7f00000006c0)="8cdd0b388dfe4cc35edd3bc9fe1b08755fe9c48d1b33883893753128529a8bf5211fd4ebece6b8cb9a1fd6cd7e54b38ab6f5c1ba710e1d6d1e76543b76e27f47dffb1a1d2c10a8d3f10b785def158024f93c9029da752242fdf4cae5412831dd061a92ea260ec8510b334018fdb82a7dc95c42288e6115a8d22aa65b5c9f7b69121c2732467cd313c56dd3a31180744ff73311f4384c2fb62139a931802598653eebeb3741676f9572f7841bc06650c7034bb40c5badaca91e3920723f10a51f170580b57d285ccead8ea668a528ecc4c8ceaedbc0d5138c4707d0a678411a96f4d755eb0002eef11c55955d01f101650f4407047aa4cb8534913120883224c02b24611be5a387b35a2d8a0cde30eef9b702d7e0f33dac130d38bec18f95653847c908a993b2275866029a0f5e704503d86e11c009c56bc5e0e5957913d59508441e42daf8ecca1ae51dffe3782c88b051ca6baaf1e8f26d501493ec6bfbaaeec126c1013ff364c21880b52006cd8965a9b8db58a93c632e8f197901dd5fe9a23566f9b85b9a62a75faf74b1780f86314308fd4d977d444b2e3107b4a9edca55421fb53180a1152a838f97da235f4080037286905222aa99f289ab42372c0c2da094c5bcf6e6c26fa968a5589003c04a35a2ea90df67c184743c14b715b98c364f7a95aa0a5379b494ffddb0ac2c912219739414bd81ab0579c6061cc5c720a5fc3fa6f122554b81b9cb42c74e8d893ef7c27640688a0036694d210cbdb2dece497633d18e96fc3db231197d4d0c561288893e3a90e8928cc3147fb4a5f2bba4402a68875952e32a613e13a254f70f8cdfaa672189a14f28fa7bf6729deda5158d5d02f8a93eac504b8bde920773700ad785b3dd35c82cf8384aa807bb91c2aa857da4c73e6207fe4d66e7f75690eaa097f6216bc67908801eb3eaeb94f856652d5e25295e40513657a78ff6c92a11c492d3488fa6a2e3131e4d75d903543d479a955dac9e1a73b5cc32a1a8fa61aad68ae2bd531d0b8e949a50c302f80c6cd2675cd4300db37a86f147df26388a098369616fcdf739099bee3d305dd64592d00e05aad57c2d171dfcfde2c683168e23f1b14b019fceff6abad93e81d7f4aca0437777f368c459adc50fb6c734a976a69df752f3a7a122444583d791be68a24beade743f3d7ed9afe1597281a5a658cae9482fe22b25d817bc925f9bd479b83ab040c54cc51054a9558587d5a38be75d17643df6355551b989094d6e276cabb8d3e02f478f5c2092fbd25a067701959b19963ead8daa27e8e4e3e0facdec992ebedad11a579193ee9d1d9763171ca8a82f9809171250aea14aeb93faf27418d3ea54d488820b65fc93d46e7ba68dbae6ff75ed06e9024803cf45347e08e403df3d839a19ee7fb3ed440f023c117f3eb0da65a96cae51ffa9b8f8fc891303e04ba31e93ef6e0d638c2a851854bd17c595429495fcf826c609a6a74019f38f432fb8b66d42e8613ea9d25f32cf84973ee2422e08575b2948cdeadac6cb80c1e0c62132a15c462056b743223483be4f8abcbe7ff232c0e8835276e7763748c64c550a8f39523877a691e3ff59ad285db7affc27802dd7c647bdf777914487815a30d34a36cb8c329304eba3879a7a7e7f3342121abf2f22e8e4a67a87fff933a5d6c6811d980070d48926f78535f2dc7978d926fb5abba7b98e6994903551bd3136053291b255bfa1f92d297d9a6e627ef0599e310950ae049d463cdc2a0d69384064a43d2c68f1019669b63d8b0ff2849bd65eef6193f6ffd2a12ffa963467e46b0e008f07ac0087565047eec5b324c7721eecae3a91522082da9f5f1ca9fa5e602b9f4134176bdc933c48503a7b9d66cd11760a8b4d76f6d9f996612bdbf169a63f175e150ad6b03a15ca00ff55894549289000999650bb44f573800ac9502099c168546e5fd8067f5058aef94dd6ea3d075691d82037e2616b218130a1d5fefa27741ae8f230740dccad3ec6eefe27f827263ddd6daf76d887c33445031cc96a11b651573d08d1ca3e18fc2da652fe8f1ef66349bdd888911b85935aaeaa1729b99e72c16b10510f13f06933c1381a489a4328c708a7792a037a97a507191b52d088e5c1667140ff70a043542ba30551d6a352cad78fd9e57949b10a77a8214375a77946f326e49def399212b2dd1014041717a1585aa2d242e442e039ccf7b2c7f3743145f74eb457481a05aa63e15ed619a52a375f6fabd870c6591f7f7ca351ac8ff90b01633ae8fbd273aa19a1440be8830d67097f68321153130236d5e968bb7f6ea6fadde6c90dc83d218ee6622e56654d9526e2ad279072a1899106a2f3749879395fe0b4c19ef006c8e0b840292fcc76123bfe5ee79379bf88cfc5482bc98384fec366b9fbbb47f2958ed888e904e91240c15b47b1b45044f3f2a7081e57489cc1646a6b907533bbb86559145039cc4987b2cd4887a535f0b41b69ee92d10fb4f99bab64ce8a151124874d5d65eb4814e34e56e77af7a03d87d179ccd2f43b523aac18ffdcff7ea3e7f021fa69710234eeadb54e31806ee4cfe413154695ca6d61f953cffcbf7eb043b8bc5050f8fdc5df4a9495f13372276fe2a3460213460d1c38f5d86216fcd54ba41a5302400e22f00ad30569e29107da8f85b0449af02f0dee60d0b021d60738caa8f3d517f511c1c77db785292a71387fee11026f8b7cb971b91ef577cbed3eef5f1718fe00e6ef3038da4b23c9ccf73286f7588744d64cc2751328e892cf49cd18edd92b6219d4ba075b2d7bc51043b52799f03e7349eb4741aba060ae9d1bdd2fae5eaf3069d4a3c5d58d11a6d491b66081896b22be7afbbf9af5c66c24efdc139015d0ae7c636f74322802cf182eeef15f14b743861db51894007624468f866098c2363ef82bc23d34856f592d4dff1ada99dc336d453fbcc93e9ab32f1ce92cad596f5dd214da24574a936586ca5f0b8dd936ba6337204a053634879eca74347ae954dd1d9df51d6f221321747e6de790fa7b870149d5a8c33efcf543e4eba389c75c3c4889afc1a2b4f30210d32f7c6fe74a483b090f7cd4009f2ed4d41adec42ba79ac2db281d928fbcd0eb6cbb93b1c4a8f70be7536b21d51e9673e6997692dfdb95abe0cb2ba8247cfb94051eb681a8599a0914b1a0d169f5b9e79f291755f0568b096fcdf4683c1202372f21802323f7286ac8b55886737e176eb549f789b055e135f9785aa72d6e85f4f3b4253f599854ad3fca2970ee6ff564a60676db64feca844778fcca4950bb1839378e7ff00ad3ff5c952ecdaab82b1192a7146b146526ba1f1287446f748b684b85d8bf7e6823566ebf3ff2e160a5890e17bc7078214a9eb28d08c5fcd6710f6f4440076f24a718c9b6f5fa6fa1b609649f685102fdb076afff23d943ade0c428f700ea1f92c99d42dd7fbe6233a346c99080cd68e41028869da46d0773c79db77860e0d871b5b6fad1017fa88b911c8f870e95f2d3cbe816bb59d504662571026b49bb2dd00aa39a419bdbc9fb83335ead118b989e6b5bd1916926fa9366f2678d3b1ac57bd2447b29eceae0070040278e39992224dd189a018fa3a93c4a0ea03b404f11f52c2df86e8b838fc03dcec10ca1fe6abcb22967472556ecb47f381acea06719d847b5cb88249d2bf7eed6f569e6ed2e2074a7a3226abbde508dbdc8f3289dd73624a0b6dfad7d0adb997a445f16ed902de487c6e2f267f5b178d377ff77d127bca76853cb22093b211d0195d0dc023dae1dd2da06eb7a69c9ce04087f7a012e356af5b56cc96274f6dcfdae54a5595a7c64dd786635ca52c7b96ea5d41d590323484749d0a3dba28f119212ebf34a35b58e53ac18412493c9ff0f897717091179d515bdbe7e97d1f9aa095ca6f41117691994525ce350cecc0c5663db1df8d6e0d9746a4d6569c529683b0c455266c15f3eae6c98bb7ba6b0f26cfcba40fe42192fc56b062264c13fb030a817ce202aa6a10cf92316b0ff8b5542ec788e4a5704c6c6db08188f4ba59b1f62322390bda4e1b782c0f160af2d2f1ef8768c0ae5578a3d5dfba8de39f5bf4206bf7cd9f2b86c1d191086dbeb90cf8d2e6a9e7086e5db2451ef53e1d7ea161fdaeddadbcff140efe04f966c5af7395638244fcc0d11ae7a6809d3953395db61ab1ceb8e6754ef89083db038d7005f2883861424c27dd3d29db758162af750c8866245967a4ec1fad551959fb1139f81d752f2636fdccd570aa112b0c549d264aff2c91a06c2f08414e098c145b2bdd2015c9113a3e0075b72d21a46837213d5e7e3a886dde60960120fba6ddd8dc71fb46d262ad77716397f6e18630738cd82f30a5032d10d014680c5db26cbe7b0b39cf1d2fbf135493c4e95ffe0ab82bfb3f0fe0426e8c2609757442e1322b19803ac9d4ce90c8fe95ce06faad168b06e56ad320fae2ec36f253eec9f521b8404607e470e8dcf1ee6648ca593169b295e9199d068082d380e436b77453f95572330ee7b55f4b317a70c7705ecc16448ce2fbf1f117ded82b8519dd2c5b2e6c052a354d4bac2c58bf5a569b6baba13707ba3879974a452a70599b5901f4ec8a2cbc7c7fd346d5222b614c6f85ad1c1ce153451b35530118cafa85ef51c7c79944edbe429f3f74f70b8a5f0dd430db821af6c27a6b6eb8f08be80c2a79c6c0d3de0b8aa043caca9252e5230b5eb5dfdee20d90aa7b75be066cbc351c192ab2d074857f90b1462aca623bf05ff5cac1f76f10d599003ea650bca9c9932e5cdadb7d9228f0ef7da07c237cae5bdaef43c8beca448ff030e484b3d56f59ceb51815a1c6a11ed3051c85e88db2b61516092cbb5ac774c683834702be087a35593a1f06c4b09271ac00df3ffe94b840690e531768563120b129995ce2acc68659cef9367c6a54c29f7d578bf164d45b1fea8a6025962d1adac7b31a80eb6f091a64be3fdaa0e250afa892dcc56890971f638dfc2a6b5a2d9035e931197645c64b5c8fb254e58a0806341bf0717b2328a501155f6f9f8cfb75a4b3ffac0e2a0161a0d174a32f33ccb796962db5c381bbec6645d05661bef9bb7fa6b1f03a3c6559c709c70f72cfd0a2638aebdd564647158f5006bf749c3251a249c2a379f9dc0a15edd48f269eba4a6ca6d663d6fb4786940c08dc1053895d4c1102249daa02a8b8203aaa0126f2adb855f84bdc40d00f2894fdd1075611f015fcaa409a006881c47437f519e4a485a6e7ead79758784011560a45d4a0d4e03836d8b572d7a9729427d352223affb18a182f1af997739ce4c5dea14f9b5fb58ba459dfd02ec98cc83ad0681a1705f7ccb619535b349062dcfa974977a762e3733987038cdce48074d5c10b0210a968c1b069f899c511ec9fe972be46d6a1e6de5fa10a4ea77e4711163f84bcdb2917de640e564779d5b2a8a88bbd1cc67e11d206efc91ec576987693025cd644f5ceedab07fe5fbfe98166b86d0c1ab812d1bb3e8571cca81e1ebec43db50213dba758bdc421a15e2aa78c30e4a709920d734af89ee28e40b2185a7217937c542e43ff9ef6353fec5fd287aa2ddb548c9ca0a415122d67e56b92dfad2a6d71c89c4cca88289a908fdb3a7923850d8e2a134ae65381a46ab5b5531b9ef82346b41e856c5ba387014db6fd3b42e227d2226bd4463dfd9e64c84c9bb2969c7fb012907c4b64321c95f534c2a9838597ecd0aa993edf7421dd809dca71d3cf57ebf95373b2a3281bcbcd35f2e39c3e173c32d1d3022e9306cf202ed0d5c655ed1319661f3", 0x1000}, {&(0x7f00000016c0)="5dea9b768c1713bd5b1c7b5e0cae8e4f", 0x10}, {&(0x7f0000001700)="43a60d8832c9f7d6", 0x8}, {&(0x7f0000001740)="ecc5859a5d4ea2662cd6db703d53bb81eb47e34260b3611290d429622be46fdbbaff094e55d2f240e33dd41fd99806b4869d25bb2cfdb88f0d413dac649940978ae52644a3d285e3ac87", 0x4a}, {&(0x7f00000017c0)="fadfaa19f2071a53626ec4ea9a09b253f003b9ff26873af0aeae2e66c9f09a42a4e868d2ba2947c99f1285db2bbac48748ff1bcc7589fb24c495f146b0886c0016a967e80413103f66f1d75ecf34ed4c0243a3e79d9df44c77520b067a3c5d21", 0x60}], 0x6, &(0x7f00000018c0)}, 0xbf)
ioctl$FS_IOC_GETFLAGS(r11, 0x800455d1, &(0x7f0000000080))
connect$llc(r12, &(0x7f00000018c0)={0x1a, 0x30e, 0x9d8, 0x8, 0x1, 0x100, @broadcast}, 0x10)
getuid()

08:15:59 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x1000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:59 executing program 1:
socket$l2tp(0x18, 0x1, 0x1)
r0 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = request_key(&(0x7f0000000000)='ceph\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='selfselfmd5sum\x00', 0xfffffffffffffffc)
keyctl$restrict_keyring(0x1d, r1, 0x0, &(0x7f00000000c0)='ppp0vboxnet0wlan1\x00')
close(r0)

08:15:59 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x800, 0x0)
ioctl$RTC_AIE_ON(r1, 0x7001)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

08:15:59 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x5)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:59 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:59 executing program 5:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

08:15:59 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x500000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:59 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000100)="0a5c2d023c126285718070")
accept4(r0, &(0x7f0000000040)=@generic, &(0x7f00000000c0)=0x80, 0x80000)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x1000, 0x800)
ioctl$VIDIOC_DBG_G_CHIP_INFO(r2, 0xc0c85666, &(0x7f0000000140)={{0x3, @name="2c80b7f70744d310524b8d3f1d7ad49fe7d509aacf3318b9e88687397678f66e"}, "ec491c3d26374ecb312aee6b02b9e27961d3644eedad2046721412aec5459a92", 0x2})

08:15:59 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:15:59 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0xffffff7f00000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:15:59 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xfeffffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:15:59 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
fsetxattr$security_smack_entry(r0, &(0x7f0000000040)='security.SMACK64IPOUT\x00', &(0x7f0000000080)='ppp0cpuset*.\x00', 0xd, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x5, 0x0)
r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r1)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

08:15:59 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x100000890f, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:15:59 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x101000)
ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000140)={0x0, 0x0, [], @bt={0x4, 0x0, 0x3, 0x30, 0x1, 0x0, 0x8, 0x4}})
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000200)={0x200, 0xaa, 0x8000, 'queue0\x00', 0x400})

[ 2382.041680] handle_userfault: 17 callbacks suppressed
[ 2382.041688] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2382.053576] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2382.058112] CPU: 1 PID: 21616 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2382.065489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2382.074858] Call Trace:
[ 2382.077477]  dump_stack+0x244/0x39d
[ 2382.081135]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2382.086374]  handle_userfault.cold.32+0x47/0x62
[ 2382.091084]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2382.095717]  ? mark_held_locks+0x130/0x130
[ 2382.099971]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2382.105001]  ? futex_wait_setup+0x266/0x3e0
[ 2382.109366]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2382.114577]  ? userfaultfd_ctx_put+0x830/0x830
[ 2382.119173]  ? futex_wait+0x5a1/0xa50
[ 2382.119196]  ? print_usage_bug+0xc0/0xc0
[ 2382.119213]  ? print_usage_bug+0xc0/0xc0
[ 2382.119232]  ? print_usage_bug+0xc0/0xc0
[ 2382.127096]  ? zap_class+0x640/0x640
[ 2382.138929]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2382.144050]  ? futex_wake+0x304/0x760
[ 2382.147891]  ? find_held_lock+0x36/0x1c0
[ 2382.151977]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2382.156582]  ? lock_downgrade+0x900/0x900
[ 2382.160749]  ? kasan_check_read+0x11/0x20
[ 2382.164914]  ? do_raw_spin_unlock+0xa7/0x330
[ 2382.169346]  ? do_raw_spin_trylock+0x270/0x270
[ 2382.173948]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2382.179596]  __handle_mm_fault+0x4bbd/0x5be0
[ 2382.184033]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2382.188894]  ? zap_class+0x640/0x640
[ 2382.192622]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2382.197563]  ? kasan_check_read+0x11/0x20
[ 2382.201728]  ? rcu_softirq_qs+0x20/0x20
[ 2382.205731]  ? zap_class+0x640/0x640
[ 2382.209469]  ? zap_class+0x640/0x640
[ 2382.213200]  ? find_held_lock+0x36/0x1c0
[ 2382.217284]  ? handle_mm_fault+0x42a/0xc70
[ 2382.221530]  ? lock_downgrade+0x900/0x900
[ 2382.225702]  ? check_preemption_disabled+0x48/0x280
[ 2382.230737]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2382.235677]  ? kasan_check_read+0x11/0x20
[ 2382.239846]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2382.245131]  ? rcu_softirq_qs+0x20/0x20
[ 2382.249117]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2382.249138]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2382.259776]  ? check_preemption_disabled+0x48/0x280
[ 2382.264820]  handle_mm_fault+0x54f/0xc70
[ 2382.268905]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2382.273510]  ? find_vma+0x34/0x190
[ 2382.277078]  __do_page_fault+0x5e8/0xe60
[ 2382.281153]  ? trace_hardirqs_off+0xb8/0x310
[ 2382.285600]  do_page_fault+0xf2/0x7e0
[ 2382.289419]  ? vmalloc_sync_all+0x30/0x30
[ 2382.293578]  ? error_entry+0x70/0xd0
[ 2382.297306]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2382.302351]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2382.307295]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2382.312246]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2382.317100]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2382.322129]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2382.327598]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2382.332653]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2382.337685]  ? page_fault+0x8/0x30
[ 2382.341244]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2382.346103]  ? page_fault+0x8/0x30
[ 2382.349662]  page_fault+0x1e/0x30
[ 2382.353128] RIP: 0033:0x4510a0
[ 2382.356343] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2382.375257] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2382.380633] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
08:16:00 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000000912, &(0x7f0000000000)="0a0300023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
listen(r0, 0x6)
close(r1)
socketpair(0x5, 0x10, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockname$netlink(r2, &(0x7f00000000c0), &(0x7f0000000100)=0xc)
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000080)={'gretap0\x00', {0x2, 0x4e24, @empty}})

08:16:00 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8847, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:00 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

[ 2382.387914] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2382.387925] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2382.387934] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2382.387944] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2382.435445] CPU: 0 PID: 21613 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2382.442839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2382.452205] Call Trace:
[ 2382.454812]  dump_stack+0x244/0x39d
[ 2382.458456]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2382.463670]  handle_userfault.cold.32+0x47/0x62
[ 2382.468382]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2382.472985]  ? mark_held_locks+0x130/0x130
[ 2382.477240]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2382.482269]  ? futex_wait_setup+0x266/0x3e0
[ 2382.486625]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2382.491827]  ? userfaultfd_ctx_put+0x830/0x830
[ 2382.491842]  ? futex_wait+0x5a1/0xa50
[ 2382.491864]  ? print_usage_bug+0xc0/0xc0
[ 2382.491881]  ? print_usage_bug+0xc0/0xc0
[ 2382.491899]  ? print_usage_bug+0xc0/0xc0
[ 2382.491920]  ? zap_class+0x640/0x640
[ 2382.516201]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2382.521319]  ? futex_wake+0x304/0x760
[ 2382.525173]  ? find_held_lock+0x36/0x1c0
[ 2382.529271]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2382.533870]  ? lock_downgrade+0x900/0x900
[ 2382.538051]  ? kasan_check_read+0x11/0x20
[ 2382.542210]  ? do_raw_spin_unlock+0xa7/0x330
[ 2382.546629]  ? do_raw_spin_trylock+0x270/0x270
[ 2382.551235]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2382.556890]  __handle_mm_fault+0x4bbd/0x5be0
[ 2382.561316]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2382.566194]  ? zap_class+0x640/0x640
[ 2382.569923]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2382.574868]  ? kasan_check_read+0x11/0x20
[ 2382.574885]  ? rcu_softirq_qs+0x20/0x20
[ 2382.574911]  ? zap_class+0x640/0x640
[ 2382.574932]  ? zap_class+0x640/0x640
[ 2382.590483]  ? find_held_lock+0x36/0x1c0
[ 2382.594572]  ? handle_mm_fault+0x42a/0xc70
[ 2382.598827]  ? lock_downgrade+0x900/0x900
[ 2382.600590] Unknown ioctl 1076932219
[ 2382.602993]  ? check_preemption_disabled+0x48/0x280
[ 2382.603014]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2382.603030]  ? kasan_check_read+0x11/0x20
[ 2382.603049]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2382.609023] Unknown ioctl 1076932219
[ 2382.611776]  ? rcu_softirq_qs+0x20/0x20
08:16:00 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x2, 0x2)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f0000000100)={0x7fff, 0x1, 'client0\x00', 0x2, "795ed48563d7cb24", "c33fdb5f190e714185359bcd66011cffacd1fd1bd0427f4a37c752943882c2e7", 0x1f, 0x9})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x101000, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f0000000080)={0x1, 0x7})
setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r0, 0x111, 0x3, 0x0, 0x4)

08:16:00 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = gettid()
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r1, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x2, 0x121000)
vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="be308a7108e69ac211a23621a2a228a3a49886dbcb1202", 0x17}], 0x388, 0x7)
close(r0)

08:16:00 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:00 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000040))

[ 2382.611794]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2382.611813]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2382.611831]  ? check_preemption_disabled+0x48/0x280
[ 2382.611854]  handle_mm_fault+0x54f/0xc70
[ 2382.611874]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2382.658172]  ? find_vma+0x34/0x190
[ 2382.661733]  __do_page_fault+0x5e8/0xe60
[ 2382.665818]  ? trace_hardirqs_off+0xb8/0x310
[ 2382.670249]  do_page_fault+0xf2/0x7e0
[ 2382.674067]  ? vmalloc_sync_all+0x30/0x30
[ 2382.678254]  ? error_entry+0x70/0xd0
[ 2382.678274]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2382.678299]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2382.678316]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2382.678350]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2382.678369]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2382.678388]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2382.678406]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2382.678423]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2382.678438]  ? page_fault+0x8/0x30
08:16:00 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4c000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:00 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r1 = dup3(r0, r0, 0x80000)
clock_gettime(0x0, &(0x7f0000000000)={<r2=>0x0, <r3=>0x0})
ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000200)={0x1, 0x0, [0x43f7, 0xc0c, 0x8, 0x3, 0x6, 0x6, 0x6, 0x8]})
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000040)=0xffffffff, 0x4)
write$evdev(r1, &(0x7f0000000140)=[{{0x77359400}, 0x1f, 0x1fffe0000000, 0xfffffffffffffffd}, {{}, 0x3, 0x7f, 0xfffffffffffffff8}, {{r2, r3/1000+30000}, 0x3, 0xbbb, 0x3}, {{}, 0x16, 0x9, 0x4}, {{0x0, 0x7530}, 0x16, 0x0, 0xffff}, {{0x77359400}, 0x17, 0x6, 0xd0b4}, {{0x77359400}, 0x3, 0x6, 0x8001}, {{0x0, 0x2710}, 0x0, 0x1, 0x6}], 0xc0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:00 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x300, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:00 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x83f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x200000, 0x0)
setsockopt$inet_dccp_int(r1, 0x21, 0xa, &(0x7f0000000080)=0x8, 0x4)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2382.678459]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2382.678477]  ? page_fault+0x8/0x30
[ 2382.678493]  page_fault+0x1e/0x30
[ 2382.678506] RIP: 0033:0x4510a0
[ 2382.678530] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2382.678539] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2382.678552] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
08:16:00 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x543, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2382.678562] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2382.678570] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2382.678587] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2382.678596] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2382.806099] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2382.806123] CPU: 0 PID: 21659 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2382.806133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2382.806139] Call Trace:
[ 2382.806164]  dump_stack+0x244/0x39d
[ 2382.806186]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2382.806218]  handle_userfault.cold.32+0x47/0x62
[ 2382.806251]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2382.806272]  ? mark_held_locks+0x130/0x130
[ 2382.806291]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2382.806309]  ? __perf_event_task_sched_out+0x33a/0x1bf0
[ 2382.806362]  ? pick_next_task_fair+0xa05/0x1b30
[ 2382.806397]  ? userfaultfd_ctx_put+0x830/0x830
[ 2382.806423]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
08:16:00 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x80000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2382.806458]  ? __perf_event_task_sched_in+0x2a9/0xb60
[ 2382.806479]  ? print_usage_bug+0xc0/0xc0
[ 2382.806508]  ? print_usage_bug+0xc0/0xc0
[ 2382.806530]  ? print_usage_bug+0xc0/0xc0
[ 2382.806556]  ? find_held_lock+0x36/0x1c0
[ 2382.806573]  ? zap_class+0x640/0x640
[ 2382.806598]  ? finish_task_switch+0x1f4/0x910
[ 2382.806624]  ? find_held_lock+0x36/0x1c0
[ 2382.806651]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2382.806669]  ? lock_downgrade+0x900/0x900
[ 2382.806693]  ? kasan_check_read+0x11/0x20
[ 2382.806708]  ? do_raw_spin_unlock+0xa7/0x330
08:16:00 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000040))

08:16:00 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:00 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8864000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2382.806724]  ? do_raw_spin_trylock+0x270/0x270
[ 2382.806742]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2382.806757]  ? __switch_to_asm+0x40/0x70
[ 2382.806782]  __handle_mm_fault+0x4bbd/0x5be0
[ 2382.806808]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2382.806836]  ? __sched_text_start+0x8/0x8
[ 2382.806852]  ? zap_class+0x640/0x640
[ 2382.806871]  ? kasan_check_read+0x11/0x20
[ 2382.806905]  ? zap_class+0x640/0x640
[ 2382.806921]  ? zap_class+0x640/0x640
[ 2382.806944]  ? find_held_lock+0x36/0x1c0
[ 2382.806969]  ? handle_mm_fault+0x42a/0xc70
[ 2382.806991]  ? lock_downgrade+0x900/0x900
[ 2382.807015]  ? check_preemption_disabled+0x48/0x280
[ 2382.807036]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2382.807053]  ? kasan_check_read+0x11/0x20
[ 2382.807068]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2382.807083]  ? rcu_softirq_qs+0x20/0x20
[ 2382.807100]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2382.807117]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2382.807135]  ? check_preemption_disabled+0x48/0x280
[ 2382.807159]  handle_mm_fault+0x54f/0xc70
[ 2382.807179]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2382.807202]  ? find_vma+0x34/0x190
[ 2382.807224]  __do_page_fault+0x5e8/0xe60
[ 2382.807241]  ? trace_hardirqs_off+0xb8/0x310
[ 2382.807269]  do_page_fault+0xf2/0x7e0
[ 2382.807286]  ? vmalloc_sync_all+0x30/0x30
[ 2382.807302]  ? error_entry+0x70/0xd0
[ 2382.807320]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2382.807358]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2382.807377]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2382.807394]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2382.807414]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2382.807430]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2382.807450]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2382.807474]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2382.807497]  ? page_fault+0x8/0x30
[ 2382.807528]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2382.807548]  ? page_fault+0x8/0x30
[ 2382.807567]  page_fault+0x1e/0x30
[ 2382.807580] RIP: 0033:0x4510a0
[ 2382.807599] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2382.807609] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2382.807623] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2382.807634] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2382.807645] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2382.807656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2382.807667] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2382.937682] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2383.135658] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2383.139453] CPU: 1 PID: 21672 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2383.278537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2383.278544] Call Trace:
[ 2383.278569]  dump_stack+0x244/0x39d
[ 2383.278590]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2383.278620]  handle_userfault.cold.32+0x47/0x62
[ 2383.278649]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2383.278669]  ? mark_held_locks+0x130/0x130
[ 2383.278691]  ? find_held_lock+0x36/0x1c0
[ 2383.278721]  ? userfaultfd_ctx_put+0x830/0x830
[ 2383.278745]  ? kasan_check_read+0x11/0x20
[ 2383.278763]  ? print_usage_bug+0xc0/0xc0
[ 2383.278777]  ? do_raw_spin_trylock+0x270/0x270
[ 2383.278794]  ? print_usage_bug+0xc0/0xc0
[ 2383.278813]  ? print_usage_bug+0xc0/0xc0
[ 2383.278831]  ? zap_class+0x640/0x640
[ 2383.278857]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2383.278873]  ? futex_wake+0x304/0x760
[ 2383.278903]  ? find_held_lock+0x36/0x1c0
[ 2383.278931]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2383.278949]  ? lock_downgrade+0x900/0x900
[ 2383.278973]  ? kasan_check_read+0x11/0x20
[ 2383.278988]  ? do_raw_spin_unlock+0xa7/0x330
[ 2383.279003]  ? do_raw_spin_trylock+0x270/0x270
[ 2383.279022]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2383.279049]  __handle_mm_fault+0x4bbd/0x5be0
[ 2383.279075]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2383.279095]  ? zap_class+0x640/0x640
[ 2383.279109]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2383.279125]  ? kasan_check_read+0x11/0x20
[ 2383.279143]  ? rcu_softirq_qs+0x20/0x20
[ 2383.279171]  ? zap_class+0x640/0x640
[ 2383.279186]  ? zap_class+0x640/0x640
[ 2383.279209]  ? find_held_lock+0x36/0x1c0
[ 2383.279235]  ? handle_mm_fault+0x42a/0xc70
[ 2383.279253]  ? lock_downgrade+0x900/0x900
[ 2383.279271]  ? check_preemption_disabled+0x48/0x280
[ 2383.279290]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2383.279306]  ? kasan_check_read+0x11/0x20
[ 2383.279321]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2383.279348]  ? rcu_softirq_qs+0x20/0x20
08:16:01 executing program 1:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x4c001, 0x0)
openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mem_hardwall\x00', 0x2, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:16:01 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x100000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:01 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008915, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:16:01 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x7a000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:01 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)="2f6465762f696e7075742f6576656e742305", 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2383.279368]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2383.279387]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2383.279404]  ? check_preemption_disabled+0x48/0x280
[ 2383.279428]  handle_mm_fault+0x54f/0xc70
[ 2383.279448]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2383.279469]  ? find_vma+0x34/0x190
[ 2383.279491]  __do_page_fault+0x5e8/0xe60
[ 2383.279507]  ? trace_hardirqs_off+0xb8/0x310
[ 2383.279533]  do_page_fault+0xf2/0x7e0
[ 2383.279550]  ? vmalloc_sync_all+0x30/0x30
[ 2383.279567]  ? error_entry+0x70/0xd0
[ 2383.279584]  ? trace_hardirqs_off_caller+0xbb/0x310
08:16:01 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0a5c2d023c12628571d3a3")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2383.279600]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2383.279617]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2383.279633]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2383.279650]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2383.279666]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2383.279684]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2383.279703]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2383.279718]  ? page_fault+0x8/0x30
[ 2383.279737]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2383.279755]  ? page_fault+0x8/0x30
[ 2383.279772]  page_fault+0x1e/0x30
[ 2383.279784] RIP: 0033:0x4510a0
[ 2383.279801] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2383.279810] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2383.279823] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2383.279833] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2383.279849] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2383.279859] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2383.279869] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2383.279904] CPU: 0 PID: 21681 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2383.279913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2383.279918] Call Trace:
[ 2383.279935]  dump_stack+0x244/0x39d
[ 2383.279956]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2383.279983]  handle_userfault.cold.32+0x47/0x62
[ 2383.280011]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2383.280027]  ? mark_held_locks+0x130/0x130
[ 2383.280040]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2383.280064]  ? futex_wait_setup+0x266/0x3e0
[ 2383.280094]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2383.280114]  ? userfaultfd_ctx_put+0x830/0x830
[ 2383.280129]  ? futex_wait+0x5a1/0xa50
[ 2383.280152]  ? print_usage_bug+0xc0/0xc0
[ 2383.280169]  ? print_usage_bug+0xc0/0xc0
[ 2383.280189]  ? print_usage_bug+0xc0/0xc0
[ 2383.280207]  ? zap_class+0x640/0x640
[ 2383.280224]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2383.280239]  ? futex_wake+0x304/0x760
[ 2383.280270]  ? find_held_lock+0x36/0x1c0
[ 2383.280296]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2383.280314]  ? lock_downgrade+0x900/0x900
[ 2383.280355]  ? kasan_check_read+0x11/0x20
[ 2383.280371]  ? do_raw_spin_unlock+0xa7/0x330
[ 2383.280386]  ? do_raw_spin_trylock+0x270/0x270
[ 2383.280405]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2383.280433]  __handle_mm_fault+0x4bbd/0x5be0
[ 2383.280458]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2383.280478]  ? zap_class+0x640/0x640
08:16:01 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x42, 0x0)
write$FUSE_BMAP(r2, &(0x7f0000000040)={0x18, 0x0, 0x7, {0x6}}, 0x18)

08:16:01 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x80350000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2383.280492]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2383.280507]  ? kasan_check_read+0x11/0x20
[ 2383.280525]  ? rcu_softirq_qs+0x20/0x20
[ 2383.280552]  ? zap_class+0x640/0x640
[ 2383.280568]  ? zap_class+0x640/0x640
[ 2383.280590]  ? find_held_lock+0x36/0x1c0
[ 2383.280616]  ? handle_mm_fault+0x42a/0xc70
[ 2383.280634]  ? lock_downgrade+0x900/0x900
[ 2383.280650]  ? check_preemption_disabled+0x48/0x280
[ 2383.280669]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2383.280685]  ? kasan_check_read+0x11/0x20
[ 2383.280700]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2383.280715]  ? rcu_softirq_qs+0x20/0x20
[ 2383.280732]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2383.280749]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2383.280767]  ? check_preemption_disabled+0x48/0x280
[ 2383.280791]  handle_mm_fault+0x54f/0xc70
[ 2383.280811]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2383.280832]  ? find_vma+0x34/0x190
[ 2383.280852]  __do_page_fault+0x5e8/0xe60
[ 2383.280867]  ? trace_hardirqs_off+0xb8/0x310
[ 2383.280894]  do_page_fault+0xf2/0x7e0
[ 2383.280911]  ? vmalloc_sync_all+0x30/0x30
[ 2383.280926]  ? error_entry+0x70/0xd0
[ 2383.280943]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2383.280957]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2383.280971]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2383.280986]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2383.281002]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2383.281016]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2383.281033]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2383.281051]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2383.281066]  ? page_fault+0x8/0x30
[ 2383.281085]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2383.281102]  ? page_fault+0x8/0x30
[ 2383.281119]  page_fault+0x1e/0x30
[ 2383.281130] RIP: 0033:0x4510a0
[ 2383.281146] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2383.281154] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2383.281165] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2383.281174] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
08:16:01 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2383.281183] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2383.281193] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2383.281203] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2383.644905] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2383.850411] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2383.896909] CPU: 1 PID: 21703 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2383.936711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2383.936717] Call Trace:
[ 2383.936741]  dump_stack+0x244/0x39d
[ 2383.936764]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2383.936800]  handle_userfault.cold.32+0x47/0x62
[ 2383.962069]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2383.962090]  ? mark_held_locks+0x130/0x130
[ 2383.962107]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2383.962121]  ? futex_wait_setup+0x266/0x3e0
[ 2383.962157]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2383.975541]  ? userfaultfd_ctx_put+0x830/0x830
[ 2383.975557]  ? futex_wait+0x5a1/0xa50
[ 2383.975579]  ? print_usage_bug+0xc0/0xc0
[ 2383.975597]  ? print_usage_bug+0xc0/0xc0
[ 2383.975616]  ? print_usage_bug+0xc0/0xc0
[ 2384.004690]  ? zap_class+0x640/0x640
[ 2384.004708]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2384.004724]  ? futex_wake+0x304/0x760
[ 2384.004765]  ? find_held_lock+0x36/0x1c0
[ 2384.004790]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2384.017419]  ? lock_downgrade+0x900/0x900
[ 2384.017445]  ? kasan_check_read+0x11/0x20
[ 2384.017461]  ? do_raw_spin_unlock+0xa7/0x330
[ 2384.017478]  ? do_raw_spin_trylock+0x270/0x270
[ 2384.017498]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2384.039304]  __handle_mm_fault+0x4bbd/0x5be0
[ 2384.039341]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2384.039362]  ? zap_class+0x640/0x640
[ 2384.039376]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2384.039396]  ? kasan_check_read+0x11/0x20
[ 2384.072366]  ? rcu_softirq_qs+0x20/0x20
[ 2384.072395]  ? zap_class+0x640/0x640
[ 2384.072411]  ? zap_class+0x640/0x640
[ 2384.072433]  ? find_held_lock+0x36/0x1c0
[ 2384.072459]  ? handle_mm_fault+0x42a/0xc70
[ 2384.072476]  ? lock_downgrade+0x900/0x900
[ 2384.072495]  ? check_preemption_disabled+0x48/0x280
[ 2384.072513]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2384.232295]  ? kasan_check_read+0x11/0x20
[ 2384.236485]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2384.241782]  ? rcu_softirq_qs+0x20/0x20
[ 2384.245773]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2384.250893]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2384.256441]  ? check_preemption_disabled+0x48/0x280
[ 2384.261481]  handle_mm_fault+0x54f/0xc70
[ 2384.265561]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2384.270168]  ? find_vma+0x34/0x190
[ 2384.273734]  __do_page_fault+0x5e8/0xe60
[ 2384.277807]  ? trace_hardirqs_off+0xb8/0x310
[ 2384.282250]  do_page_fault+0xf2/0x7e0
[ 2384.286067]  ? vmalloc_sync_all+0x30/0x30
[ 2384.290231]  ? error_entry+0x70/0xd0
[ 2384.293961]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2384.298999]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2384.303944]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2384.308891]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2384.313755]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2384.318783]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2384.324251]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2384.329278]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2384.334305]  ? page_fault+0x8/0x30
[ 2384.337891]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2384.342757]  ? page_fault+0x8/0x30
[ 2384.346315]  page_fault+0x1e/0x30
[ 2384.349787] RIP: 0033:0x4510a0
[ 2384.353012] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2384.371921] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2384.377290] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2384.384577] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2384.391858] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2384.399137] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2384.406411] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2384.413711] CPU: 0 PID: 21700 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2384.421089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2384.430447] Call Trace:
[ 2384.433051]  dump_stack+0x244/0x39d
[ 2384.436707]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2384.441912]  handle_userfault.cold.32+0x47/0x62
[ 2384.446581]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2384.451156]  ? mark_held_locks+0x130/0x130
[ 2384.455393]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2384.460396]  ? futex_wait_setup+0x266/0x3e0
[ 2384.464715]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2384.469895]  ? userfaultfd_ctx_put+0x830/0x830
[ 2384.474464]  ? futex_wait+0x5a1/0xa50
[ 2384.478260]  ? print_usage_bug+0xc0/0xc0
[ 2384.482337]  ? print_usage_bug+0xc0/0xc0
[ 2384.486435]  ? print_usage_bug+0xc0/0xc0
[ 2384.490519]  ? zap_class+0x640/0x640
[ 2384.494248]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2384.499368]  ? futex_wake+0x304/0x760
[ 2384.503186]  ? find_held_lock+0x36/0x1c0
[ 2384.507290]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2384.511930]  ? lock_downgrade+0x900/0x900
[ 2384.516109]  ? kasan_check_read+0x11/0x20
[ 2384.520278]  ? do_raw_spin_unlock+0xa7/0x330
[ 2384.524706]  ? do_raw_spin_trylock+0x270/0x270
[ 2384.529312]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2384.534983]  __handle_mm_fault+0x4bbd/0x5be0
[ 2384.539405]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2384.544252]  ? zap_class+0x640/0x640
[ 2384.547952]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2384.552875]  ? kasan_check_read+0x11/0x20
[ 2384.557013]  ? rcu_softirq_qs+0x20/0x20
[ 2384.560993]  ? zap_class+0x640/0x640
[ 2384.564695]  ? zap_class+0x640/0x640
[ 2384.568400]  ? find_held_lock+0x36/0x1c0
[ 2384.572457]  ? handle_mm_fault+0x42a/0xc70
[ 2384.576681]  ? lock_downgrade+0x900/0x900
[ 2384.580834]  ? check_preemption_disabled+0x48/0x280
[ 2384.585851]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2384.590770]  ? kasan_check_read+0x11/0x20
[ 2384.594922]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2384.600186]  ? rcu_softirq_qs+0x20/0x20
[ 2384.604149]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2384.609244]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2384.614771]  ? check_preemption_disabled+0x48/0x280
[ 2384.619780]  handle_mm_fault+0x54f/0xc70
[ 2384.623829]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2384.628418]  ? find_vma+0x34/0x190
[ 2384.631971]  __do_page_fault+0x5e8/0xe60
[ 2384.636038]  ? trace_hardirqs_off+0xb8/0x310
[ 2384.640444]  do_page_fault+0xf2/0x7e0
[ 2384.644233]  ? vmalloc_sync_all+0x30/0x30
[ 2384.648374]  ? error_entry+0x70/0xd0
[ 2384.652088]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2384.657090]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2384.662007]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2384.666927]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2384.671759]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2384.676773]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2384.682231]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2384.687239]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2384.692243]  ? page_fault+0x8/0x30
[ 2384.695772]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2384.700606]  ? page_fault+0x8/0x30
[ 2384.704133]  page_fault+0x1e/0x30
[ 2384.707571] RIP: 0033:0x4510a0
[ 2384.710761] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2384.729650] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2384.735004] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2384.742270] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2384.749534] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2384.756798] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2384.764064] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:02 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:02 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = socket$inet6(0xa, 0x400000000000803, 0x3)
ioctl(r2, 0x1000008912, &(0x7f00000006c0)="0a5c2d023c126285718070")
perf_event_open(&(0x7f0000000040)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r3, 0x10d, 0xc, &(0x7f0000000040), &(0x7f0000000000)=0x1c5)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x80400, 0x0)
ioctl$NBD_DO_IT(r4, 0xab03)
r5 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x2, 0x0)
setsockopt$TIPC_MCAST_REPLICAST(r5, 0x10f, 0x86)
r6 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x40000)
close(r0)
ioctl$VIDIOC_QUERYMENU(r6, 0xc02c5625, &(0x7f00000000c0)={0x6, 0x1, @value=0x8})

08:16:02 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x5, 0x80)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000000c0)=0x14)
ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000000100)=r2)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r3)

08:16:02 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:02 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x1, 0x0)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00')
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800200}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="02002bbd3000fb0000000800050081000000000000000000000000000000"], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x20008014)

08:16:02 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6c)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:02 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x89060000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2384.945919] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2384.956591] CPU: 0 PID: 21736 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2384.963983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2384.963991] Call Trace:
[ 2384.964018]  dump_stack+0x244/0x39d
[ 2384.964045]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2384.964078]  handle_userfault.cold.32+0x47/0x62
[ 2384.964111]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2384.964132]  ? mark_held_locks+0x130/0x130
[ 2384.964151]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2384.964172]  ? futex_wait_setup+0x266/0x3e0
[ 2385.003408]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2385.003430]  ? userfaultfd_ctx_put+0x830/0x830
[ 2385.003446]  ? futex_wait+0x5a1/0xa50
[ 2385.003468]  ? print_usage_bug+0xc0/0xc0
[ 2385.003488]  ? print_usage_bug+0xc0/0xc0
[ 2385.029491]  ? print_usage_bug+0xc0/0xc0
[ 2385.033568]  ? zap_class+0x640/0x640
[ 2385.037303]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2385.042435]  ? futex_wake+0x304/0x760
[ 2385.046264]  ? find_held_lock+0x36/0x1c0
[ 2385.050367]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2385.054971]  ? lock_downgrade+0x900/0x900
[ 2385.059147]  ? kasan_check_read+0x11/0x20
[ 2385.063312]  ? do_raw_spin_unlock+0xa7/0x330
[ 2385.067766]  ? do_raw_spin_trylock+0x270/0x270
[ 2385.072385]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2385.078039]  __handle_mm_fault+0x4bbd/0x5be0
[ 2385.082481]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2385.087394]  ? zap_class+0x640/0x640
[ 2385.091128]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2385.096073]  ? kasan_check_read+0x11/0x20
[ 2385.098543] IPVS: ftp: loaded support on port[0] = 21
[ 2385.100231]  ? rcu_softirq_qs+0x20/0x20
[ 2385.100260]  ? zap_class+0x640/0x640
[ 2385.100280]  ? zap_class+0x640/0x640
[ 2385.116855]  ? find_held_lock+0x36/0x1c0
[ 2385.120944]  ? handle_mm_fault+0x42a/0xc70
[ 2385.125196]  ? lock_downgrade+0x900/0x900
[ 2385.129374]  ? check_preemption_disabled+0x48/0x280
[ 2385.134407]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2385.139367]  ? kasan_check_read+0x11/0x20
[ 2385.143538]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2385.148834]  ? rcu_softirq_qs+0x20/0x20
[ 2385.152822]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2385.157945]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2385.163498]  ? check_preemption_disabled+0x48/0x280
[ 2385.168539]  handle_mm_fault+0x54f/0xc70
[ 2385.172651]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2385.177259]  ? find_vma+0x34/0x190
[ 2385.180818]  __do_page_fault+0x5e8/0xe60
[ 2385.184896]  ? trace_hardirqs_off+0xb8/0x310
[ 2385.189343]  do_page_fault+0xf2/0x7e0
[ 2385.193160]  ? vmalloc_sync_all+0x30/0x30
[ 2385.197325]  ? error_entry+0x70/0xd0
[ 2385.201073]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2385.206103]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2385.211062]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2385.216005]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2385.220862]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2385.225894]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2385.231856]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2385.236894]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2385.241936]  ? page_fault+0x8/0x30
[ 2385.245498]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2385.250377]  ? page_fault+0x8/0x30
[ 2385.253934]  page_fault+0x1e/0x30
[ 2385.257396] RIP: 0033:0x4510a0
[ 2385.260599] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2385.279507] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2385.284886] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
08:16:02 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xfffffffffffff000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:02 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x48, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:03 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88caffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:03 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88470000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:03 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x7000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:03 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x689, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2385.292169] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2385.299553] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2385.306825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2385.314093] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2385.323520] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2385.328986] CPU: 0 PID: 21739 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2385.336372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2385.345759] Call Trace:
[ 2385.348372]  dump_stack+0x244/0x39d
[ 2385.352019]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2385.357233]  handle_userfault.cold.32+0x47/0x62
[ 2385.362101]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2385.366811]  ? mark_held_locks+0x130/0x130
[ 2385.371062]  ? find_held_lock+0x36/0x1c0
[ 2385.375140]  ? userfaultfd_ctx_put+0x830/0x830
[ 2385.379745]  ? kasan_check_read+0x11/0x20
[ 2385.383905]  ? print_usage_bug+0xc0/0xc0
[ 2385.387968]  ? do_raw_spin_trylock+0x270/0x270
[ 2385.392554]  ? print_usage_bug+0xc0/0xc0
[ 2385.396629]  ? print_usage_bug+0xc0/0xc0
[ 2385.400701]  ? zap_class+0x640/0x640
[ 2385.404425]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2385.409530]  ? futex_wake+0x304/0x760
[ 2385.413365]  ? find_held_lock+0x36/0x1c0
[ 2385.417441]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2385.422028]  ? lock_downgrade+0x900/0x900
[ 2385.426193]  ? kasan_check_read+0x11/0x20
[ 2385.430361]  ? do_raw_spin_unlock+0xa7/0x330
[ 2385.434776]  ? do_raw_spin_trylock+0x270/0x270
[ 2385.439378]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2385.445017]  __handle_mm_fault+0x4bbd/0x5be0
[ 2385.449442]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2385.454299]  ? zap_class+0x640/0x640
[ 2385.458029]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2385.462964]  ? kasan_check_read+0x11/0x20
[ 2385.467117]  ? rcu_softirq_qs+0x20/0x20
[ 2385.471123]  ? zap_class+0x640/0x640
[ 2385.474837]  ? zap_class+0x640/0x640
[ 2385.478563]  ? find_held_lock+0x36/0x1c0
[ 2385.482639]  ? handle_mm_fault+0x42a/0xc70
[ 2385.486879]  ? lock_downgrade+0x900/0x900
[ 2385.491033]  ? check_preemption_disabled+0x48/0x280
[ 2385.496057]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2385.500989]  ? kasan_check_read+0x11/0x20
[ 2385.505144]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2385.510435]  ? rcu_softirq_qs+0x20/0x20
[ 2385.514415]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2385.519525]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2385.525068]  ? check_preemption_disabled+0x48/0x280
[ 2385.530098]  handle_mm_fault+0x54f/0xc70
[ 2385.534168]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2385.538757]  ? find_vma+0x34/0x190
[ 2385.542310]  __do_page_fault+0x5e8/0xe60
[ 2385.546393]  ? trace_hardirqs_off+0xb8/0x310
[ 2385.550816]  do_page_fault+0xf2/0x7e0
[ 2385.554622]  ? vmalloc_sync_all+0x30/0x30
[ 2385.558775]  ? error_entry+0x70/0xd0
[ 2385.562495]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2385.567515]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2385.572454]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2385.577385]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2385.582235]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2385.587257]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2385.592712]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2385.597735]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2385.602756]  ? page_fault+0x8/0x30
[ 2385.606306]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2385.611166]  ? page_fault+0x8/0x30
[ 2385.614715]  page_fault+0x1e/0x30
[ 2385.618167] RIP: 0033:0x4510a0
[ 2385.621376] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2385.640278] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
08:16:03 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x100)
write$evdev(r2, &(0x7f0000000080)=[{{0x0, 0x2710}, 0x3, 0x6, 0x42}], 0x18)
close(r1)

08:16:03 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xd00000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2385.645641] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2385.652915] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2385.660184] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2385.667454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2385.674727] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:03 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\a', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2385.926676] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2385.931380] CPU: 1 PID: 21776 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2385.938762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2385.948119] Call Trace:
[ 2385.950732]  dump_stack+0x244/0x39d
[ 2385.954390]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2385.959606]  handle_userfault.cold.32+0x47/0x62
[ 2385.964298]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2385.968902]  ? mark_held_locks+0x130/0x130
[ 2385.973149]  ? find_held_lock+0x36/0x1c0
[ 2385.977227]  ? userfaultfd_ctx_put+0x830/0x830
[ 2385.981821]  ? kasan_check_read+0x11/0x20
[ 2385.985988]  ? print_usage_bug+0xc0/0xc0
[ 2385.990053]  ? do_raw_spin_trylock+0x270/0x270
[ 2385.994645]  ? print_usage_bug+0xc0/0xc0
[ 2385.998718]  ? print_usage_bug+0xc0/0xc0
[ 2386.002785]  ? zap_class+0x640/0x640
[ 2386.006508]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2386.011618]  ? futex_wake+0x304/0x760
[ 2386.015440]  ? find_held_lock+0x36/0x1c0
[ 2386.019524]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2386.024117]  ? lock_downgrade+0x900/0x900
[ 2386.028281]  ? kasan_check_read+0x11/0x20
[ 2386.032434]  ? do_raw_spin_unlock+0xa7/0x330
[ 2386.036850]  ? do_raw_spin_trylock+0x270/0x270
[ 2386.041437]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2386.047079]  __handle_mm_fault+0x4bbd/0x5be0
[ 2386.051508]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2386.056367]  ? zap_class+0x640/0x640
[ 2386.060088]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2386.065024]  ? kasan_check_read+0x11/0x20
[ 2386.069184]  ? rcu_softirq_qs+0x20/0x20
[ 2386.073176]  ? zap_class+0x640/0x640
[ 2386.076894]  ? zap_class+0x640/0x640
[ 2386.080625]  ? find_held_lock+0x36/0x1c0
[ 2386.084707]  ? handle_mm_fault+0x42a/0xc70
[ 2386.088966]  ? lock_downgrade+0x900/0x900
[ 2386.093125]  ? check_preemption_disabled+0x48/0x280
[ 2386.098152]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2386.103087]  ? kasan_check_read+0x11/0x20
[ 2386.107243]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2386.112529]  ? rcu_softirq_qs+0x20/0x20
[ 2386.116507]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2386.121621]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2386.127169]  ? check_preemption_disabled+0x48/0x280
[ 2386.132199]  handle_mm_fault+0x54f/0xc70
[ 2386.136267]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2386.140900]  ? find_vma+0x34/0x190
[ 2386.144454]  __do_page_fault+0x5e8/0xe60
[ 2386.148523]  ? trace_hardirqs_off+0xb8/0x310
[ 2386.152951]  do_page_fault+0xf2/0x7e0
[ 2386.156757]  ? vmalloc_sync_all+0x30/0x30
[ 2386.160914]  ? error_entry+0x70/0xd0
[ 2386.164636]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2386.169704]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2386.174640]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2386.179583]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2386.184435]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2386.189454]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2386.194910]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2386.199935]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2386.204961]  ? page_fault+0x8/0x30
[ 2386.208511]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2386.213368]  ? page_fault+0x8/0x30
[ 2386.216922]  page_fault+0x1e/0x30
[ 2386.220380] RIP: 0033:0x4510a0
[ 2386.223579] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2386.242481] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2386.247851] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2386.255124] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2386.262397] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2386.269667] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2386.276956] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2386.432402] device bridge_slave_1 left promiscuous mode
[ 2386.437904] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2386.448537] device bridge_slave_0 left promiscuous mode
[ 2386.454251] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2386.482746] team0 (unregistering): Port device team_slave_1 removed
[ 2386.492773] team0 (unregistering): Port device team_slave_0 removed
[ 2386.502494] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 2386.515831] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 2386.541395] bond0 (unregistering): Released all slaves
[ 2386.911311] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2386.917940] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2386.925656] device bridge_slave_0 entered promiscuous mode
[ 2386.970357] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2386.976882] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2386.984655] device bridge_slave_1 entered promiscuous mode
[ 2387.029674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 2387.074146] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 2387.206426] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 2387.252988] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 2387.464419] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 2387.472272] team0: Port device team_slave_0 added
[ 2387.516163] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 2387.523991] team0: Port device team_slave_1 added
[ 2387.566664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 2387.612613] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 2387.619462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 2387.635253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 2387.670795] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 2387.677965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2387.689873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 2387.728831] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 2387.736009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 2387.747527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 2388.037939] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2388.044327] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2388.050913] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2388.057310] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2388.065927] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 2388.592122] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 2388.973579] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2389.074482] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 2389.167346] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 2389.173708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 2389.180798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2389.276273] 8021q: adding VLAN 0 to HW filter on device team0
08:16:07 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:07 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x20000, 0x0)
ioctl$TCXONC(r1, 0x540a, 0x401)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

08:16:07 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88640000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:07 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x60)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:07 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
fstat(r0, &(0x7f0000000040))
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:16:07 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:07 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0xfffffffffffffe48, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x6, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2389.921194] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2389.926666] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2389.931582] CPU: 0 PID: 22042 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2389.938957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2389.948309] Call Trace:
[ 2389.950928]  dump_stack+0x244/0x39d
[ 2389.954574]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2389.959789]  handle_userfault.cold.32+0x47/0x62
[ 2389.964486]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2389.969078]  ? mark_held_locks+0x130/0x130
[ 2389.973318]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2389.978365]  ? futex_wait_setup+0x266/0x3e0
[ 2389.982720]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2389.987920]  ? userfaultfd_ctx_put+0x830/0x830
[ 2389.992510]  ? futex_wait+0x5a1/0xa50
[ 2389.996322]  ? print_usage_bug+0xc0/0xc0
[ 2390.000405]  ? print_usage_bug+0xc0/0xc0
[ 2390.004474]  ? print_usage_bug+0xc0/0xc0
[ 2390.008539]  ? zap_class+0x640/0x640
[ 2390.012264]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2390.017377]  ? futex_wake+0x304/0x760
[ 2390.021205]  ? find_held_lock+0x36/0x1c0
[ 2390.025281]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2390.029874]  ? lock_downgrade+0x900/0x900
[ 2390.034036]  ? kasan_check_read+0x11/0x20
[ 2390.038190]  ? do_raw_spin_unlock+0xa7/0x330
[ 2390.042602]  ? do_raw_spin_trylock+0x270/0x270
[ 2390.047192]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2390.052837]  __handle_mm_fault+0x4bbd/0x5be0
[ 2390.057263]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2390.062119]  ? zap_class+0x640/0x640
[ 2390.065841]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2390.070772]  ? kasan_check_read+0x11/0x20
[ 2390.074925]  ? rcu_softirq_qs+0x20/0x20
[ 2390.078916]  ? zap_class+0x640/0x640
[ 2390.082637]  ? zap_class+0x640/0x640
[ 2390.086372]  ? find_held_lock+0x36/0x1c0
[ 2390.090446]  ? handle_mm_fault+0x42a/0xc70
[ 2390.094688]  ? lock_downgrade+0x900/0x900
[ 2390.098845]  ? check_preemption_disabled+0x48/0x280
[ 2390.103868]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2390.108805]  ? kasan_check_read+0x11/0x20
[ 2390.112955]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2390.118235]  ? rcu_softirq_qs+0x20/0x20
[ 2390.122215]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2390.127327]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2390.132892]  ? check_preemption_disabled+0x48/0x280
[ 2390.137925]  handle_mm_fault+0x54f/0xc70
[ 2390.141996]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2390.146591]  ? find_vma+0x34/0x190
[ 2390.150145]  __do_page_fault+0x5e8/0xe60
[ 2390.154211]  ? trace_hardirqs_off+0xb8/0x310
[ 2390.158635]  do_page_fault+0xf2/0x7e0
[ 2390.162446]  ? vmalloc_sync_all+0x30/0x30
[ 2390.166597]  ? error_entry+0x70/0xd0
[ 2390.170315]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2390.175362]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2390.180301]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2390.185246]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2390.190094]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2390.195116]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2390.200574]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2390.205598]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2390.210621]  ? page_fault+0x8/0x30
[ 2390.214171]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2390.219025]  ? page_fault+0x8/0x30
[ 2390.222573]  page_fault+0x1e/0x30
[ 2390.226028] RIP: 0033:0x4510a0
[ 2390.229229] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2390.248144] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2390.253520] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2390.260791] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
08:16:08 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)=<r1=>0x0)
ptrace$setopts(0x4206, r1, 0x1000, 0x10)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
r3 = open(&(0x7f0000000080)='./file0\x00', 0x1, 0x20)
ioctl$TCGETA(r3, 0x5405, &(0x7f00000000c0))

[ 2390.268061] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2390.275347] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2390.282620] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2390.301714] CPU: 1 PID: 22047 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2390.309105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2390.309118] Call Trace:
08:16:08 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2390.321077]  dump_stack+0x244/0x39d
[ 2390.324725]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2390.329957]  handle_userfault.cold.32+0x47/0x62
[ 2390.334653]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2390.339254]  ? mark_held_locks+0x130/0x130
[ 2390.343518]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2390.348551]  ? futex_wait_setup+0x266/0x3e0
[ 2390.352906]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2390.358118]  ? userfaultfd_ctx_put+0x830/0x830
[ 2390.362716]  ? futex_wait+0x5a1/0xa50
[ 2390.366535]  ? print_usage_bug+0xc0/0xc0
08:16:08 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xffffca88, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2390.370610]  ? print_usage_bug+0xc0/0xc0
[ 2390.374692]  ? print_usage_bug+0xc0/0xc0
[ 2390.378773]  ? zap_class+0x640/0x640
[ 2390.382506]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2390.387625]  ? futex_wake+0x304/0x760
[ 2390.391452]  ? find_held_lock+0x36/0x1c0
[ 2390.395547]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2390.400140]  ? lock_downgrade+0x900/0x900
[ 2390.404309]  ? kasan_check_read+0x11/0x20
[ 2390.408494]  ? do_raw_spin_unlock+0xa7/0x330
[ 2390.412917]  ? do_raw_spin_trylock+0x270/0x270
[ 2390.417520]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2390.423170]  __handle_mm_fault+0x4bbd/0x5be0
[ 2390.423196]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2390.423216]  ? zap_class+0x640/0x640
[ 2390.423234]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2390.432485]  ? kasan_check_read+0x11/0x20
[ 2390.432504]  ? rcu_softirq_qs+0x20/0x20
[ 2390.432532]  ? zap_class+0x640/0x640
[ 2390.432548]  ? zap_class+0x640/0x640
[ 2390.432570]  ? find_held_lock+0x36/0x1c0
[ 2390.432599]  ? handle_mm_fault+0x42a/0xc70
[ 2390.432617]  ? lock_downgrade+0x900/0x900
08:16:08 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x14000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2390.432634]  ? check_preemption_disabled+0x48/0x280
[ 2390.432652]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2390.432667]  ? kasan_check_read+0x11/0x20
[ 2390.432681]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2390.432697]  ? rcu_softirq_qs+0x20/0x20
[ 2390.432712]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2390.432740]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2390.432756]  ? check_preemption_disabled+0x48/0x280
[ 2390.432778]  handle_mm_fault+0x54f/0xc70
[ 2390.432796]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2390.432817]  ? find_vma+0x34/0x190
[ 2390.432837]  __do_page_fault+0x5e8/0xe60
[ 2390.432861]  ? trace_hardirqs_off+0xb8/0x310
[ 2390.432887]  do_page_fault+0xf2/0x7e0
[ 2390.432901]  ? vmalloc_sync_all+0x30/0x30
[ 2390.432917]  ? error_entry+0x70/0xd0
[ 2390.432937]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2390.488892]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2390.488911]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2390.488928]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2390.488946]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2390.488963]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2390.488981]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2390.489000]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2390.503613]  ? page_fault+0x8/0x30
[ 2390.503634]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2390.503653]  ? page_fault+0x8/0x30
[ 2390.503670]  page_fault+0x1e/0x30
[ 2390.503684] RIP: 0033:0x4510a0
[ 2390.503701] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
08:16:08 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4000000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2390.503709] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2390.503722] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2390.503732] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2390.503742] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2390.503751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2390.503761] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:08 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x80000000000001, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0xa400, 0x0)
getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f0000000200)=@assoc_value={<r3=>0x0, 0x1}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000280)={r3, 0xffffffff, 0x30, 0x3}, &(0x7f00000002c0)=0x18)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2040, 0x0)
ioctl$SCSI_IOCTL_PROBE_HOST(r4, 0x5385, &(0x7f00000000c0))

08:16:08 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:08 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8100, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:08 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = dup(r0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x2000, 0x0)
ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000080)=r2)
r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r3)

08:16:08 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x2000, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(r2, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {&(0x7f0000000240)}}, 0x10)
close(r1)

[ 2390.741052] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2390.772802] CPU: 0 PID: 22077 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2390.780217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2390.789612] Call Trace:
[ 2390.789639]  dump_stack+0x244/0x39d
[ 2390.789662]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2390.801084]  handle_userfault.cold.32+0x47/0x62
[ 2390.805801]  ? userfaultfd_ioctl+0x5610/0x5610
08:16:08 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0xa4f, &(0x7f0000000140)="9c6e236da53f2478c578bbf854956deb1ea9fdfbb1c7d5b6831465695847ac53d435eb914bdaa91298ae20bec1e9edf0c4fc9ae5f7a1ce7c98dd955809eb920a531b768a0f8ce329e80cdfacc1144baf2523646d9f5631e1aa75516d5bf82903b1dab4007d8259cf906e3ca314e3da7443116d6425e5b990ae5dc29977")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2390.805821]  ? mark_held_locks+0x130/0x130
[ 2390.805837]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
08:16:08 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xfffffffe, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:08 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2390.805851]  ? futex_wait_setup+0x266/0x3e0
[ 2390.805879]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2390.805897]  ? userfaultfd_ctx_put+0x830/0x830
[ 2390.805911]  ? futex_wait+0x5a1/0xa50
[ 2390.805932]  ? print_usage_bug+0xc0/0xc0
[ 2390.805949]  ? print_usage_bug+0xc0/0xc0
08:16:08 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x3000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:08 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x9, &(0x7f0000000040)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
fchdir(r1)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x24400, 0x0)
r3 = mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3, 0x41010, 0xffffffffffffff9c, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffff9c, 0xc018620b, &(0x7f0000000100)={<r4=>0x0})
ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffff9c, 0xc018620b, &(0x7f0000000140)={<r5=>0x0})
write$cgroup_int(r2, &(0x7f00000003c0)=0xe0, 0x12)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0xa8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00634040000000000000000002000000000000000000000010000000000000000000000030000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="852a627701000000", @ANYRES64=r3, @ANYBLOB="0100000000000000852a646600000000", @ANYRES32=r0, @ANYBLOB="000000000200000000000000"], @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='p\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="033f0040", @ANYRES64=r4, @ANYBLOB="0f630c40000000000200000000000000106308400100000000000000066304400300000008631040", @ANYRES64=r5, @ANYBLOB="040000000000000005630440000000000e630c400300000003000000000000000663044002000000"], 0xba, 0x0, &(0x7f0000000240)="1799e314c65804404ee4e22fb18e480de2320ed7478b7b818ed28b39d4ddcb90b1073b9df886f2b2b2c16bb66d22cad4fa1dd21b09cabc812ef2c2496a4fb43f353f0851629ec52a75c287fce3df8fe3ed6cb7d1bfb51822a552f3436d23b213975d7c8267e1130a0c05fdbf2d69f31b69aa80840bd37960683374e032960ba3b75a26c81923a81eb2665338b84028877cf7db081bfb196b8be57662ce9980625cc132a0b72316cf4453249aefa764c39a8eb846fe089ebdc7ce"})
setsockopt$IP_VS_SO_SET_EDITDEST(r2, 0x0, 0x489, &(0x7f0000000340)={{0x7f, @dev={0xac, 0x14, 0x14, 0x11}, 0x4e23, 0x3, 'none\x00', 0x11, 0x8001, 0x43}, {@multicast2, 0x4e21, 0x2002, 0xffff, 0x1, 0x9c}}, 0x44)

[ 2390.805967]  ? print_usage_bug+0xc0/0xc0
[ 2390.805984]  ? zap_class+0x640/0x640
[ 2390.806001]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
08:16:08 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x43050000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:08 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x7ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

[ 2390.806016]  ? futex_wake+0x304/0x760
[ 2390.806044]  ? find_held_lock+0x36/0x1c0
[ 2390.806070]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2390.806087]  ? lock_downgrade+0x900/0x900
[ 2390.806111]  ? kasan_check_read+0x11/0x20
[ 2390.806125]  ? do_raw_spin_unlock+0xa7/0x330
[ 2390.806140]  ? do_raw_spin_trylock+0x270/0x270
[ 2390.806158]  ? fault_dirty_shared_page.isra.87+0x320/0x320
08:16:08 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x22000, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000040)=0x6, &(0x7f00000000c0)=0x2)
r1 = syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x1, 0x4000)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xd0, r2, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x400}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x401}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x101}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_LINK={0x44, 0x4, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NET={0x4c, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7fff}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x19}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xb721}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7e}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfff}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20004005}, 0x4000001)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0)

08:16:08 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:09 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x800)
bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x3000, &(0x7f0000000080), 0xc, 0xffffffffffffffff, 0x6})
ioctl$KVM_GET_XSAVE(0xffffffffffffffff, 0x9000aea4, &(0x7f0000001a40))
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={0x0, r2, 0xb, 0x2}, 0x14)
ioctl$TUNSETVNETLE(r1, 0x400454dc, &(0x7f0000000200))

[ 2390.806183]  __handle_mm_fault+0x4bbd/0x5be0
[ 2390.806207]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2390.806226]  ? zap_class+0x640/0x640
[ 2390.806240]  ? rcu_read_unlock_special+0x1c0/0x1c0
08:16:09 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2390.806254]  ? kasan_check_read+0x11/0x20
[ 2390.806271]  ? rcu_softirq_qs+0x20/0x20
[ 2390.806297]  ? zap_class+0x640/0x640
[ 2390.806312]  ? zap_class+0x640/0x640
[ 2390.806352]  ? find_held_lock+0x36/0x1c0
[ 2390.806377]  ? handle_mm_fault+0x42a/0xc70
[ 2390.806394]  ? lock_downgrade+0x900/0x900
[ 2390.806412]  ? check_preemption_disabled+0x48/0x280
[ 2390.806430]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2390.806444]  ? kasan_check_read+0x11/0x20
[ 2390.806459]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2390.806473]  ? rcu_softirq_qs+0x20/0x20
[ 2390.806489]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2390.806506]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2390.806522]  ? check_preemption_disabled+0x48/0x280
[ 2390.806544]  handle_mm_fault+0x54f/0xc70
[ 2390.806564]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2390.806584]  ? find_vma+0x34/0x190
[ 2390.806605]  __do_page_fault+0x5e8/0xe60
[ 2390.806620]  ? trace_hardirqs_off+0xb8/0x310
[ 2390.806645]  do_page_fault+0xf2/0x7e0
[ 2390.806661]  ? vmalloc_sync_all+0x30/0x30
[ 2390.806676]  ? error_entry+0x70/0xd0
[ 2390.806693]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2390.806707]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2390.806724]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2390.806740]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2390.806757]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2390.806773]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2390.806792]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2390.806811]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2390.806826]  ? page_fault+0x8/0x30
[ 2390.806844]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2390.806862]  ? page_fault+0x8/0x30
[ 2390.806878]  page_fault+0x1e/0x30
[ 2390.806891] RIP: 0033:0x4510a0
[ 2390.806908] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2390.806917] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2390.806930] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2390.806940] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2390.806950] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2390.806960] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2390.806970] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2390.810857] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2390.810882] CPU: 1 PID: 22085 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2390.810895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2390.810900] Call Trace:
[ 2390.810924]  dump_stack+0x244/0x39d
[ 2390.810950]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2390.810987]  handle_userfault.cold.32+0x47/0x62
[ 2390.811020]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2390.811040]  ? mark_held_locks+0x130/0x130
[ 2390.811056]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2390.811080]  ? futex_wait_setup+0x266/0x3e0
[ 2390.811115]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2390.811138]  ? userfaultfd_ctx_put+0x830/0x830
[ 2390.811157]  ? futex_wait+0x5a1/0xa50
[ 2390.811182]  ? print_usage_bug+0xc0/0xc0
[ 2390.811212]  ? print_usage_bug+0xc0/0xc0
[ 2390.811233]  ? print_usage_bug+0xc0/0xc0
[ 2390.811254]  ? zap_class+0x640/0x640
[ 2390.811275]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2390.811293]  ? futex_wake+0x304/0x760
[ 2390.811325]  ? find_held_lock+0x36/0x1c0
[ 2390.811371]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2390.811391]  ? lock_downgrade+0x900/0x900
[ 2390.811419]  ? kasan_check_read+0x11/0x20
[ 2390.811435]  ? do_raw_spin_unlock+0xa7/0x330
[ 2390.811452]  ? do_raw_spin_trylock+0x270/0x270
[ 2390.811476]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2390.811508]  __handle_mm_fault+0x4bbd/0x5be0
[ 2390.811538]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2390.811561]  ? zap_class+0x640/0x640
[ 2390.811576]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2390.811594]  ? kasan_check_read+0x11/0x20
[ 2390.811614]  ? rcu_softirq_qs+0x20/0x20
[ 2390.811646]  ? zap_class+0x640/0x640
[ 2390.811663]  ? zap_class+0x640/0x640
[ 2390.811690]  ? find_held_lock+0x36/0x1c0
[ 2390.811718]  ? handle_mm_fault+0x42a/0xc70
[ 2390.811740]  ? lock_downgrade+0x900/0x900
[ 2390.811760]  ? check_preemption_disabled+0x48/0x280
[ 2390.811793]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2390.811812]  ? kasan_check_read+0x11/0x20
[ 2390.811831]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2390.811856]  ? rcu_softirq_qs+0x20/0x20
[ 2390.811876]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2390.811898]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2390.811919]  ? check_preemption_disabled+0x48/0x280
[ 2390.811946]  handle_mm_fault+0x54f/0xc70
[ 2390.811970]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2390.811992]  ? find_vma+0x34/0x190
[ 2390.812016]  __do_page_fault+0x5e8/0xe60
[ 2390.812035]  ? trace_hardirqs_off+0xb8/0x310
[ 2390.812062]  do_page_fault+0xf2/0x7e0
[ 2390.812081]  ? vmalloc_sync_all+0x30/0x30
[ 2390.812100]  ? error_entry+0x70/0xd0
[ 2390.812121]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2390.812139]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2390.812159]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2390.812176]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2390.812195]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2390.812214]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2390.812233]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2390.812255]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2390.812274]  ? page_fault+0x8/0x30
[ 2390.812298]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2390.812320]  ? page_fault+0x8/0x30
[ 2390.812356]  page_fault+0x1e/0x30
[ 2390.812370] RIP: 0033:0x4510a0
[ 2390.812388] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2390.812399] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2390.812413] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2390.812425] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2390.812436] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2390.812447] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2390.812458] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2391.035976] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2391.036001] CPU: 1 PID: 22114 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2391.036013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2391.036020] Call Trace:
[ 2391.036045]  dump_stack+0x244/0x39d
[ 2391.036070]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2391.036105]  handle_userfault.cold.32+0x47/0x62
[ 2391.036138]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2391.036161]  ? mark_held_locks+0x130/0x130
[ 2391.036187]  ? find_held_lock+0x36/0x1c0
[ 2391.036226]  ? userfaultfd_ctx_put+0x830/0x830
[ 2391.036262]  ? kasan_check_read+0x11/0x20
[ 2391.036283]  ? print_usage_bug+0xc0/0xc0
[ 2391.036300]  ? do_raw_spin_trylock+0x270/0x270
[ 2391.036319]  ? print_usage_bug+0xc0/0xc0
[ 2391.036355]  ? print_usage_bug+0xc0/0xc0
[ 2391.036377]  ? zap_class+0x640/0x640
[ 2391.036400]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2391.036428]  ? futex_wake+0x304/0x760
[ 2391.036462]  ? find_held_lock+0x36/0x1c0
[ 2391.036490]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2391.036520]  ? lock_downgrade+0x900/0x900
[ 2391.036546]  ? kasan_check_read+0x11/0x20
[ 2391.036562]  ? do_raw_spin_unlock+0xa7/0x330
[ 2391.036580]  ? do_raw_spin_trylock+0x270/0x270
[ 2391.036602]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2391.036650]  __handle_mm_fault+0x4bbd/0x5be0
[ 2391.036680]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2391.036701]  ? zap_class+0x640/0x640
[ 2391.036716]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2391.036732]  ? kasan_check_read+0x11/0x20
[ 2391.036750]  ? rcu_softirq_qs+0x20/0x20
[ 2391.036780]  ? zap_class+0x640/0x640
[ 2391.036796]  ? zap_class+0x640/0x640
[ 2391.036819]  ? find_held_lock+0x36/0x1c0
[ 2391.036856]  ? handle_mm_fault+0x42a/0xc70
[ 2391.036878]  ? lock_downgrade+0x900/0x900
[ 2391.036898]  ? check_preemption_disabled+0x48/0x280
[ 2391.036918]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2391.036934]  ? kasan_check_read+0x11/0x20
[ 2391.036949]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2391.036964]  ? rcu_softirq_qs+0x20/0x20
[ 2391.036981]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2391.037003]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2391.037022]  ? check_preemption_disabled+0x48/0x280
[ 2391.037046]  handle_mm_fault+0x54f/0xc70
[ 2391.037068]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2391.037090]  ? find_vma+0x34/0x190
[ 2391.037114]  __do_page_fault+0x5e8/0xe60
[ 2391.037130]  ? trace_hardirqs_off+0xb8/0x310
[ 2391.037162]  do_page_fault+0xf2/0x7e0
[ 2391.037183]  ? vmalloc_sync_all+0x30/0x30
[ 2391.037203]  ? error_entry+0x70/0xd0
[ 2391.037224]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2391.037241]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2391.037263]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2391.037284]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2391.037305]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2391.037325]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2391.037362]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2391.037385]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2391.037402]  ? page_fault+0x8/0x30
[ 2391.037425]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2391.037447]  ? page_fault+0x8/0x30
[ 2391.037467]  page_fault+0x1e/0x30
[ 2391.037481] RIP: 0033:0x4510a0
[ 2391.037502] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2391.037513] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2391.037529] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2391.037540] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2391.037552] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2391.037562] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2391.037574] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2391.110726] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2391.110752] CPU: 1 PID: 22119 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2391.110763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2391.110769] Call Trace:
[ 2391.110796]  dump_stack+0x244/0x39d
[ 2391.110820]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2391.110863]  handle_userfault.cold.32+0x47/0x62
[ 2391.110897]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2391.110921]  ? mark_held_locks+0x130/0x130
[ 2391.110950]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2391.110967]  ? futex_wait_setup+0x266/0x3e0
[ 2391.111001]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2391.111024]  ? userfaultfd_ctx_put+0x830/0x830
[ 2391.111040]  ? futex_wait+0x5a1/0xa50
[ 2391.111065]  ? print_usage_bug+0xc0/0xc0
[ 2391.111084]  ? print_usage_bug+0xc0/0xc0
[ 2391.111103]  ? print_usage_bug+0xc0/0xc0
[ 2391.111122]  ? zap_class+0x640/0x640
[ 2391.111144]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2391.111162]  ? futex_wake+0x304/0x760
[ 2391.111195]  ? find_held_lock+0x36/0x1c0
[ 2391.111226]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2391.111257]  ? lock_downgrade+0x900/0x900
[ 2391.111285]  ? kasan_check_read+0x11/0x20
[ 2391.111305]  ? do_raw_spin_unlock+0xa7/0x330
[ 2391.111325]  ? do_raw_spin_trylock+0x270/0x270
[ 2391.111361]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2391.111393]  __handle_mm_fault+0x4bbd/0x5be0
[ 2391.111423]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2391.111447]  ? zap_class+0x640/0x640
[ 2391.111463]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2391.111483]  ? kasan_check_read+0x11/0x20
[ 2391.111504]  ? rcu_softirq_qs+0x20/0x20
[ 2391.111555]  ? zap_class+0x640/0x640
[ 2391.111572]  ? zap_class+0x640/0x640
[ 2391.111598]  ? find_held_lock+0x36/0x1c0
[ 2391.111627]  ? handle_mm_fault+0x42a/0xc70
[ 2391.111648]  ? lock_downgrade+0x900/0x900
[ 2391.111669]  ? check_preemption_disabled+0x48/0x280
[ 2391.111691]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2391.111710]  ? kasan_check_read+0x11/0x20
[ 2391.111727]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2391.111745]  ? rcu_softirq_qs+0x20/0x20
[ 2391.111767]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2391.111791]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2391.111810]  ? check_preemption_disabled+0x48/0x280
[ 2391.111839]  handle_mm_fault+0x54f/0xc70
[ 2391.111878]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2391.111910]  ? find_vma+0x34/0x190
[ 2391.111935]  __do_page_fault+0x5e8/0xe60
[ 2391.111952]  ? trace_hardirqs_off+0xb8/0x310
[ 2391.111981]  do_page_fault+0xf2/0x7e0
[ 2391.112003]  ? vmalloc_sync_all+0x30/0x30
[ 2391.112022]  ? error_entry+0x70/0xd0
[ 2391.112051]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2391.112069]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2391.112089]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2391.112108]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2391.112128]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2391.112147]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2391.112168]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2391.112189]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2391.112214]  ? page_fault+0x8/0x30
[ 2391.112236]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2391.112257]  ? page_fault+0x8/0x30
[ 2391.112275]  page_fault+0x1e/0x30
[ 2391.112289] RIP: 0033:0x4510a0
[ 2391.112309] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2391.112318] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2391.112346] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2391.112358] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2391.112369] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2391.112379] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2391.112391] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2391.257806] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2391.257831] CPU: 0 PID: 22138 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2391.257843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2391.257851] Call Trace:
[ 2391.257880]  dump_stack+0x244/0x39d
[ 2391.257907]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2391.257939]  handle_userfault.cold.32+0x47/0x62
[ 2391.257969]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2391.257989]  ? mark_held_locks+0x130/0x130
[ 2391.258006]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2391.258022]  ? futex_wait_setup+0x266/0x3e0
[ 2391.258054]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2391.258076]  ? userfaultfd_ctx_put+0x830/0x830
[ 2391.258093]  ? futex_wait+0x5a1/0xa50
[ 2391.258116]  ? print_usage_bug+0xc0/0xc0
[ 2391.258134]  ? print_usage_bug+0xc0/0xc0
[ 2391.258154]  ? print_usage_bug+0xc0/0xc0
[ 2391.258172]  ? zap_class+0x640/0x640
[ 2391.258190]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2391.258208]  ? futex_wake+0x304/0x760
[ 2391.258241]  ? find_held_lock+0x36/0x1c0
[ 2391.258269]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2391.258295]  ? lock_downgrade+0x900/0x900
[ 2391.258323]  ? kasan_check_read+0x11/0x20
[ 2391.258359]  ? do_raw_spin_unlock+0xa7/0x330
[ 2391.258378]  ? do_raw_spin_trylock+0x270/0x270
[ 2391.258398]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2391.258430]  __handle_mm_fault+0x4bbd/0x5be0
[ 2391.258459]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2391.258481]  ? zap_class+0x640/0x640
[ 2391.258497]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2391.258512]  ? kasan_check_read+0x11/0x20
[ 2391.258530]  ? rcu_softirq_qs+0x20/0x20
[ 2391.258558]  ? zap_class+0x640/0x640
[ 2391.258576]  ? zap_class+0x640/0x640
[ 2391.258602]  ? find_held_lock+0x36/0x1c0
[ 2391.258631]  ? handle_mm_fault+0x42a/0xc70
[ 2391.258651]  ? lock_downgrade+0x900/0x900
[ 2391.258671]  ? check_preemption_disabled+0x48/0x280
[ 2391.258691]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2391.258706]  ? kasan_check_read+0x11/0x20
[ 2391.258723]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2391.258741]  ? rcu_softirq_qs+0x20/0x20
[ 2391.258762]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2391.258782]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2391.258803]  ? check_preemption_disabled+0x48/0x280
[ 2391.258830]  handle_mm_fault+0x54f/0xc70
[ 2391.258855]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2391.258882]  ? find_vma+0x34/0x190
[ 2391.258907]  __do_page_fault+0x5e8/0xe60
[ 2391.258927]  ? trace_hardirqs_off+0xb8/0x310
[ 2391.258957]  do_page_fault+0xf2/0x7e0
[ 2391.258983]  ? vmalloc_sync_all+0x30/0x30
[ 2391.259003]  ? error_entry+0x70/0xd0
[ 2391.259028]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2391.259047]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2391.259079]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2391.259104]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2391.259126]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2391.259147]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2391.259167]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2391.259189]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2391.259207]  ? page_fault+0x8/0x30
[ 2391.259228]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2391.259249]  ? page_fault+0x8/0x30
[ 2391.259275]  page_fault+0x1e/0x30
[ 2391.259290] RIP: 0033:0x4510a0
[ 2391.259310] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2391.259319] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2391.259359] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2391.259383] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2391.259394] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2391.259405] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2391.259415] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2391.342373] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2391.342398] CPU: 0 PID: 22149 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2391.342410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2391.342416] Call Trace:
[ 2391.342446]  dump_stack+0x244/0x39d
[ 2391.342472]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2391.342506]  handle_userfault.cold.32+0x47/0x62
[ 2391.342536]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2391.342557]  ? mark_held_locks+0x130/0x130
[ 2391.342581]  ? find_held_lock+0x36/0x1c0
[ 2391.342611]  ? userfaultfd_ctx_put+0x830/0x830
[ 2391.342637]  ? kasan_check_read+0x11/0x20
[ 2391.342659]  ? print_usage_bug+0xc0/0xc0
[ 2391.342677]  ? do_raw_spin_trylock+0x270/0x270
[ 2391.342696]  ? print_usage_bug+0xc0/0xc0
[ 2391.342720]  ? print_usage_bug+0xc0/0xc0
[ 2391.342741]  ? zap_class+0x640/0x640
[ 2391.342763]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2391.342779]  ? futex_wake+0x304/0x760
[ 2391.342816]  ? find_held_lock+0x36/0x1c0
[ 2391.342846]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2391.342870]  ? lock_downgrade+0x900/0x900
[ 2391.342899]  ? kasan_check_read+0x11/0x20
[ 2391.342916]  ? do_raw_spin_unlock+0xa7/0x330
[ 2391.342932]  ? do_raw_spin_trylock+0x270/0x270
[ 2391.342954]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2391.342983]  __handle_mm_fault+0x4bbd/0x5be0
[ 2391.343012]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2391.343032]  ? zap_class+0x640/0x640
[ 2391.343048]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2391.343065]  ? kasan_check_read+0x11/0x20
[ 2391.343086]  ? rcu_softirq_qs+0x20/0x20
[ 2391.343116]  ? zap_class+0x640/0x640
[ 2391.343134]  ? zap_class+0x640/0x640
[ 2391.343158]  ? find_held_lock+0x36/0x1c0
[ 2391.343184]  ? handle_mm_fault+0x42a/0xc70
[ 2391.343203]  ? lock_downgrade+0x900/0x900
[ 2391.343221]  ? check_preemption_disabled+0x48/0x280
[ 2391.343241]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2391.343257]  ? kasan_check_read+0x11/0x20
[ 2391.343273]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2391.343289]  ? rcu_softirq_qs+0x20/0x20
[ 2391.343316]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2391.343358]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2391.343381]  ? check_preemption_disabled+0x48/0x280
[ 2391.343409]  handle_mm_fault+0x54f/0xc70
[ 2391.343432]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2391.343455]  ? find_vma+0x34/0x190
[ 2391.343480]  __do_page_fault+0x5e8/0xe60
[ 2391.343498]  ? trace_hardirqs_off+0xb8/0x310
[ 2391.343532]  do_page_fault+0xf2/0x7e0
[ 2391.343553]  ? vmalloc_sync_all+0x30/0x30
[ 2391.343570]  ? error_entry+0x70/0xd0
[ 2391.343592]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2391.343610]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2391.343629]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2391.343647]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2391.343667]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2391.343685]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2391.343706]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2391.343726]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2391.343742]  ? page_fault+0x8/0x30
[ 2391.343764]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2391.343785]  ? page_fault+0x8/0x30
[ 2391.343801]  page_fault+0x1e/0x30
[ 2391.343814] RIP: 0033:0x4510a0
[ 2391.343834] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2391.343844] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2391.343861] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2391.343873] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2391.343884] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2391.343895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
08:16:11 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x86ddffff00000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:11 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:11 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x2, 0x0)
ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000080)={0x81, 0x0, [0x0, 0x7, 0x10]})

08:16:11 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
r3 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x69a, 0xa00)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, r1, 0x0, 0x10, &(0x7f0000000080)='selfGPL:keyring\x00'}, 0x30)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000100)=<r5=>0x0)
kcmp$KCMP_EPOLL_TFD(r4, r5, 0x7, r1, &(0x7f0000000140)={r3, r2, 0x2})

08:16:11 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x800, 0x0)
ioctl$sock_inet6_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000040))
clone(0x2, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
dup2(r0, r2)
ioctl$DRM_IOCTL_GET_MAGIC(r2, 0x80046402, &(0x7f00000000c0)=0x80)
ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000140)={0xfd, 0x0, [0x2, 0x5, 0x3ff]})
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

08:16:11 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x74)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2391.343906] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:11 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8848000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:11 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f0000000240)={0x1, 0x0, [], {0x0, @reserved}})
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f00000000c0))
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r2, 0xc10c5541, &(0x7f0000000100)={0x4, 0x2, 0x0, 0x0, 0x0, [], [], [], 0x7, 0x3})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r3)

[ 2393.470822] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2393.475979] CPU: 1 PID: 22163 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2393.483373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2393.492735] Call Trace:
[ 2393.495361]  dump_stack+0x244/0x39d
[ 2393.499020]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2393.504250]  handle_userfault.cold.32+0x47/0x62
[ 2393.508965]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2393.513564]  ? mark_held_locks+0x130/0x130
[ 2393.517812]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2393.522862]  ? futex_wait_setup+0x266/0x3e0
[ 2393.522898]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2393.532426]  ? userfaultfd_ctx_put+0x830/0x830
[ 2393.537019]  ? futex_wait+0x5a1/0xa50
[ 2393.537042]  ? print_usage_bug+0xc0/0xc0
[ 2393.537059]  ? print_usage_bug+0xc0/0xc0
[ 2393.537079]  ? print_usage_bug+0xc0/0xc0
[ 2393.553053]  ? zap_class+0x640/0x640
[ 2393.556783]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2393.561942]  ? futex_wake+0x304/0x760
[ 2393.561973]  ? find_held_lock+0x36/0x1c0
[ 2393.561998]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2393.574428]  ? lock_downgrade+0x900/0x900
[ 2393.574455]  ? kasan_check_read+0x11/0x20
[ 2393.574470]  ? do_raw_spin_unlock+0xa7/0x330
[ 2393.574486]  ? do_raw_spin_trylock+0x270/0x270
[ 2393.574504]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2393.574530]  __handle_mm_fault+0x4bbd/0x5be0
[ 2393.601831]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2393.606704]  ? zap_class+0x640/0x640
[ 2393.610438]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2393.615388]  ? kasan_check_read+0x11/0x20
[ 2393.619555]  ? rcu_softirq_qs+0x20/0x20
[ 2393.623562]  ? zap_class+0x640/0x640
[ 2393.627293]  ? zap_class+0x640/0x640
[ 2393.631050]  ? find_held_lock+0x36/0x1c0
[ 2393.635135]  ? handle_mm_fault+0x42a/0xc70
[ 2393.639490]  ? lock_downgrade+0x900/0x900
[ 2393.643655]  ? check_preemption_disabled+0x48/0x280
[ 2393.648693]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2393.653640]  ? kasan_check_read+0x11/0x20
[ 2393.657812]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2393.663115]  ? rcu_softirq_qs+0x20/0x20
[ 2393.667112]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2393.672235]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2393.677789]  ? check_preemption_disabled+0x48/0x280
[ 2393.682829]  handle_mm_fault+0x54f/0xc70
[ 2393.686909]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2393.691515]  ? find_vma+0x34/0x190
[ 2393.695081]  __do_page_fault+0x5e8/0xe60
[ 2393.699159]  ? trace_hardirqs_off+0xb8/0x310
[ 2393.703587]  do_page_fault+0xf2/0x7e0
[ 2393.703605]  ? vmalloc_sync_all+0x30/0x30
[ 2393.703621]  ? error_entry+0x70/0xd0
[ 2393.703641]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2393.720306]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2393.725266]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2393.730209]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2393.735070]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2393.740103]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2393.745572]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2393.750618]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2393.755653]  ? page_fault+0x8/0x30
[ 2393.759227]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2393.764089]  ? page_fault+0x8/0x30
[ 2393.767642]  page_fault+0x1e/0x30
08:16:11 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dsp\x00', 0x8000, 0x0)
write$P9_RLOPEN(r1, &(0x7f00000002c0)={0x18, 0xd, 0x1, {{0xa4, 0x2, 0x6}, 0x7b82}}, 0x18)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_matches\x00')
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x0, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r2, &(0x7f0000000240)={0xb, 0x10, 0xfa00, {&(0x7f0000000080), r3, 0x2}}, 0x18)

08:16:11 executing program 4:
r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000180)={<r1=>0xffffffffffffffff}, 0x13f, 0x100f}}, 0x20)
write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f0000000200)={0x6, 0x118, 0xfa00, {{0x9, 0x11, "b1ca74f5f6bd85b90942148ed5ae743559f7db751d000f73a54d7112094060a6403f484772c1b3f09b2a3dca42e1745379a4562ea674fe3ee39cf13a5c23eaa428f288dbcbb80dac0bc4f2dc213f801317c7bbdcccb43d4d3aa5e57c31c51f9ba28b4d14907931138e1adf86e5e64e8372bdfdfb4d758f953aabb1b23710149829c459672af8cb1a3d818ec0b824171a789de4dab7c368c4e6a7ff456777402fda2a003cce3ffb7b7b8c367eadde5e2909cdbae94da746e30165d5886f04edbefe9740686281d202d27c68af9bb1778920738419de11447e53bec39c028dad471c87ceb6f768807db43109620694703cd03fdb2481e105d451f65be0a0172e0c", 0x96, 0x1, 0xbaa, 0x1000, 0x81, 0x7ff, 0x3}, r1}}, 0x120)
r2 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x7b, 0x200)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x80, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r4, 0x800455d1, &(0x7f0000000080))
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80, 0x40)
ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xffffffff)
r6 = dup2(r4, r4)
ioctl$FUSE_DEV_IOC_CLONE(r5, 0x8004e500, &(0x7f0000000040)=r6)

08:16:11 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000040))
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x80000, 0x0)
fcntl$getown(r1, 0x9)
sync_file_range(r2, 0xffffffffffffffea, 0x400, 0x5)
socket$nl_crypto(0x10, 0x3, 0x15)

08:16:11 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xfffff000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2393.771106] RIP: 0033:0x4510a0
[ 2393.771124] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2393.771133] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2393.771146] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2393.771156] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2393.771165] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2393.771180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2393.793301] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2393.838652] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2393.851529] CPU: 0 PID: 22170 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2393.858911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2393.868267] Call Trace:
08:16:11 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x8, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x40, 0x0)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000100)={<r3=>0x0, 0xf94c}, &(0x7f0000000140)=0x8)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000180)={r3, @in={{0x2, 0x4e24, @remote}}}, &(0x7f0000000240)=0x84)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'bond_slave_1\x00', &(0x7f0000000040)=@ethtool_gfeatures={0x3a, 0x1, [{0x9, 0x7, 0x3, 0x10001}]}})

[ 2393.870871]  dump_stack+0x244/0x39d
[ 2393.874521]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2393.879747]  handle_userfault.cold.32+0x47/0x62
[ 2393.884453]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2393.889060]  ? mark_held_locks+0x130/0x130
[ 2393.893316]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2393.898376]  ? futex_wait_setup+0x266/0x3e0
[ 2393.902742]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2393.907956]  ? print_usage_bug+0xc0/0xc0
[ 2393.912027]  ? futex_wait+0x5a1/0xa50
[ 2393.915843]  ? print_usage_bug+0xc0/0xc0
[ 2393.919925]  ? print_usage_bug+0xc0/0xc0
[ 2393.924009]  ? print_usage_bug+0xc0/0xc0
[ 2393.928089]  ? zap_class+0x640/0x640
[ 2393.931823]  ? mark_held_locks+0xc7/0x130
[ 2393.936001]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2393.936022]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 2393.936043]  ? find_held_lock+0x36/0x1c0
[ 2393.936068]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2393.945403]  ? lock_downgrade+0x900/0x900
[ 2393.945429]  ? kasan_check_read+0x11/0x20
[ 2393.945444]  ? do_raw_spin_unlock+0xa7/0x330
[ 2393.945460]  ? do_raw_spin_trylock+0x270/0x270
[ 2393.945479]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2393.945496]  ? __handle_mm_fault+0xe9e/0x5be0
[ 2393.945519]  __handle_mm_fault+0x4bbd/0x5be0
[ 2393.985953]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2393.990811]  ? zap_class+0x640/0x640
[ 2393.994538]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2393.999482]  ? kasan_check_read+0x11/0x20
[ 2394.003646]  ? rcu_softirq_qs+0x20/0x20
[ 2394.007648]  ? zap_class+0x640/0x640
[ 2394.011390]  ? zap_class+0x640/0x640
[ 2394.015123]  ? find_held_lock+0x36/0x1c0
[ 2394.019210]  ? handle_mm_fault+0x42a/0xc70
[ 2394.023466]  ? lock_downgrade+0x900/0x900
[ 2394.027631]  ? check_preemption_disabled+0x48/0x280
[ 2394.032673]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2394.037614]  ? kasan_check_read+0x11/0x20
[ 2394.041776]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2394.047067]  ? rcu_softirq_qs+0x20/0x20
[ 2394.051056]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2394.051077]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2394.051094]  ? check_preemption_disabled+0x48/0x280
[ 2394.051116]  handle_mm_fault+0x54f/0xc70
[ 2394.066763]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2394.066786]  ? find_vma+0x34/0x190
[ 2394.066811]  __do_page_fault+0x5e8/0xe60
[ 2394.083049]  ? trace_hardirqs_off+0xb8/0x310
[ 2394.087485]  do_page_fault+0xf2/0x7e0
[ 2394.091303]  ? vmalloc_sync_all+0x30/0x30
[ 2394.095488]  ? error_entry+0x70/0xd0
[ 2394.099221]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2394.104253]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2394.109198]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2394.114142]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2394.119003]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2394.124037]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2394.129512]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2394.134557]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2394.139590]  ? page_fault+0x8/0x30
[ 2394.143138]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2394.147971]  ? page_fault+0x8/0x30
[ 2394.151540]  page_fault+0x1e/0x30
[ 2394.154984] RIP: 0033:0x4510a0
[ 2394.158169] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2394.177057] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2394.182420] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2394.189691] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2394.196951] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2394.204207] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2394.211497] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:12 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:12 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0xfca8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x1, 0x0)
ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0)

08:16:12 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88480000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:12 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x2, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffc)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
ioctl$BLKPG(r1, 0x1269, &(0x7f00000000c0)={0x8, 0x200, 0xb2, &(0x7f0000000240)="373b42c29cfda3ed7b5d4099a87fc419b74474048485ddfc3972de5cc039377041ec6cdff52da7cd2aa59ec13daf19eef38c716175c66429fe62e90984a9fdad4ddf0a715214c520c386e64b90926d304aba1a0201739133fb00e0593b25e055568e40db40adc2decec15479e9d3eef715af9a6e399fee43ba1a27a56d29a3edb615e89a1f4b9834e682c065075d53f5e6b7df9e1be53689e1235a2bd8489001481cafafc55725ec57dc4bc359b4c6e6a045"})
r2 = getuid()
setreuid(0x0, r2)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x1d, @loopback, 0x4e22, 0x3, 'wlc\x00', 0x21, 0x4, 0x73}, 0x2c)

08:16:12 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x3f00000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:12 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x4e, &(0x7f0000000040)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7774fcb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000000), &(0x7f0000000080)=0xc)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
accept4$inet(r2, 0x0, &(0x7f0000000100), 0x80000)

08:16:12 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0xfffffffffffffff8, 0x2000)
ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000240)=""/237)
r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x400, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000000c0)={&(0x7f0000000080)=[0x4, 0x8, 0x3ff800000000000, 0x0], 0x4, 0x4, 0x2b9, 0x19, 0x2464, 0x1, {0x4, 0x7, 0x1, 0x1f, 0x3e5, 0x40, 0xaaff, 0x5, 0x272, 0x4, 0x7ff, 0x9, 0x2, 0x9, "b627b59e3b8505f598afb7c27a399bd16aea44b181a8df389d948e357b3bab5e"}})
close(r1)

08:16:12 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x2000)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000280)=ANY=[@ANYBLOB="0800000007e95ca87aece10f03f1a30493e0858c9e049b1e601000000009f7a07dbc1e00000003000000f4c526c0cc0800bba86ebc65fde3ed000002000000"])
syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = semget(0x0, 0x4, 0x586)
semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000140)=""/131)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000080)={0x0, 0x4004400})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000919000/0x400000)=nil, 0x400000, 0xffffffffffffffff, 0x8031, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x20)
ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0))
openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000004c0))
openat$sequencer(0xffffffffffffff9c, 0x0, 0xc0200, 0x0)
sched_setscheduler(0x0, 0x6, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x80000, 0x0)
clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0)
r5 = socket(0x1e, 0x805, 0x0)
mkdir(&(0x7f00000005c0)='./file0\x00', 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x0, 0x200, 0x0, 0x0, 0x38f, 0x0, 0x0, 0xb08, 0x0, 0x7, 0x3, 0x800, 0xffffffffffffffff, 0x5a}})
sendmsg(r5, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)

08:16:12 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8864, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:12 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x80000000008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/tcp\x00')
write$FUSE_DIRENT(r2, &(0x7f00000002c0)={0x168, 0x0, 0x2, [{0x2, 0x2, 0x1f, 0xf2, 'posix_acl_accesswlan1ppp1/em0\'{'}, {0x0, 0x248, 0x1, 0x9, '^'}, {0x6, 0xbd1, 0x8, 0x2, 'keyring\x00'}, {0x2, 0xffffffff, 0x8, 0x7fff, 'keyring\x00'}, {0x3, 0x1, 0x2a, 0x80000001, '^/\\[bdevvboxnet1[)vboxnet1@wlan0vboxnet1.}'}, {0x6, 0x200, 0x1e, 0x2, 'vboxnet0selinuxeth1-selinux!+['}, {0x1, 0xfffffffffffffff9, 0x5, 0x0, 'user\x00'}, {0x5, 0x4, 0x3, 0x1ff, 'syz'}]}, 0x168)
r3 = semget$private(0x0, 0x3, 0x10)
semctl$GETPID(r3, 0xd565892094bc5ab3, 0xb, &(0x7f0000000040)=""/95)
r4 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
utime(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x80000001, 0x7})
add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000140)="60e5e2534f3771e0ac74ce38c7a33ffaa339a7ee57c7c1b737c4c54b0750a6f9408e4782d05be9f68b4e332d813ccbdfafa2d20759965a4a3a5915d5f83252aa7c15ecc552e3bac49d0a23c29409e0bb5f9802e2135a133b7f05cb2c1c3dff8b40b527b21c04281cdcbc379d3c76a161083ceb95aca60cd5845b800882c111c1aaf6d0858d6490d962fd21de4db453b66b8c6353d2b73d5c4cf29c", 0x9b, r4)

08:16:12 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6000000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:12 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:12 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r2, 0x0, 0xe, &(0x7f0000000180)='vmnet1nodev\\]\x00'}, 0x30)
fcntl$getown(r0, 0x9)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280))
fcntl$getown(r1, 0x9)
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f00000002c0))
fcntl$getown(r2, 0x9)
getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0xffffffffffffffff, r2, 0x0, 0x5, &(0x7f0000000300)='self\x00'}, 0x30)
gettid()
r3 = gettid()
r4 = getpgrp(r3)
perf_event_open(&(0x7f0000000080)={0x7, 0x70, 0x7, 0x6, 0x1, 0x0, 0x0, 0x7, 0x44000, 0x4, 0x3, 0x9, 0x1, 0x576, 0x0, 0x1, 0x8, 0x3, 0x9, 0x8a88, 0x7, 0x8, 0x0, 0x1, 0x0, 0x7, 0x7d0, 0x88c3, 0x7, 0x9, 0xff, 0x2, 0x6, 0x6f, 0x86d4, 0x566, 0x1, 0x1f, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000040), 0x4}, 0x20, 0x7, 0x20, 0x0, 0xfffffffffffffff9, 0x7fffffff, 0x3}, r4, 0x6, r2, 0x2)
r5 = perf_event_open(&(0x7f0000014f88)={0x5, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)

08:16:12 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8035, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:12 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
clone(0x106, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000013c0)=""/251, &(0x7f00000014c0)=0xfb)
r1 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r1, 0xf255, &(0x7f0000000000)="0a5c2d023c126285718070")
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x4000, 0x0)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000080)={<r4=>0x0, 0x5}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000100)={r4, 0x401}, &(0x7f0000000140)=0xc)
close(r2)

08:16:12 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x100000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:12 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:12 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = memfd_create(&(0x7f0000000040)='*\x00', 0x1)
ioctl$DRM_IOCTL_AGP_INFO(r2, 0x80386433, &(0x7f00000000c0)=""/137)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=<r3=>0x0)
bind$bt_sco(r2, &(0x7f0000000180)={0x1f, {0xffffffffffff593d, 0x7fff, 0x7d34deef, 0x1, 0x10001, 0x3}}, 0x8)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
sched_setscheduler(r3, 0x7, &(0x7f0000000240)=0x7f)
dup3(r2, r1, 0x80000)

[ 2394.673276] IPVS: length: 251 != 24
08:16:12 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f0000000080)={<r2=>0x0, @in6={{0xa, 0x4e24, 0x7, @mcast1, 0xff}}, 0x1, 0x0, 0x0, 0x317, 0x1}, &(0x7f0000000140)=0x98)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000180)={r2, @in6={{0xa, 0x4e21, 0x7ff, @mcast2, 0xb5dd}}}, 0xffffffffffffff60)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280)='nbd\x00')
ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f00000003c0)={0x1})
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40021}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x50, r5, 0x524, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xdda9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x18, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x44000}, 0x8000)
ioctl$VIDIOC_S_AUDIO(r3, 0x40345622, &(0x7f0000000400)={0x40, "4f8dd4df22e3da0504ffd00ada2874d09d3055deabbcdc7192407570cdb8a981", 0x2, 0x1})
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f00000006c0)={r2, @in6={{0xa, 0x4e23, 0x6, @mcast1, 0x68a}}}, 0x250)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="3b002cbd7000fdfcfeffff0c00080007000000000000000c00040001000000000000000c00040001010000000000000c000200b5d60000000000000c00030077000000080000000c0004000200000000000000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x10)
close(r3)

08:16:13 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f0000000140)={0x1, @raw_data="c30c2199ee45a89fd971d9b803a6753f1b84c54ff661909a8ae58eb964080133a3ed21162b7fc721fe55d9abc40a8606acb744d1464acb18621ad6d24ad050b15ee164d59716653d12f68ab67de57635695f5aecdcb044f7eaddfe5265f27d77856cc9a566194a8526ff9f12e2a3429ef6caf439ad36d497bd57760b14e33a0865648986de037c4f58a791b91aa3c6c088bc215868b2490ab33d7c82eda13c4795833b2400831f703e05d22709e4a034800094a9bcda2eb1e593895f629ce3d18b2f8f233a5fade2"})
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
prctl$PR_GET_DUMPABLE(0x3)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=<r3=>0x0)
fcntl$setownex(r0, 0xf, &(0x7f00000000c0)={0x1, r3})
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

08:16:13 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xf0ffffffffffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:13 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x9000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:13 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0xffffffff00000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:13 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl(r0, 0xfffffffffffffff9, &(0x7f0000001940)="55d2cc35b8c2172d48e24f844475ef360f47d5aca966a71b6747eb0b14be56ac8734b66599c59714329c302a642fb8bcb8922b75c0a825b14fdb3b8edbd9042a06c2a797808c1be33bb2a532d60b2cf37b54c9c5d529a0ecb82c7e9c2fcd42970a44da8041b083e13014b99779cd7201fe6cb7e49fb41139c66745c27ab57e8eecacaf98ecb18559f78b02b5d8119d4c25b79b764034a6016be5")
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
getpeername$packet(r1, &(0x7f0000000040)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14)
sendmmsg(r0, &(0x7f0000001900)=[{{&(0x7f00000000c0)=@xdp={0x2c, 0x1, r3, 0x30}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)="39dc6760ec3d001093b94ba834cd5d018234adba57300aa2a4850b51a0922bb44aad6779041185a4462cdff904354be7dbe85ee2bcba9c0bf49f812ad8b91596b8f7c8e00a1f845511a73b90430d30cf68cb551f259608a663deb38b47bb1501ed", 0x61}, {&(0x7f0000000240)="fd4ac5352cf9176db0c279b88522194a7a701b7dea6994d4fabee4515131b44ee97893dfb9da50d1095a29140cc409700cd385f5bc34b7d3c012810975f66b8811ff853a8d1a6d296dec357559dd2f975e459a6ed9", 0x55}, {&(0x7f00000002c0)="c8ee56fa2d9b724b7fd642a983dd5320e14a3ab5e77f4d8399e26c52a8c1757990e100420d03595211a927234a3036369a5a8fd0e70a49697ffe0fce325dd45eec86ec1000c2fb9f1d7ceed878125856dbe69b6c1cd6cb7a082a33fab0a1e398d6d8a28aa3c7445b734d03aabd1c1895428e4aed34393d2ba1ed34d280cddf905c55b7179a8324b1f1a88ca15acfa2893671c9b7f8097073df4b2f3cc377ffb44e40db954132d1db2a89aa595eedd540b6288b4399a0298a3bc1b767e0866667", 0xc0}], 0x3, &(0x7f00000003c0)=[{0xd0, 0x1, 0x10000, "6420913a6b2a9894a90d24add0b5d2cd176d9c455aefa2324c5ff92ccf8cc5eba2417d43764835bf52cc9b88b22581767704a62f68880cc0258fb8d23c7536c2c749f76d982aafabafb2de923033ca7b9e451388baf4ee9caa7cdc59e227a28dc9e086022c76e731a0e9f7539c31b33bcd111d30897ed0102bf954f34409d21e457c4bce50593631e415ef75a44842ea045b8cf65476913b495de3ce6827a1ec2a64682542b1338a348f063c22d2b26b25b5e61efbce7cd97f1b"}, {0x1010, 0x0, 0x4, "0a5befc3681666adec57cd39706cae889dd2039460695db1df5cc2f50f203482ac415dc9efec290b342b4edf6a3e76d3e2dcd6f0001a2e9cc066fe93bf7f6b9cb6692da1b110c6d78275e03c85e53cdaa6d024216075b42ca803e25c0e5d5a7acd15c2baf75171f502d2336b7977e9fd9344646e88144f1761bdde1f98e428c720e7eeaa260aa000d34f26deca96c107dbbfea5b64fa982a7172e90d1b4da8a03d9cc6b9f70cb650614e9f5c596089f2080ba26d53bab1e97c8e2a4c20653afe53a6e35cffa88a3fee611d1dc8df0d6ba1c97ef4a97d63eb311e2826960ae6a6c7ac3cf6dfbee33f502111e91766ba45696850b48ddc46392e606d02e8a1c00f76efe3d8c642ff1a2e8096c2f6b1965e761a5cb1be0834e39bc5cfe091c64794240aefda5fda7287e4da0d64d9a8f70c2536e5250e4a60760edfe86af70080051ecf11102e2bbb1bd092e6cc7350dcc053ce03b1c662026f6424d0b0de0e1bada35ec82e91d454ff5ce5c75a5cc3ac9b556257f48bd27bfa9f5c312041b92e1288d6dd0597134f11cfc89e6586ff4faa18d93a1cb343f00aeb7053e042eb28fc7306577e05711e46fb2744b62488eaeefa2c3ef8055706e320ee148bfe9bdecc69504061c020563a9ba20fa1c4250b6966dbb2a4818e605c7b6397e0e411d67b04cb792aa35b5bf51b64e9a4c5db1e6e60bc9ad8a05b9b3c2277c39eb2f8ecbd72e050825576d39ad65f13a9cffabef099f4c0f404bf96f25e3852b50772fc65aecf508d95d3f7a988e407bae4ed533ee99a9b2a23bcbe41f00c7bfa8f3d111d4fd6696f5a9e519d99e0915490ace69f00ec4bea90494b6c7f35b339764bdae61c42916cc72d10eec6325d411c8c97b97fa7f32897ef85345c1edbd67b904658dcb22c46e1b4deb026ee3b9c5eb78d10ee5fc6de20c5af0f77ce5c5ee5f19c0614467aec2d7a1b7280ccacd8c67ec5cecc9827b8f3b99ec749de8453147f03b803bde6364a774c08b6535a8d02e8987111cdbfc9750f38b8f77ac1a885eced2c515585d8ae218e34aca1416276a619b13aee27dd243b85cd67057204f26d7b5c0b277592e457acfc8bc2d31dff3beaf4c8144da43d075f502801ab340e0af812977d50bf9c8efe85537c551a9414dd9d2e2dc3fa0bf9be28c8b00a9dc4cb931aeb25917ae906fc0e6202f593604a837a859f8bf74ca0d87ffd07e37af550bc5c8fe4c5112c8f6479ed16f7a9ea0da9510179f44f75fb10acb49612ef076421bbc36e8152030a766a0e6983b47f729c6b8ec2d83a90412bed8f0e58339cdfbcabe0ff6ff509dbe17fa15d9ad0aec2b2f0d418f7414e30e97f97517c8ae7e12c692d95c6b98c48b9faac1138e016c01a581a5ab27208c671ec65e7749b4731fb2047eed356dcc521078096e047a7d59606058b72391c9f2c7aa4ff82844e9fa28db8916d2d4e438181f4acbb978cdc5b76884a207be9ea3acceb9f4dd2b8dd08544509760ec49341fbf338a270591a745eed4921d24efdeb79e9eb5c3a2c6a8fe169a757675567eed98db155cf79e33af3d685fd32d684431f8626a1a78b4c07f55ad622e06d203aafde11b0b374b44156514fd8cad1c381c3b23fcbff1ce773582152078a236ca59891bb50f7dc5aa30a565f99a40fc14c67768a6313f1908feb41f83132d8e1dec5ce2163e9e0837ebd982be9ff3e544860b55597111c89a9ce336684be6e5f1fafb2f49299177e9bab1020be5ea8117c161987e8b3705c18f70b46a19327e77697daa183d352d441e97f0ecdf31c8cd498d5ddf4c53944dbab4c8078a0b33711ac4650d84802136e6f25df4961e6ed0acb5f78ffcf1690945f336f806af336f3f020452d50bb514e192204d3ec1efc4b3976b4e0275c4646c6b47322d0f3dd31971b2b4ed3e0451ccad090847ca2da3456deffb6473df43f451a4c18e2898381cee15a44a0e27641d00aa87a5fe8cd7063b08a45bfbd6cc7d8d3a10f7559cf48d54008596014f984a186e54c1283e1956e499c5915c26f748e30e7da82ab0cd0ae696b1dc45d750b158bcdef7dd2b061dccdb19c59399de00ea15e3d168fa3ce3577acff821fc6daaa4728b6f9ba7f0cd345c4e39afe393a5f1a9173c1681f7c8a809d3b67250dc7a6b9e38132d553d406a633d420b20f8021e9ef03d6cefd0c76f670aea287eb34afc343c1c6d09cb7a9fec3dbc02a2f7d9b05eb98d6aaa0e8b7dc9859159030e8afb9e5e28930642258d895e07481b6719608f55bafb13f04cccf56fc88fcf24d4c5227ac3e6f2058d5979eaf9c7283d2d45b3ebdd3c0245c29029a964323986ac88f3ac701cdc44f6c6e2e2cfd7debcb87da81b63ef329c9639c52fa9eda32cbb422f5735d72444932c19c4286caa3dbee49dd4ca17972bb231f9e6cd3f8fc634b142d19b007ee2b56d50a13a910656b66ebadad5d9d0d5f3fed7d64100d7af3315d7a280fd91066817443ac1b69921efcfc4eb2d96660179d8f96bcc0f4a14390beb3368382b586f214e3b02df8b5f9099fea165a13b419a328091cb4a331cd184dd3ee422b175ec1cc8d82ca2c30b9671548023026f04c699d905df33ec6db8dbcc34941e726b6013ec44bc972a828f4f65b780970a7fcfdf95c683349c3a0f1a5d5e9773b86d7daaac31b35ccd89d99cccac7607581cd9f2670e7b2b0e0f2f8b4a5a0a4c0caf0bba2016aadd3b8f79e3810a5ba38c1b570b19b7fe84ecc04ed8bae6dd53b3f623f187c7a56e520f8802744c6673ba4dc655d0f7023cbe76eac7ece5aef7caec89a23d5e5a9c838427e972c10a33388bd0cb11aaaf6205236760f660d962b0e7010ca323d227cd453c7d26cf082df22e6a68acea3c015ee34a4e1496136bbfcce6139e9ab7f30692f73789836e18f5363f05e32a80ea303cb84d68f68e80a7490e654c4635651843f6f768bea7ee5fa4dd56ecb0fa19007db018fcc41bcaf33c3922e812a5b2c7825f51f3084b26163b1369f7a2c71d63a4fe1d8778d4d5d45ada331ce7c1b43c9e58ae0a9acb87447fccd4b5966a320018761dd8e9198fd2c2acb63023012e12d7cf7e34d7b4a44a882cc53fb17fadebc68b1831a99d51f5b198d069210009fc0630ce3e75d1f14400c329515057749336d4aa7d4823587947973030cabe2a79ebcc9eb3ba11a13d8d8ca35b91909413201d2b95f2edd6783f42b3bdd1728e1ecd911f7c5a500bff5720c62c5d11755488975bc46ca63c72854a743cd546e64f1dc7d822deadba9761fedffa6bca47b93b443a192493dcfbaa939fa71dcb8740e69b73284ed05f66ab47e63b9d470d145b59cea9f9ac38e4c7cc1181ae67933af03d75042a5a81cc7d05228ea421ffd7009e3a955b30767e756c61a4fa82427cf43eecceed1a10176e8d5ad4d83204d10e2325dcfebd7cfd209c85bcd2492d4da689da9dfbeb7894a96c85bc0f56ed8bcbb38bb2c8e6371fbaac1919fc489a206b05e0cfc240a7c1c5813e96ec55ac440b108e1cc5e99a5eb1ab7f5b14ad24fe7cc39146f34f8b75433a0e3ebbe5bc39a96706f8be062e503947acc9f67ecc239d039e25e1a669f1df4a6c6bac666f5e5d965bf649be04022348a89dc1cb7384dc8b0b982ad0607a48eb1b6b3f02055d29e5b4bdc1d6689711142c3e54f84ddbe124c70b2357cc68cc75a53a567fd0baa84781d401a1813667a7fb0a1dc5145240c8809da2279e675f30690bcdafb686754e420b17960a4eb280a3cd46972892ce4817ce036435acbd8b5f8c35e4c27f2541a7d34d7dc16925c3d9910a4d4a48d7f59be474dd1d21ca877946b6eb599afdcf86aeb9c6eea4cdcc549861c22e7fdb2da693fdfefc72232493cbd119bc4f2e889d6994a824f2ac08ae1668a0924a9ca92b28d84d3e1a1b965105b556bd3d748aac7a5073225e21f97a213fda0893f927abdebd6250b67d0e876e49a45a82aea54547c333ac1b8aafa39d7bb652658f2bc4c1d83af214c54caa08f5365eaa5986f843cb8359a811792be629698bf129c8997ecf7313f623c46fcddef91b7de90cbab9e909d00bab802386ace48e9e4bb7b3ec241da0d8673dd4482b83199cf99c8ced33de9a23b1c37d3e52a3eed44e4d6120b8d22d7c3d927b0f979e5063e708513c51e06fe0404d326d57bd25a91a9879e6a3acd47ca10c0f76e81751a5a2a69f8590bdc1e4fdec0917ae5a2649c872c3b0f93b935bb9f05af8ba61992f0e15c301c4746d71ee84d99e4e2386b07e0b478a83b4cf838ff6ed76487d71906dc28629d6553a6eb6a153235ee2a463c75f289865d907cbcaa7b579882d55d44784da74c4f4720b62862883b6e3d4b5989f7507886b0561acc9469fe327fa6d861d389abb6299b3b044a7ceb61a24db7dfacdeb9357089ce21fb7d7dbd593256820b15774fdc35d4dd09e663c9b1ca88187329c5042fbaf4617fbdffd1c32ec24a7ae0d9a381fc4210fcb9613af07f617f534b7cd9448e31edd3eac40580108b9f30b32f721694e9069c0d007d56a4188ae1374942e493c55f58798ed2877ddf09c7c7b9834e34c24ac161d4bfc79926e233441bd3f25212556f7d6b764d09b981a8deb47038a45dc6dbda19fe2f4676725d3c6760a112b0d3e110f830092abf225ee94f8451de5476997f7c392c6599609a70b06f38704e62fe80a1ea88d92235dfdd26f448dd5881f40273ba6ad30f1fe18c863c166953ff651f99d6322f34e25f919bfad6da17a4aefbf3075629706b13610d7f98ca54a014a6d256357a9661a752e6ec5b52a965c30f7b1d4699c4d03ff7ec9c5a4405bc53ed81a972dbb4dd6cf05dffc6e765ef9a567865f71c207f97976488c4ce500db18b0dc7249617d1049004b274c5a5c3ab35815cc492ac15361cab61b179d0300279fc91353535e4357fc8e7429e4bc798c347d7bb6c385b4889089391d4a79f8f441905599633efb1068105752d6f492954a7a96391ee9093b36bd748fc7d8577d453ff056db7fc85235a6d5ea61783fab68ccb8b9bd446c0c9231dcc1cef156d0700f153868f0358f37b8d8e874f0ff37965434f24604f70ee71df29037d5e3180a88d4c5ab56b4ffed4cd133452a1994902d1423a10e85b07cce7f30fda857c1382cb215d0598cdb1c7612583356ad34994fc9c72ef88ea2daf776817fc25bd5b91517a8b1111778c4633bd106d68458e5cbef5cb64ac2ee5770e56e0b4f9589988f80bcf7ef409434e8d2400d29b899cedb014db75c4afbec5743b42e7a14129f3da8f1a14b72aae6c88968656da166643ad5bbe4da80dfb84f7a23700ca8497940b057eb6b33b222d8990d3e4a459f07e0a85ba16863a2ee0c693a71b4234ee5a28b9ef311e44c325826b31021a927752aaa31df89834cf653e0023056ffc888813486aa59b0e7a4c71518e66b07641c7c88b7a69c24773c66edfa0ddbe8c5ff0b24c08a6092d245fa98387ca58384a7ed8d3c3cd12a7b65e75dfc40833b1927a0bfc015c6ed1ab8c1dc648857304f84cae30babda0087e2100d274e634eb74341cd5bfa7ce661121f854c198f1273116fc248aaaf29efdc85c9d1010d288de658eee29aec43dc9e04de96d8462f44ca1df217b3b915616c2e75879a1e7415bf2232aab3d1c1796aa20c6e5a8aab0bd47397453eb54af174ac6cc9c43a9c8970fb589109bba996bfa4adf07279b21fdfc8b2726fe4d4ba0abf258e0e0963067b7a2a09d8c1b173ee0548c386bc778b54a1fba6604683bef24d7fb3c6205948f0988dfd8022d17fcb6a8dd4ceb9d32445f448081c5ed25"}, {0xd0, 0x29, 0x2189e312, "691ac9c9793c9c4ee90612340854443b983abc99fca7a6010d412d8b4a83458ac052350224bc1bf64702ea3e5d06a7d0481d38f5c85939b55df27b05e9a035c0be1693840baf872183d9ae51b78341360e18bdd8f04bfbd11fc971cfbe6357d9f5faf172cadc91f0b1aa1c8aafa7c8fe1109cb09b0d35cc3f300757718c23c271408431d78e86b8de37431d5578f9519342849c70d1337c30a6606420ec2c5856462e0f54a07d73a04883824560580eebcc99f1079512a93018034a9f507"}, {0x108, 0x102, 0x5, "2a7b6a321e17cc7e16613bdadcb31c9773daacf06b90d939cf1e2f16a777bb5d5116786cd73d64462d8110289bf359e0de167035c64f65c23634010f53a09eb12a9d87e6729bccdb7545a449a98f0ce3b7911df46d5cc243755adcfde21c67d9a81ba0b98036eea13e22f4229b4025df2165448a7352a6704c6c569785661ae7a066d43442cd751b9f82068a5af3eb4f65e010389e03048ce73f3c3d1c8274d3c62a5814f0a8912624ec9db14fe8aaa09923633c9795aca9246de3b45827761be237f8f8c226497df9c71d87641d4a5c51c2cee965f22d4e3de89b396bbf62d4d0b432971c3e324c70780360a951e818e80c"}, {0x90, 0x113, 0x4, "5e63beaef6f6ccd58817839637701e538085489311bdc525414278bb3279d284fd79013f1d8a6937a5042d2524cd46616e4357a0fbdf107c8cc675e1e71a7b23e6d3600779376d3152778bc0847fa1ba45f87f92c0ceee9e153c6967905ce229fe1b454f7e0ad23f8c172848de95cc22b917a33baeaf2fc20815c7a36b3af1"}, {0xe8, 0x1, 0x14, "273639916da563ac1415965a647b632c3384ba4ccf03968f39386bf34441f2483f2521fcd539c42875e00758e45f73ed1ce777229fd50c04a1e89b0ea19a9d3c7cf141a5d97db1612b78d4b3fde2635c093c105aa29213a56cdf2b701fa0e834645c56a57329b7bb34f4992602567f950c416a69752a85e3d8ca92291616457b4340387e034353ba26b2af6b6de598c53e989f7b8e963bec132b0842931db4d75bace37c40df98343d0ca624cc78fa6b89928705c29169467e5b28330367810db432ab872bf57410666287ade16339ae1da5"}, {0x100, 0x115, 0x9, "066a9452cba36b399545958f1ffc6f756319c6e74677f43d43dd1669bab41a876c274e4349b394d6e53224fc883bf35ed74f7a095b3849e40d4314d7b29d7ccdff483ea1792803f55f0f7a46cb566060a10436be9a011fdef2a09ed19180c0d81a4d152c3edb99bde0fbec25062c2681f4400e89e948d92a3f989901914c09f6cb577efb8c429ab5957d620a4cef640e23a5741ba49993c2f59e8a815e4cae16aae8a6b9f9df1cb95ed5267cfc2ecfc0acc2ee9fb024edd62bb96e9d5eaaa82e942e16bf05b626dface1973dd6faf1a8854b031444471ce8ff426d04f13f3d410baa46db0295e7ae1479812e"}], 0x1530}, 0x327}], 0x1, 0x4010)

08:16:13 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x3, 0x4)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

08:16:13 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x400000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:13 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r2=>0xffffffffffffffff, r1, 0x0, 0x2, &(0x7f0000000040)='!\x00'}, 0x30)
ptrace$peekuser(0x3, r2, 0xff)
close(r1)

08:16:13 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$binfmt_misc(r2, &(0x7f00000000c0)={'syz1', "ba76619e174193c0a1b788466c0b1234f7524cc0b4fea51631eff075e5318059447fe56ec8c63a1c2fb856e5d0a47da58669fed5784be0cc04a48f33008555886b4c547bd176dea186f1d97210d64fbff20590df989c2c1821e7cfdbb18f252ccc1ef4b322a10b5e5f6c8103a4f4a88e6229bda38a6c9285778e7d499d0fa172890a73c5354b8cbab29f73f6916d111fae74fe8e9ac91caa30735e6d2c4fb2"}, 0xa3)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r3=>0xffffffffffffffff, r1, 0x0, 0x17, &(0x7f0000000040)='.?(eth0(vmnet0vboxnet0\x00'}, 0x30)
getpriority(0x2, r3)
r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r4)

[ 2395.982624] handle_userfault: 7 callbacks suppressed
[ 2395.982632] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2396.014892] CPU: 1 PID: 22297 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2396.022287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2396.031657] Call Trace:
[ 2396.034273]  dump_stack+0x244/0x39d
[ 2396.037936]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2396.043169]  handle_userfault.cold.32+0x47/0x62
[ 2396.047887]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2396.052499]  ? mark_held_locks+0x130/0x130
[ 2396.056755]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2396.061783]  ? futex_wait_setup+0x266/0x3e0
[ 2396.066135]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2396.071353]  ? userfaultfd_ctx_put+0x830/0x830
[ 2396.075962]  ? futex_wait+0x5a1/0xa50
[ 2396.079789]  ? print_usage_bug+0xc0/0xc0
[ 2396.083888]  ? print_usage_bug+0xc0/0xc0
[ 2396.087974]  ? print_usage_bug+0xc0/0xc0
[ 2396.092054]  ? zap_class+0x640/0x640
[ 2396.095782]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2396.095799]  ? futex_wake+0x304/0x760
[ 2396.104704]  ? find_held_lock+0x36/0x1c0
[ 2396.104731]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2396.104753]  ? lock_downgrade+0x900/0x900
[ 2396.117675]  ? kasan_check_read+0x11/0x20
[ 2396.121840]  ? do_raw_spin_unlock+0xa7/0x330
[ 2396.126268]  ? do_raw_spin_trylock+0x270/0x270
[ 2396.130876]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2396.136532]  __handle_mm_fault+0x4bbd/0x5be0
[ 2396.140964]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2396.145831]  ? zap_class+0x640/0x640
[ 2396.149563]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2396.154505]  ? kasan_check_read+0x11/0x20
[ 2396.158675]  ? rcu_softirq_qs+0x20/0x20
[ 2396.162680]  ? zap_class+0x640/0x640
[ 2396.166414]  ? zap_class+0x640/0x640
[ 2396.170155]  ? find_held_lock+0x36/0x1c0
[ 2396.174239]  ? handle_mm_fault+0x42a/0xc70
[ 2396.178493]  ? lock_downgrade+0x900/0x900
[ 2396.182703]  ? check_preemption_disabled+0x48/0x280
[ 2396.187740]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2396.192686]  ? kasan_check_read+0x11/0x20
[ 2396.196866]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2396.202153]  ? rcu_softirq_qs+0x20/0x20
[ 2396.206139]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2396.211267]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2396.216822]  ? check_preemption_disabled+0x48/0x280
[ 2396.221876]  handle_mm_fault+0x54f/0xc70
[ 2396.225962]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2396.230566]  ? find_vma+0x34/0x190
[ 2396.234137]  __do_page_fault+0x5e8/0xe60
[ 2396.238226]  ? trace_hardirqs_off+0xb8/0x310
[ 2396.242666]  do_page_fault+0xf2/0x7e0
[ 2396.246485]  ? vmalloc_sync_all+0x30/0x30
[ 2396.250648]  ? error_entry+0x70/0xd0
[ 2396.254380]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2396.259410]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2396.264365]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2396.269317]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2396.274195]  ? trace_hardirqs_on_caller+0x310/0x310
08:16:13 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x10000, 0x0)
ioctl$BLKBSZGET(r1, 0x80081270, &(0x7f0000000280))
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
r3 = open(&(0x7f0000000040)='./file0\x00', 0x400000, 0x174)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000080)={0x7, [0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000000c0)=0x20)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000100)={r4, @in6={{0xa, 0x4e22, 0x400, @loopback, 0x3}}, [0x29a, 0xf40000, 0x10000, 0x9, 0x9, 0x9, 0x200, 0x4, 0xf1, 0x8, 0x30, 0xcab, 0x100000000, 0x4, 0x1000]}, &(0x7f0000000200)=0x100)

08:16:13 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00', r0}, 0x10)
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000040)={0x100, 0x0, 0x2024, 0x8000, 0x5fc6f17f, 0x8000, 0x995c, 0x1})
close(r2)
r3 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x8, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f00000002c0)={&(0x7f0000000140), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r4, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x1}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x800)

08:16:14 executing program 1:
r0 = syz_open_dev$adsp(&(0x7f0000000400)='/dev/adsp#\x00', 0xd8, 0x80000)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffff9c, 0x84, 0x14, &(0x7f0000000440)=@assoc_value={<r1=>0x0}, &(0x7f0000000480)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000004c0)={r1, 0x6}, 0x8)
r2 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r3 = syz_open_dev$usb(&(0x7f0000000380)='/dev/bus/usb/00#/00#\x00', 0x401, 0x101800)
ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f00000003c0)={0x3, 0x1ff, 0x0, 0x3, 0x4, 0x48, 0x7, 0x3, 0x6, 0xffffffff, 0x2, 0x6})
r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r5 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='\x00', 0xfffffffffffffff9)
r6 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$negate(0xd, r5, 0x100, r6)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000200)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@dev}, 0x0, @in6=@dev}}, &(0x7f0000000300)=0xe8)
setxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000340)=@v3={0x3000000, [{0x6, 0x700000000}, {0x9, 0x1}], r7}, 0x18, 0x1)
close(r4)

[ 2396.279233]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2396.284702]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2396.289734]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2396.294769]  ? page_fault+0x8/0x30
[ 2396.298328]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2396.303196]  ? page_fault+0x8/0x30
[ 2396.306754]  page_fault+0x1e/0x30
[ 2396.310220] RIP: 0033:0x4510a0
[ 2396.313430] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
08:16:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:14 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{<r2=>0x0}, {}, {}]})
ioctl$DRM_IOCTL_RM_CTX(r1, 0xc0086421, &(0x7f00000000c0)={r2, 0x3})
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r3)

[ 2396.332350] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2396.337727] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2396.345009] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2396.352287] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2396.352298] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2396.352307] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2396.378542] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2396.383604] CPU: 1 PID: 22299 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2396.390986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2396.400357] Call Trace:
[ 2396.402967]  dump_stack+0x244/0x39d
[ 2396.406617]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2396.406652]  handle_userfault.cold.32+0x47/0x62
[ 2396.416525]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2396.421124]  ? mark_held_locks+0x130/0x130
[ 2396.421147]  ? find_held_lock+0x36/0x1c0
[ 2396.421175]  ? userfaultfd_ctx_put+0x830/0x830
08:16:14 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0xa00)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2396.434032]  ? kasan_check_read+0x11/0x20
[ 2396.434051]  ? print_usage_bug+0xc0/0xc0
[ 2396.434064]  ? do_raw_spin_trylock+0x270/0x270
[ 2396.434085]  ? print_usage_bug+0xc0/0xc0
[ 2396.450938]  ? print_usage_bug+0xc0/0xc0
[ 2396.455021]  ? zap_class+0x640/0x640
[ 2396.458754]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2396.463878]  ? futex_wake+0x304/0x760
[ 2396.467705]  ? find_held_lock+0x36/0x1c0
[ 2396.471797]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2396.476404]  ? lock_downgrade+0x900/0x900
[ 2396.480577]  ? kasan_check_read+0x11/0x20
[ 2396.484739]  ? do_raw_spin_unlock+0xa7/0x330
[ 2396.489169]  ? do_raw_spin_trylock+0x270/0x270
[ 2396.493786]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2396.499435]  __handle_mm_fault+0x4bbd/0x5be0
[ 2396.503873]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2396.508735]  ? zap_class+0x640/0x640
[ 2396.512472]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2396.517417]  ? kasan_check_read+0x11/0x20
[ 2396.521588]  ? rcu_softirq_qs+0x20/0x20
[ 2396.525593]  ? zap_class+0x640/0x640
[ 2396.529322]  ? zap_class+0x640/0x640
[ 2396.533066]  ? find_held_lock+0x36/0x1c0
[ 2396.537151]  ? handle_mm_fault+0x42a/0xc70
[ 2396.541406]  ? lock_downgrade+0x900/0x900
[ 2396.545578]  ? check_preemption_disabled+0x48/0x280
[ 2396.550782]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2396.555732]  ? kasan_check_read+0x11/0x20
[ 2396.559895]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2396.565202]  ? rcu_softirq_qs+0x20/0x20
[ 2396.569189]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2396.574315]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2396.579886]  ? check_preemption_disabled+0x48/0x280
[ 2396.584921]  handle_mm_fault+0x54f/0xc70
[ 2396.585576] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2396.589000]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2396.589021]  ? find_vma+0x34/0x190
[ 2396.589044]  __do_page_fault+0x5e8/0xe60
[ 2396.605700]  ? trace_hardirqs_off+0xb8/0x310
[ 2396.605727]  do_page_fault+0xf2/0x7e0
[ 2396.605744]  ? vmalloc_sync_all+0x30/0x30
[ 2396.605763]  ? error_entry+0x70/0xd0
[ 2396.613963]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2396.613979]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2396.614079]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2396.614137]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2396.641696]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2396.646732]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2396.652200]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2396.657231]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2396.662264]  ? page_fault+0x8/0x30
[ 2396.665822]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2396.670691]  ? page_fault+0x8/0x30
[ 2396.674259]  page_fault+0x1e/0x30
[ 2396.677728] RIP: 0033:0x4510a0
[ 2396.680932] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2396.699845] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2396.705224] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2396.712503] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2396.719778] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2396.727055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2396.734330] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2396.741642] CPU: 0 PID: 22338 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2396.749024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2396.758386] Call Trace:
[ 2396.760988]  dump_stack+0x244/0x39d
[ 2396.764632]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2396.769848]  handle_userfault.cold.32+0x47/0x62
[ 2396.774541]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2396.779152]  ? mark_held_locks+0x130/0x130
[ 2396.783422]  ? find_held_lock+0x36/0x1c0
[ 2396.787520]  ? userfaultfd_ctx_put+0x830/0x830
[ 2396.792125]  ? kasan_check_read+0x11/0x20
[ 2396.796280]  ? print_usage_bug+0xc0/0xc0
[ 2396.800360]  ? do_raw_spin_trylock+0x270/0x270
[ 2396.804957]  ? print_usage_bug+0xc0/0xc0
[ 2396.809031]  ? print_usage_bug+0xc0/0xc0
[ 2396.813104]  ? zap_class+0x640/0x640
[ 2396.816835]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2396.821950]  ? futex_wake+0x304/0x760
[ 2396.825821]  ? find_held_lock+0x36/0x1c0
[ 2396.829904]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2396.834502]  ? lock_downgrade+0x900/0x900
[ 2396.838671]  ? kasan_check_read+0x11/0x20
[ 2396.842834]  ? do_raw_spin_unlock+0xa7/0x330
[ 2396.847255]  ? do_raw_spin_trylock+0x270/0x270
[ 2396.851854]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2396.851883]  __handle_mm_fault+0x4bbd/0x5be0
[ 2396.851908]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2396.851927]  ? zap_class+0x640/0x640
[ 2396.861951]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2396.861967]  ? kasan_check_read+0x11/0x20
[ 2396.861984]  ? rcu_softirq_qs+0x20/0x20
[ 2396.862011]  ? zap_class+0x640/0x640
[ 2396.862029]  ? zap_class+0x640/0x640
[ 2396.891309]  ? find_held_lock+0x36/0x1c0
[ 2396.895413]  ? handle_mm_fault+0x42a/0xc70
[ 2396.899667]  ? lock_downgrade+0x900/0x900
[ 2396.903833]  ? check_preemption_disabled+0x48/0x280
[ 2396.908881]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2396.913828]  ? kasan_check_read+0x11/0x20
[ 2396.918000]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2396.923291]  ? rcu_softirq_qs+0x20/0x20
[ 2396.927280]  ? trace_hardirqs_off_caller+0x310/0x310
08:16:14 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x20000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:14 executing program 1:
r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2)
ftruncate(r0, 0x9)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00')
sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x11000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r1, 0x0, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x804)
r2 = socket$l2tp(0x18, 0x1, 0x1)
lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='trusted.overlay.upper\x00', &(0x7f0000000240)={0x0, 0xfb, 0x1f, 0x3, 0x0, "b2af996f0fafe0fd692ce133015f7f93", "a8a8601d4900e1a0a82a"}, 0x1f, 0x2)
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r3)

08:16:14 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x6000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:14 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', 0x200})
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

08:16:14 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r1)
r4 = syz_open_dev$usbmon(&(0x7f0000000400)='/dev/usbmon#\x00', 0x4, 0x101)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000440)={<r5=>0x0, 0x5}, &(0x7f0000000480)=0x8)
getsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f00000004c0)={r5, 0x6, 0x7, 0x400}, &(0x7f0000000500)=0x10)

08:16:14 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0xffffffff80000000, 0x121000)
ioctl$ION_IOC_HEAP_QUERY(r1, 0xc0184908, &(0x7f00000000c0)={0x34, 0x0, &(0x7f0000000080)})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2396.932408]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2396.937966]  ? check_preemption_disabled+0x48/0x280
[ 2396.943001]  handle_mm_fault+0x54f/0xc70
[ 2396.947084]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2396.951685]  ? find_vma+0x34/0x190
[ 2396.951709]  __do_page_fault+0x5e8/0xe60
[ 2396.951725]  ? trace_hardirqs_off+0xb8/0x310
[ 2396.951753]  do_page_fault+0xf2/0x7e0
[ 2396.967563]  ? vmalloc_sync_all+0x30/0x30
[ 2396.971726]  ? error_entry+0x70/0xd0
[ 2396.971745]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2396.971767]  ? trace_hardirqs_on_caller+0xc0/0x310
08:16:14 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4788, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2396.971806]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2396.971822]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2396.971839]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2396.971855]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2396.971876]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2397.010747]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2397.015776]  ? page_fault+0x8/0x30
[ 2397.019331]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2397.022090] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2397.024208]  ? page_fault+0x8/0x30
[ 2397.024225]  page_fault+0x1e/0x30
[ 2397.024244] RIP: 0033:0x4510a0
[ 2397.038908] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2397.057815] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2397.057829] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2397.057840] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2397.057849] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2397.057858] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2397.057869] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2397.071833] CPU: 0 PID: 22356 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2397.107255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2397.116613] Call Trace:
[ 2397.119220]  dump_stack+0x244/0x39d
[ 2397.122875]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2397.128092]  handle_userfault.cold.32+0x47/0x62
[ 2397.132805]  ? userfaultfd_ioctl+0x5610/0x5610
08:16:15 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8847000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2397.137413]  ? mark_held_locks+0x130/0x130
[ 2397.141670]  ? find_held_lock+0x36/0x1c0
[ 2397.145756]  ? userfaultfd_ctx_put+0x830/0x830
[ 2397.150370]  ? kasan_check_read+0x11/0x20
[ 2397.150389]  ? print_usage_bug+0xc0/0xc0
[ 2397.150409]  ? do_raw_spin_trylock+0x270/0x270
[ 2397.163207]  ? print_usage_bug+0xc0/0xc0
[ 2397.167284]  ? print_usage_bug+0xc0/0xc0
[ 2397.171376]  ? zap_class+0x640/0x640
[ 2397.175127]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2397.180249]  ? futex_wake+0x304/0x760
[ 2397.184084]  ? find_held_lock+0x36/0x1c0
[ 2397.188172]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2397.192766]  ? lock_downgrade+0x900/0x900
[ 2397.196939]  ? kasan_check_read+0x11/0x20
[ 2397.201103]  ? do_raw_spin_unlock+0xa7/0x330
[ 2397.205527]  ? do_raw_spin_trylock+0x270/0x270
[ 2397.210128]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2397.215777]  __handle_mm_fault+0x4bbd/0x5be0
[ 2397.220211]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2397.225075]  ? zap_class+0x640/0x640
[ 2397.228800]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2397.234202]  ? kasan_check_read+0x11/0x20
[ 2397.238378]  ? rcu_softirq_qs+0x20/0x20
[ 2397.242393]  ? zap_class+0x640/0x640
[ 2397.246122]  ? zap_class+0x640/0x640
[ 2397.249858]  ? find_held_lock+0x36/0x1c0
[ 2397.253948]  ? handle_mm_fault+0x42a/0xc70
[ 2397.258201]  ? lock_downgrade+0x900/0x900
[ 2397.262381]  ? check_preemption_disabled+0x48/0x280
[ 2397.267419]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2397.272371]  ? kasan_check_read+0x11/0x20
[ 2397.272388]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2397.272404]  ? rcu_softirq_qs+0x20/0x20
08:16:15 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88a8ffff00000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:15 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

[ 2397.272421]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2397.272441]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2397.272459]  ? check_preemption_disabled+0x48/0x280
[ 2397.272483]  handle_mm_fault+0x54f/0xc70
[ 2397.272503]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2397.272525]  ? find_vma+0x34/0x190
[ 2397.281954]  __do_page_fault+0x5e8/0xe60
[ 2397.281971]  ? trace_hardirqs_off+0xb8/0x310
[ 2397.281998]  do_page_fault+0xf2/0x7e0
[ 2397.282016]  ? vmalloc_sync_all+0x30/0x30
[ 2397.282033]  ? error_entry+0x70/0xd0
[ 2397.282050]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2397.282065]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2397.282082]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2397.282098]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2397.282117]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2397.310445]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2397.310466]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2397.310485]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2397.310502]  ? page_fault+0x8/0x30
[ 2397.310521]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2397.310543]  ? page_fault+0x8/0x30
[ 2397.330492]  page_fault+0x1e/0x30
[ 2397.330506] RIP: 0033:0x4510a0
[ 2397.330523] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2397.330532] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2397.330546] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2397.330556] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
08:16:15 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x608, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:15 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x3f000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2397.330566] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2397.330575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2397.330585] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2397.527838] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2397.546700] CPU: 0 PID: 22386 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2397.554091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2397.563451] Call Trace:
[ 2397.563479]  dump_stack+0x244/0x39d
[ 2397.563514]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2397.563548]  handle_userfault.cold.32+0x47/0x62
[ 2397.563580]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2397.563601]  ? mark_held_locks+0x130/0x130
[ 2397.563620]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2397.563642]  ? futex_wait_setup+0x266/0x3e0
[ 2397.575061]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2397.575082]  ? userfaultfd_ctx_put+0x830/0x830
[ 2397.575097]  ? futex_wait+0x5a1/0xa50
[ 2397.575119]  ? print_usage_bug+0xc0/0xc0
[ 2397.575136]  ? print_usage_bug+0xc0/0xc0
[ 2397.575156]  ? print_usage_bug+0xc0/0xc0
[ 2397.623678]  ? zap_class+0x640/0x640
[ 2397.627413]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2397.632525]  ? futex_wake+0x304/0x760
[ 2397.636370]  ? find_held_lock+0x36/0x1c0
[ 2397.640462]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2397.645038]  ? lock_downgrade+0x900/0x900
[ 2397.649181]  ? kasan_check_read+0x11/0x20
[ 2397.653317]  ? do_raw_spin_unlock+0xa7/0x330
[ 2397.657728]  ? do_raw_spin_trylock+0x270/0x270
[ 2397.662310]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2397.667939]  __handle_mm_fault+0x4bbd/0x5be0
[ 2397.672353]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2397.677210]  ? zap_class+0x640/0x640
[ 2397.680918]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2397.685850]  ? kasan_check_read+0x11/0x20
[ 2397.689994]  ? rcu_softirq_qs+0x20/0x20
[ 2397.693965]  ? zap_class+0x640/0x640
[ 2397.697667]  ? zap_class+0x640/0x640
[ 2397.701380]  ? find_held_lock+0x36/0x1c0
[ 2397.705434]  ? handle_mm_fault+0x42a/0xc70
[ 2397.709658]  ? lock_downgrade+0x900/0x900
[ 2397.713795]  ? check_preemption_disabled+0x48/0x280
[ 2397.718800]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2397.723717]  ? kasan_check_read+0x11/0x20
[ 2397.727856]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2397.733144]  ? rcu_softirq_qs+0x20/0x20
[ 2397.737108]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2397.742202]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2397.747731]  ? check_preemption_disabled+0x48/0x280
[ 2397.752739]  handle_mm_fault+0x54f/0xc70
[ 2397.756791]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2397.761376]  ? find_vma+0x34/0x190
[ 2397.764907]  __do_page_fault+0x5e8/0xe60
[ 2397.768972]  ? trace_hardirqs_off+0xb8/0x310
[ 2397.773380]  do_page_fault+0xf2/0x7e0
[ 2397.777184]  ? vmalloc_sync_all+0x30/0x30
[ 2397.781323]  ? error_entry+0x70/0xd0
[ 2397.785042]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2397.790059]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2397.794979]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2397.799903]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2397.804735]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2397.809748]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2397.815204]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2397.820213]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2397.825217]  ? page_fault+0x8/0x30
[ 2397.828752]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2397.833587]  ? page_fault+0x8/0x30
[ 2397.837115]  page_fault+0x1e/0x30
[ 2397.840557] RIP: 0033:0x4510a0
[ 2397.843740] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2397.862627] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2397.867981] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
08:16:15 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:15 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:16:15 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36\x00', 0x2, 0x0)
ioctl$VIDIOC_G_STD(r2, 0x80085617, &(0x7f0000000080))

[ 2397.875237] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2397.882494] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2397.889751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2397.897009] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:15 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x800000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:15 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xb000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:15 executing program 5:
shmget(0x0, 0x3000, 0x840, &(0x7f0000ffd000/0x3000)=nil)
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:16:15 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x7a00)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2398.024841] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2398.034039] CPU: 1 PID: 22407 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2398.041428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2398.050794] Call Trace:
[ 2398.053404]  dump_stack+0x244/0x39d
[ 2398.057067]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2398.062295]  handle_userfault.cold.32+0x47/0x62
[ 2398.067009]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2398.071623]  ? mark_held_locks+0x130/0x130
[ 2398.075892]  ? find_held_lock+0x36/0x1c0
[ 2398.079992]  ? userfaultfd_ctx_put+0x830/0x830
[ 2398.084602]  ? kasan_check_read+0x11/0x20
[ 2398.088766]  ? print_usage_bug+0xc0/0xc0
[ 2398.092842]  ? do_raw_spin_trylock+0x270/0x270
[ 2398.097450]  ? print_usage_bug+0xc0/0xc0
[ 2398.101535]  ? print_usage_bug+0xc0/0xc0
[ 2398.105612]  ? zap_class+0x640/0x640
[ 2398.109356]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2398.114475]  ? futex_wake+0x304/0x760
[ 2398.118302]  ? find_held_lock+0x36/0x1c0
[ 2398.119801] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2398.122399]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2398.122418]  ? lock_downgrade+0x900/0x900
[ 2398.122451]  ? kasan_check_read+0x11/0x20
[ 2398.139810]  ? do_raw_spin_unlock+0xa7/0x330
[ 2398.144236]  ? do_raw_spin_trylock+0x270/0x270
[ 2398.148836]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2398.154673]  __handle_mm_fault+0x4bbd/0x5be0
[ 2398.159101]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2398.163961]  ? zap_class+0x640/0x640
[ 2398.167687]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2398.172630]  ? kasan_check_read+0x11/0x20
[ 2398.176792]  ? rcu_softirq_qs+0x20/0x20
[ 2398.180789]  ? zap_class+0x640/0x640
[ 2398.184516]  ? zap_class+0x640/0x640
[ 2398.188247]  ? find_held_lock+0x36/0x1c0
[ 2398.192330]  ? handle_mm_fault+0x42a/0xc70
[ 2398.196594]  ? lock_downgrade+0x900/0x900
[ 2398.200755]  ? check_preemption_disabled+0x48/0x280
[ 2398.205809]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2398.210754]  ? kasan_check_read+0x11/0x20
[ 2398.214918]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2398.220203]  ? rcu_softirq_qs+0x20/0x20
[ 2398.224191]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2398.229313]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2398.234882]  ? check_preemption_disabled+0x48/0x280
[ 2398.239920]  handle_mm_fault+0x54f/0xc70
[ 2398.244000]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2398.248625]  ? find_vma+0x34/0x190
[ 2398.252183]  __do_page_fault+0x5e8/0xe60
[ 2398.256258]  ? trace_hardirqs_off+0xb8/0x310
[ 2398.260689]  do_page_fault+0xf2/0x7e0
[ 2398.264509]  ? vmalloc_sync_all+0x30/0x30
[ 2398.268674]  ? error_entry+0x70/0xd0
[ 2398.272404]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2398.277432]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2398.282377]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2398.287321]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2398.292182]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2398.297206]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2398.302667]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2398.307697]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2398.312720]  ? page_fault+0x8/0x30
[ 2398.316275]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2398.321132]  ? page_fault+0x8/0x30
[ 2398.324687]  page_fault+0x1e/0x30
[ 2398.328147] RIP: 0033:0x4510a0
[ 2398.331358] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2398.350269] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2398.355640] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2398.362914] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
08:16:16 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xb, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:16 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fgetxattr(r1, &(0x7f0000000040)=@random={'btrfs.', '\x00'}, &(0x7f0000000080)=""/202, 0xca)
close(r1)

08:16:16 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f0000000080)={{0x9, 0x3}, 'port1\x00', 0xc8, 0xa0008, 0x33, 0x3, 0x8, 0x1e8, 0x1, 0x0, 0x6, 0xf185})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2398.370190] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2398.377464] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2398.384738] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2398.392043] CPU: 0 PID: 22417 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2398.399430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2398.399441] Call Trace:
[ 2398.411416]  dump_stack+0x244/0x39d
[ 2398.415075]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2398.420289]  handle_userfault.cold.32+0x47/0x62
[ 2398.424978]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2398.424998]  ? mark_held_locks+0x130/0x130
[ 2398.425019]  ? find_held_lock+0x36/0x1c0
[ 2398.425046]  ? userfaultfd_ctx_put+0x830/0x830
[ 2398.433864]  ? kasan_check_read+0x11/0x20
[ 2398.433883]  ? print_usage_bug+0xc0/0xc0
[ 2398.433898]  ? do_raw_spin_trylock+0x270/0x270
[ 2398.433914]  ? print_usage_bug+0xc0/0xc0
[ 2398.433933]  ? print_usage_bug+0xc0/0xc0
[ 2398.433952]  ? zap_class+0x640/0x640
[ 2398.442609]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2398.442626]  ? futex_wake+0x304/0x760
[ 2398.442656]  ? find_held_lock+0x36/0x1c0
[ 2398.442682]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2398.450884]  ? lock_downgrade+0x900/0x900
[ 2398.488956]  ? kasan_check_read+0x11/0x20
[ 2398.493126]  ? do_raw_spin_unlock+0xa7/0x330
[ 2398.497552]  ? do_raw_spin_trylock+0x270/0x270
[ 2398.502154]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2398.507813]  __handle_mm_fault+0x4bbd/0x5be0
[ 2398.512238]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2398.517109]  ? zap_class+0x640/0x640
[ 2398.520835]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2398.525776]  ? kasan_check_read+0x11/0x20
[ 2398.529940]  ? rcu_softirq_qs+0x20/0x20
[ 2398.533939]  ? zap_class+0x640/0x640
[ 2398.537675]  ? zap_class+0x640/0x640
[ 2398.541414]  ? find_held_lock+0x36/0x1c0
[ 2398.545499]  ? handle_mm_fault+0x42a/0xc70
[ 2398.549753]  ? lock_downgrade+0x900/0x900
[ 2398.553924]  ? check_preemption_disabled+0x48/0x280
[ 2398.558963]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2398.563905]  ? kasan_check_read+0x11/0x20
[ 2398.568069]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
08:16:16 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4305, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2398.573371]  ? rcu_softirq_qs+0x20/0x20
[ 2398.577375]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2398.582498]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2398.588052]  ? check_preemption_disabled+0x48/0x280
[ 2398.593087]  handle_mm_fault+0x54f/0xc70
[ 2398.593108]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2398.593129]  ? find_vma+0x34/0x190
[ 2398.593151]  __do_page_fault+0x5e8/0xe60
[ 2398.593171]  ? trace_hardirqs_off+0xb8/0x310
[ 2398.613863]  do_page_fault+0xf2/0x7e0
[ 2398.617686]  ? vmalloc_sync_all+0x30/0x30
[ 2398.621847]  ? error_entry+0x70/0xd0
[ 2398.625584]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2398.630614]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2398.635567]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2398.640516]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2398.645390]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2398.650422]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2398.655894]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2398.660929]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2398.665958]  ? page_fault+0x8/0x30
[ 2398.669520]  ? trace_hardirqs_off_thunk+0x1a/0x1c
08:16:16 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xfeffffff00000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2398.674390]  ? page_fault+0x8/0x30
[ 2398.677946]  page_fault+0x1e/0x30
[ 2398.681406] RIP: 0033:0x4510a0
[ 2398.684607] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2398.703515] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2398.708890] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2398.716170] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
08:16:16 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x60, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:16 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000140)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@ipv4={[], [], @remote}}, 0x0, @in=@broadcast}}, &(0x7f0000000240)=0xe8)
sendmsg$can_raw(r1, &(0x7f0000000380)={&(0x7f0000000280)={0x1d, r2}, 0x10, &(0x7f0000000340)={&(0x7f00000002c0)=@canfd={{0x4, 0x4, 0x200, 0x80}, 0x6, 0x2, 0x0, 0x0, "f3c48d055b543a85b5f3315865f62ce8eeff066906c593953c43ca3585a420d5284d9bfce9c3723b41f6eea8e840118a9d12709eef7fa37ab851caebeed3d3a4"}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0xc000)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x20000, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x7, 0x310, 0x0, 0xe0f, 0x1000, 0x8000, 0x6, 0x2, <r4=>0x0}, &(0x7f00000000c0)=0x20)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000100)={r4, 0x5}, 0x8)
openat$vhci(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vhci\x00', 0xa000, 0x0)
r5 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r5)

08:16:16 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x400, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={<r3=>0x0, <r4=>0x0})
ppoll(&(0x7f00000000c0)=[{r0, 0x1}, {r0, 0x1000}, {r2, 0x4010}], 0x3, &(0x7f0000000280)={r3, r4+30000000}, &(0x7f00000002c0)={0x4}, 0x8)
write$eventfd(r2, &(0x7f0000000000)=0x4, 0x8)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000140))
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

[ 2398.723445] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2398.723455] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2398.723465] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:16 executing program 5:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x2000)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000280)=ANY=[@ANYBLOB="0800000007e95ca87aece10f03f1a30493e0858c9e049b1e601000000009f7a07dbc1e00000003000000f4c526c0cc0800bba86ebc65fde3ed000002000000"])
syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = semget(0x0, 0x4, 0x586)
semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000140)=""/131)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000080)={0x0, 0x4004400})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000919000/0x400000)=nil, 0x400000, 0xffffffffffffffff, 0x8031, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x20)
ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0))
openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000004c0))
openat$sequencer(0xffffffffffffff9c, 0x0, 0xc0200, 0x0)
sched_setscheduler(0x0, 0x6, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x80000, 0x0)
clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0)
r5 = socket(0x1e, 0x805, 0x0)
mkdir(&(0x7f00000005c0)='./file0\x00', 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x0, 0x200, 0x0, 0x0, 0x38f, 0x0, 0x0, 0xb08, 0x0, 0x7, 0x3, 0x800, 0xffffffffffffffff, 0x5a}})
sendmsg(r5, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)

[ 2398.831877] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2398.837106] CPU: 0 PID: 22443 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2398.844481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2398.844489] Call Trace:
[ 2398.844516]  dump_stack+0x244/0x39d
[ 2398.844544]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2398.844580]  handle_userfault.cold.32+0x47/0x62
[ 2398.844615]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2398.844637]  ? mark_held_locks+0x130/0x130
[ 2398.844655]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2398.844671]  ? futex_wait_setup+0x266/0x3e0
[ 2398.844704]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2398.844724]  ? userfaultfd_ctx_put+0x830/0x830
[ 2398.844745]  ? futex_wait+0x5a1/0xa50
[ 2398.874738]  ? print_usage_bug+0xc0/0xc0
[ 2398.874758]  ? print_usage_bug+0xc0/0xc0
[ 2398.874778]  ? print_usage_bug+0xc0/0xc0
[ 2398.874800]  ? zap_class+0x640/0x640
[ 2398.884046]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2398.884063]  ? futex_wake+0x304/0x760
[ 2398.884093]  ? find_held_lock+0x36/0x1c0
[ 2398.884121]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2398.884139]  ? lock_downgrade+0x900/0x900
[ 2398.884163]  ? kasan_check_read+0x11/0x20
[ 2398.893659]  ? do_raw_spin_unlock+0xa7/0x330
[ 2398.893676]  ? do_raw_spin_trylock+0x270/0x270
[ 2398.893695]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2398.893722]  __handle_mm_fault+0x4bbd/0x5be0
[ 2398.893746]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2398.902134]  ? zap_class+0x640/0x640
[ 2398.902149]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2398.902166]  ? kasan_check_read+0x11/0x20
08:16:16 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88caffff00000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:16 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f0000000040)=""/81)
close(r1)

[ 2398.902183]  ? rcu_softirq_qs+0x20/0x20
[ 2398.902211]  ? zap_class+0x640/0x640
[ 2398.902225]  ? zap_class+0x640/0x640
[ 2398.902246]  ? find_held_lock+0x36/0x1c0
[ 2398.907688] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2398.910377]  ? handle_mm_fault+0x42a/0xc70
[ 2398.910399]  ? lock_downgrade+0x900/0x900
[ 2399.008844]  ? check_preemption_disabled+0x48/0x280
[ 2399.008864]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2399.008882]  ? kasan_check_read+0x11/0x20
[ 2399.008898]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2399.008914]  ? rcu_softirq_qs+0x20/0x20
[ 2399.008932]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2399.008952]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2399.008969]  ? check_preemption_disabled+0x48/0x280
[ 2399.008994]  handle_mm_fault+0x54f/0xc70
08:16:17 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:17 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:17 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x200, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000080)={0x5, 0x80000001, 0x9, 0x1, 0x7})

08:16:17 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x4c, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2399.009015]  ? __handle_mm_fault+0x5be0/0x5be0
08:16:17 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2399.009037]  ? find_vma+0x34/0x190
[ 2399.009059]  __do_page_fault+0x5e8/0xe60
08:16:17 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
mknod$loop(&(0x7f0000000040)='./file0\x00', 0xc000, 0x0)

[ 2399.009074]  ? trace_hardirqs_off+0xb8/0x310
[ 2399.009101]  do_page_fault+0xf2/0x7e0
[ 2399.009119]  ? vmalloc_sync_all+0x30/0x30
[ 2399.009135]  ? error_entry+0x70/0xd0
[ 2399.009153]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2399.009169]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2399.009186]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2399.009202]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2399.009219]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2399.009235]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2399.009253]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2399.009273]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2399.009288]  ? page_fault+0x8/0x30
[ 2399.009307]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2399.009324]  ? page_fault+0x8/0x30
[ 2399.009359]  page_fault+0x1e/0x30
[ 2399.009374] RIP: 0033:0x4510a0
[ 2399.009391] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
08:16:17 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x4000, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

[ 2399.009400] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2399.009413] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2399.009423] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2399.009433] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2399.009443] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2399.009453] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2399.026040] CPU: 1 PID: 22417 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2399.026050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2399.026055] Call Trace:
[ 2399.026074]  dump_stack+0x244/0x39d
[ 2399.026094]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2399.026121]  handle_userfault.cold.32+0x47/0x62
[ 2399.026148]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2399.026166]  ? mark_held_locks+0x130/0x130
[ 2399.026181]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2399.026194]  ? futex_wait_setup+0x266/0x3e0
[ 2399.026208]  ? zap_class+0x640/0x640
[ 2399.026235]  ? __sanitizer_cov_trace_switch+0x53/0x90
08:16:17 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6c00)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2399.026253]  ? userfaultfd_ctx_put+0x830/0x830
[ 2399.026267]  ? futex_wait+0x5a1/0xa50
[ 2399.026301]  ? print_usage_bug+0xc0/0xc0
[ 2399.026325]  ? print_usage_bug+0xc0/0xc0
[ 2399.026356]  ? print_usage_bug+0xc0/0xc0
[ 2399.026374]  ? zap_class+0x640/0x640
[ 2399.026391]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2399.026406]  ? futex_wake+0x304/0x760
[ 2399.026423]  ? __ia32_sys_mmap_pgoff+0x1a0/0x1a0
[ 2399.026450]  ? find_held_lock+0x36/0x1c0
[ 2399.026475]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2399.026492]  ? lock_downgrade+0x900/0x900
08:16:17 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x7a00, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2399.026517]  ? kasan_check_read+0x11/0x20
[ 2399.026540]  ? do_raw_spin_unlock+0xa7/0x330
[ 2399.026555]  ? do_raw_spin_trylock+0x270/0x270
[ 2399.026573]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2399.026607]  __handle_mm_fault+0x4bbd/0x5be0
[ 2399.026631]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2399.026651]  ? zap_class+0x640/0x640
[ 2399.026664]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2399.026679]  ? kasan_check_read+0x11/0x20
[ 2399.026696]  ? rcu_softirq_qs+0x20/0x20
[ 2399.026722]  ? zap_class+0x640/0x640
[ 2399.026737]  ? zap_class+0x640/0x640
[ 2399.026758]  ? find_held_lock+0x36/0x1c0
[ 2399.026782]  ? handle_mm_fault+0x42a/0xc70
[ 2399.026800]  ? lock_downgrade+0x900/0x900
[ 2399.026817]  ? check_preemption_disabled+0x48/0x280
[ 2399.026837]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2399.026860]  ? kasan_check_read+0x11/0x20
[ 2399.026876]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2399.026892]  ? rcu_softirq_qs+0x20/0x20
[ 2399.026908]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2399.026926]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2399.026944]  ? check_preemption_disabled+0x48/0x280
[ 2399.026968]  handle_mm_fault+0x54f/0xc70
[ 2399.026987]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2399.027007]  ? find_vma+0x34/0x190
[ 2399.027027]  __do_page_fault+0x5e8/0xe60
[ 2399.027043]  ? trace_hardirqs_off+0xb8/0x310
[ 2399.027070]  do_page_fault+0xf2/0x7e0
[ 2399.027087]  ? vmalloc_sync_all+0x30/0x30
[ 2399.027102]  ? error_entry+0x70/0xd0
[ 2399.027118]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2399.027131]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2399.027147]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2399.027162]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2399.027179]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2399.027195]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2399.027216]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2399.027230]  ? page_fault+0x8/0x30
[ 2399.027249]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2399.027267]  ? page_fault+0x8/0x30
[ 2399.027283]  page_fault+0x1e/0x30
[ 2399.027295] RIP: 0033:0x4510a0
[ 2399.027311] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2399.027319] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2399.027331] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2399.027359] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2399.027369] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2399.027379] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2399.027389] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2399.502518] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2399.502542] CPU: 0 PID: 22484 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2399.502554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2399.502560] Call Trace:
[ 2399.502585]  dump_stack+0x244/0x39d
[ 2399.502608]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2399.502636]  handle_userfault.cold.32+0x47/0x62
[ 2399.502663]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2399.502681]  ? mark_held_locks+0x130/0x130
[ 2399.502700]  ? find_held_lock+0x36/0x1c0
[ 2399.502727]  ? userfaultfd_ctx_put+0x830/0x830
[ 2399.502749]  ? kasan_check_read+0x11/0x20
[ 2399.502765]  ? print_usage_bug+0xc0/0xc0
[ 2399.502778]  ? do_raw_spin_trylock+0x270/0x270
[ 2399.502794]  ? print_usage_bug+0xc0/0xc0
[ 2399.502812]  ? print_usage_bug+0xc0/0xc0
[ 2399.502828]  ? zap_class+0x640/0x640
[ 2399.502844]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2399.502859]  ? futex_wake+0x304/0x760
[ 2399.502890]  ? find_held_lock+0x36/0x1c0
[ 2399.502916]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2399.502934]  ? lock_downgrade+0x900/0x900
[ 2399.502957]  ? kasan_check_read+0x11/0x20
[ 2399.502971]  ? do_raw_spin_unlock+0xa7/0x330
[ 2399.502985]  ? do_raw_spin_trylock+0x270/0x270
[ 2399.503003]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2399.503035]  __handle_mm_fault+0x4bbd/0x5be0
[ 2399.503062]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2399.503082]  ? zap_class+0x640/0x640
[ 2399.503097]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2399.503113]  ? kasan_check_read+0x11/0x20
[ 2399.503129]  ? rcu_softirq_qs+0x20/0x20
[ 2399.503155]  ? zap_class+0x640/0x640
[ 2399.503169]  ? zap_class+0x640/0x640
[ 2399.503189]  ? find_held_lock+0x36/0x1c0
[ 2399.503213]  ? handle_mm_fault+0x42a/0xc70
[ 2399.503229]  ? lock_downgrade+0x900/0x900
[ 2399.503245]  ? check_preemption_disabled+0x48/0x280
[ 2399.503263]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2399.503277]  ? kasan_check_read+0x11/0x20
[ 2399.503292]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2399.503308]  ? rcu_softirq_qs+0x20/0x20
[ 2399.503324]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2399.503361]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2399.503381]  ? check_preemption_disabled+0x48/0x280
[ 2399.503405]  handle_mm_fault+0x54f/0xc70
[ 2399.503425]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2399.503446]  ? find_vma+0x34/0x190
[ 2399.503466]  __do_page_fault+0x5e8/0xe60
[ 2399.503480]  ? trace_hardirqs_off+0xb8/0x310
[ 2399.503505]  do_page_fault+0xf2/0x7e0
[ 2399.503520]  ? vmalloc_sync_all+0x30/0x30
[ 2399.503535]  ? error_entry+0x70/0xd0
[ 2399.503551]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2399.503566]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2399.503581]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2399.503596]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2399.503612]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2399.503627]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2399.503643]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2399.503660]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2399.503674]  ? page_fault+0x8/0x30
[ 2399.503692]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2399.503709]  ? page_fault+0x8/0x30
[ 2399.503724]  page_fault+0x1e/0x30
[ 2399.503736] RIP: 0033:0x4510a0
[ 2399.503751] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2399.503759] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2399.503773] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2399.503783] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2399.503793] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2399.503803] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2399.503813] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:18 executing program 5:
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000300)={{0x0, 0x2}, 0x0, 0x80000000})
ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1fe, 0x0)

08:16:18 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6800, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:18 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x2000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:18 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x5)

08:16:18 executing program 1:
prctl$PR_GET_KEEPCAPS(0x7)
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:16:18 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x300)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:18 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3f00, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:18 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sysinfo(&(0x7f0000000040)=""/96)
close(r1)

08:16:18 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x300000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:18 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8035000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:18 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x200000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:18 executing program 5:
r0 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x173, &(0x7f00000007c0), 0x0, &(0x7f0000000240)=ANY=[])
syz_mount_image$ntfs(0x0, &(0x7f0000000080)='./file1\x00', 0x2, 0x0, &(0x7f0000000180), 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mount$overlay(0x404005, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0x4000})
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
symlinkat(&(0x7f00000001c0)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00')
mkdir(0x0, 0x0)
syz_mount_image$gfs2(&(0x7f0000000400)='gfs2\x00', &(0x7f0000000500)='./file0\x00', 0x6, 0x1, &(0x7f0000000800)=[{&(0x7f00000007c0)="abd92ea4647e79292854414a7185b7a84e11ec742d7510f29fa7f2892155", 0x1e}], 0x8000, 0x0)
ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0)
execve(0x0, 0x0, &(0x7f0000001480))
syz_open_dev$sndpcmc(&(0x7f00000004c0)='/dev/snd/pcmC#D#c\x00', 0x1, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x10})
splice(0xffffffffffffffff, &(0x7f0000000280), r0, &(0x7f0000000c80), 0x10000001ff, 0x3)
vmsplice(0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x0)
msgsnd(0x0, 0x0, 0x0, 0x0)
getresuid(&(0x7f0000000b00), &(0x7f0000000b40), &(0x7f0000000b80))
getegid()
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0xffffffffffffffff)
mount$overlay(0x0, &(0x7f0000000540)='./file1/file0\x00', 0x0, 0x2100000, &(0x7f0000000600)={[{@workdir={'workdir', 0x3d, './file1/file0'}}], [{@measure='measure'}, {@uid_lt={'uid<'}}, {@appraise='appraise'}]})
syz_genetlink_get_family_id$nbd(&(0x7f0000000300)='nbd\x00')
stat(&(0x7f0000000340)='./file1\x00', &(0x7f0000000440))
syz_mount_image$iso9660(&(0x7f00000002c0)='iso9660\x00', &(0x7f0000000cc0)='./file1\x00', 0x5, 0x1, &(0x7f0000000dc0)=[{&(0x7f0000000d00)="ad03380d062b4e49e867da5d6fb0210849a3f616065d85a07d28bbf5403f064931eaa5465f9d618fea2b4843888d479f2684fa535f99aba1c446e88741dbf3e5dacb7903ab895b282463a4a3077fbbee104619dd9d233a2bec4954e786d21d89973438664301b6aff0096d3aba4747bc4eb839edc38efdb7319ed178b3", 0x7d, 0x400}], 0x800000, 0x0)

[ 2401.076687] handle_userfault: 6 callbacks suppressed
[ 2401.076698] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2401.099415] CPU: 0 PID: 22538 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2401.106811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2401.116174] Call Trace:
[ 2401.118789]  dump_stack+0x244/0x39d
[ 2401.122449]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2401.127680]  handle_userfault.cold.32+0x47/0x62
[ 2401.132398]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2401.137002]  ? mark_held_locks+0x130/0x130
[ 2401.141257]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2401.146291]  ? futex_wait_setup+0x266/0x3e0
[ 2401.150644]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2401.155858]  ? userfaultfd_ctx_put+0x830/0x830
[ 2401.160453]  ? futex_wait+0x5a1/0xa50
[ 2401.164277]  ? print_usage_bug+0xc0/0xc0
[ 2401.168374]  ? print_usage_bug+0xc0/0xc0
[ 2401.172451]  ? print_usage_bug+0xc0/0xc0
[ 2401.176612]  ? zap_class+0x640/0x640
[ 2401.180357]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2401.183662] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2401.185483]  ? futex_wake+0x304/0x760
[ 2401.193798]  ? find_held_lock+0x36/0x1c0
[ 2401.197881]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2401.202487]  ? lock_downgrade+0x900/0x900
[ 2401.206657]  ? kasan_check_read+0x11/0x20
[ 2401.210821]  ? do_raw_spin_unlock+0xa7/0x330
[ 2401.215246]  ? do_raw_spin_trylock+0x270/0x270
[ 2401.219848]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2401.225496]  __handle_mm_fault+0x4bbd/0x5be0
[ 2401.229926]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2401.235268]  ? zap_class+0x640/0x640
[ 2401.238992]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2401.243936]  ? kasan_check_read+0x11/0x20
[ 2401.248099]  ? rcu_softirq_qs+0x20/0x20
[ 2401.252099]  ? zap_class+0x640/0x640
[ 2401.255829]  ? zap_class+0x640/0x640
[ 2401.259606]  ? find_held_lock+0x36/0x1c0
[ 2401.263688]  ? handle_mm_fault+0x42a/0xc70
[ 2401.267947]  ? lock_downgrade+0x900/0x900
[ 2401.272107]  ? check_preemption_disabled+0x48/0x280
[ 2401.277141]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2401.282081]  ? kasan_check_read+0x11/0x20
[ 2401.286244]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2401.291531]  ? rcu_softirq_qs+0x20/0x20
[ 2401.295517]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2401.300760]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2401.306320]  ? check_preemption_disabled+0x48/0x280
[ 2401.311391]  handle_mm_fault+0x54f/0xc70
[ 2401.315464]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2401.315486]  ? find_vma+0x34/0x190
[ 2401.315508]  __do_page_fault+0x5e8/0xe60
[ 2401.315529]  ? trace_hardirqs_off+0xb8/0x310
[ 2401.323655]  do_page_fault+0xf2/0x7e0
[ 2401.323673]  ? vmalloc_sync_all+0x30/0x30
[ 2401.323689]  ? error_entry+0x70/0xd0
[ 2401.323712]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2401.340099]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2401.340118]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2401.340134]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2401.340155]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2401.348887]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2401.348906]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2401.348927]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2401.363806]  ? page_fault+0x8/0x30
[ 2401.363827]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2401.363846]  ? page_fault+0x8/0x30
[ 2401.363861]  page_fault+0x1e/0x30
[ 2401.363874] RIP: 0033:0x4510a0
[ 2401.363892] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2401.363900] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2401.374377] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2401.374387] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2401.374397] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2401.374406] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2401.374421] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2401.463748] CPU: 1 PID: 22552 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
08:16:19 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x3, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b6, 0xfffffffffffff69c, 0xfffffffffffffffd, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x800000000}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
close(r1)

08:16:19 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f00000000c0)={0x0, 0xffffffff, 0x9, [], &(0x7f0000000040)={0x99096e, 0x6, [], @ptr=0x48e4}})
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:19 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4800000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2401.471135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2401.480497] Call Trace:
[ 2401.483110]  dump_stack+0x244/0x39d
[ 2401.486757]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2401.491971]  handle_userfault.cold.32+0x47/0x62
[ 2401.496675]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2401.501275]  ? mark_held_locks+0x130/0x130
[ 2401.505536]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2401.510567]  ? futex_wait_setup+0x266/0x3e0
[ 2401.514912]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2401.520121]  ? userfaultfd_ctx_put+0x830/0x830
[ 2401.524719]  ? futex_wait+0x5a1/0xa50
08:16:19 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

[ 2401.528541]  ? print_usage_bug+0xc0/0xc0
[ 2401.532623]  ? print_usage_bug+0xc0/0xc0
[ 2401.536705]  ? print_usage_bug+0xc0/0xc0
[ 2401.540783]  ? zap_class+0x640/0x640
[ 2401.544512]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2401.549635]  ? futex_wake+0x304/0x760
[ 2401.553467]  ? find_held_lock+0x36/0x1c0
[ 2401.557558]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2401.562162]  ? lock_downgrade+0x900/0x900
[ 2401.566335]  ? kasan_check_read+0x11/0x20
[ 2401.570508]  ? do_raw_spin_unlock+0xa7/0x330
[ 2401.574938]  ? do_raw_spin_trylock+0x270/0x270
[ 2401.579534]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2401.585188]  __handle_mm_fault+0x4bbd/0x5be0
[ 2401.589626]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2401.594491]  ? zap_class+0x640/0x640
[ 2401.598220]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2401.603163]  ? kasan_check_read+0x11/0x20
[ 2401.607335]  ? rcu_softirq_qs+0x20/0x20
[ 2401.611361]  ? zap_class+0x640/0x640
[ 2401.615092]  ? zap_class+0x640/0x640
[ 2401.618827]  ? find_held_lock+0x36/0x1c0
[ 2401.622919]  ? handle_mm_fault+0x42a/0xc70
08:16:19 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x1, 0x0)
ioctl$BLKTRACETEARDOWN(r1, 0x227d, 0x0)
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x42000, 0x0)
connect$unix(r2, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e)
r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r3)

08:16:19 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x2, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

[ 2401.627172]  ? lock_downgrade+0x900/0x900
[ 2401.631332]  ? check_preemption_disabled+0x48/0x280
[ 2401.636387]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2401.641349]  ? kasan_check_read+0x11/0x20
[ 2401.645514]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2401.650806]  ? rcu_softirq_qs+0x20/0x20
[ 2401.654813]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2401.659944]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2401.665499]  ? check_preemption_disabled+0x48/0x280
[ 2401.670548]  handle_mm_fault+0x54f/0xc70
[ 2401.674633]  ? __handle_mm_fault+0x5be0/0x5be0
08:16:19 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x20100, 0x0)
r2 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x8000, 0x0)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e21, 0x16, @ipv4={[], [], @multicast1}, 0x1}, 0x1c)

[ 2401.679245]  ? find_vma+0x34/0x190
[ 2401.682815]  __do_page_fault+0x5e8/0xe60
[ 2401.686895]  ? trace_hardirqs_off+0xb8/0x310
[ 2401.691330]  do_page_fault+0xf2/0x7e0
[ 2401.695162]  ? vmalloc_sync_all+0x30/0x30
[ 2401.699420]  ? error_entry+0x70/0xd0
[ 2401.703148]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2401.708174]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2401.713115]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2401.718052]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2401.722924]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2401.727956]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2401.733425]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2401.738465]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2401.743503]  ? page_fault+0x8/0x30
[ 2401.747058]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2401.751916]  ? page_fault+0x8/0x30
[ 2401.755468]  page_fault+0x1e/0x30
[ 2401.758966] RIP: 0033:0x4510a0
08:16:19 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x204100, 0x0)
ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000080)={0xff00000000000000, 0xda2, 0x1})
close(r1)
ioctl$BLKRAGET(r2, 0x1263, &(0x7f00000000c0))

08:16:19 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2401.762172] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2401.781086] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2401.786461] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2401.793741] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2401.801022] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2401.808305] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2401.815595] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:19 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x2, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5, 0x404400)
ioctl$VHOST_SET_VRING_NUM(r2, 0x4008af10, &(0x7f0000000080)={0x0, 0x3})
close(r1)

[ 2401.965754] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2401.980303] CPU: 0 PID: 22589 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2401.987704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2401.997075] Call Trace:
[ 2401.999692]  dump_stack+0x244/0x39d
[ 2402.003347]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2402.008572]  handle_userfault.cold.32+0x47/0x62
[ 2402.013265]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2402.017862]  ? mark_held_locks+0x130/0x130
[ 2402.022108]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2402.027127]  ? futex_wait_setup+0x266/0x3e0
[ 2402.031471]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2402.036675]  ? userfaultfd_ctx_put+0x830/0x830
[ 2402.041264]  ? futex_wait+0x5a1/0xa50
[ 2402.045080]  ? print_usage_bug+0xc0/0xc0
[ 2402.049145]  ? print_usage_bug+0xc0/0xc0
[ 2402.053216]  ? print_usage_bug+0xc0/0xc0
[ 2402.057290]  ? zap_class+0x640/0x640
[ 2402.061016]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2402.066123]  ? futex_wake+0x304/0x760
[ 2402.069942]  ? find_held_lock+0x36/0x1c0
[ 2402.074023]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2402.078614]  ? lock_downgrade+0x900/0x900
[ 2402.082777]  ? kasan_check_read+0x11/0x20
[ 2402.086930]  ? do_raw_spin_unlock+0xa7/0x330
[ 2402.091358]  ? do_raw_spin_trylock+0x270/0x270
[ 2402.095950]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2402.101594]  __handle_mm_fault+0x4bbd/0x5be0
[ 2402.106016]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2402.110865]  ? zap_class+0x640/0x640
[ 2402.114631]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2402.119566]  ? kasan_check_read+0x11/0x20
[ 2402.123720]  ? rcu_softirq_qs+0x20/0x20
[ 2402.127711]  ? zap_class+0x640/0x640
[ 2402.131430]  ? zap_class+0x640/0x640
[ 2402.135157]  ? find_held_lock+0x36/0x1c0
[ 2402.139234]  ? handle_mm_fault+0x42a/0xc70
[ 2402.143476]  ? lock_downgrade+0x900/0x900
[ 2402.147632]  ? check_preemption_disabled+0x48/0x280
[ 2402.152660]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2402.157591]  ? kasan_check_read+0x11/0x20
[ 2402.161741]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2402.167021]  ? rcu_softirq_qs+0x20/0x20
[ 2402.170998]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2402.176111]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2402.181654]  ? check_preemption_disabled+0x48/0x280
[ 2402.186681]  handle_mm_fault+0x54f/0xc70
[ 2402.190751]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2402.195358]  ? find_vma+0x34/0x190
[ 2402.198908]  __do_page_fault+0x5e8/0xe60
[ 2402.202972]  ? trace_hardirqs_off+0xb8/0x310
[ 2402.207398]  do_page_fault+0xf2/0x7e0
[ 2402.211204]  ? vmalloc_sync_all+0x30/0x30
[ 2402.215371]  ? error_entry+0x70/0xd0
[ 2402.219098]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2402.224120]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2402.229063]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2402.234003]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2402.238855]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2402.243879]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2402.249335]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2402.254385]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2402.259406]  ? page_fault+0x8/0x30
[ 2402.262953]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2402.267806]  ? page_fault+0x8/0x30
[ 2402.271365]  page_fault+0x1e/0x30
[ 2402.274825] RIP: 0033:0x4510a0
[ 2402.278035] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2402.296937] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2402.302300] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2402.309574] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2402.316848] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2402.324129] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2402.331401] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2402.388876] overlayfs: failed to resolve './file1': -2
[ 2402.438784] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2402.452059] CPU: 0 PID: 22552 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2402.459463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2402.468826] Call Trace:
[ 2402.471439]  dump_stack+0x244/0x39d
[ 2402.475088]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2402.480312]  handle_userfault.cold.32+0x47/0x62
[ 2402.485046]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2402.489655]  ? mark_held_locks+0x130/0x130
[ 2402.493911]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2402.498943]  ? futex_wait_setup+0x266/0x3e0
[ 2402.503281]  ? zap_class+0x640/0x640
[ 2402.507031]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2402.512242]  ? userfaultfd_ctx_put+0x830/0x830
[ 2402.516840]  ? futex_wait+0x5a1/0xa50
[ 2402.520664]  ? print_usage_bug+0xc0/0xc0
[ 2402.524745]  ? print_usage_bug+0xc0/0xc0
[ 2402.528827]  ? print_usage_bug+0xc0/0xc0
[ 2402.532911]  ? zap_class+0x640/0x640
[ 2402.536646]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2402.541764]  ? futex_wake+0x304/0x760
[ 2402.545580]  ? __ia32_sys_mmap_pgoff+0x1a0/0x1a0
[ 2402.550381]  ? find_held_lock+0x36/0x1c0
[ 2402.554467]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2402.559062]  ? lock_downgrade+0x900/0x900
[ 2402.563233]  ? kasan_check_read+0x11/0x20
[ 2402.567399]  ? do_raw_spin_unlock+0xa7/0x330
[ 2402.571848]  ? do_raw_spin_trylock+0x270/0x270
[ 2402.576453]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2402.582114]  __handle_mm_fault+0x4bbd/0x5be0
[ 2402.586588]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2402.591458]  ? zap_class+0x640/0x640
[ 2402.595185]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2402.600132]  ? kasan_check_read+0x11/0x20
[ 2402.604300]  ? rcu_softirq_qs+0x20/0x20
[ 2402.608303]  ? zap_class+0x640/0x640
[ 2402.612048]  ? zap_class+0x640/0x640
[ 2402.615787]  ? find_held_lock+0x36/0x1c0
[ 2402.619873]  ? handle_mm_fault+0x42a/0xc70
[ 2402.624126]  ? lock_downgrade+0x900/0x900
[ 2402.628288]  ? check_preemption_disabled+0x48/0x280
[ 2402.633325]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2402.638278]  ? kasan_check_read+0x11/0x20
[ 2402.642437]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2402.647724]  ? rcu_softirq_qs+0x20/0x20
[ 2402.651717]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2402.656853]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2402.662414]  ? check_preemption_disabled+0x48/0x280
[ 2402.667454]  handle_mm_fault+0x54f/0xc70
[ 2402.671542]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2402.676148]  ? find_vma+0x34/0x190
[ 2402.679710]  __do_page_fault+0x5e8/0xe60
[ 2402.683796]  ? trace_hardirqs_off+0xb8/0x310
[ 2402.688214]  do_page_fault+0xf2/0x7e0
[ 2402.692017]  ? vmalloc_sync_all+0x30/0x30
[ 2402.696172]  ? error_entry+0x70/0xd0
[ 2402.699894]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2402.704916]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2402.709833]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2402.714755]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2402.719611]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2402.724636]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2402.730092]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2402.735104]  ? page_fault+0x8/0x30
[ 2402.738641]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2402.743478]  ? page_fault+0x8/0x30
[ 2402.747013]  page_fault+0x1e/0x30
[ 2402.750457] RIP: 0033:0x4510a0
[ 2402.753638] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2402.772530] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2402.777885] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2402.785149] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2402.792406] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2402.799662] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2402.806919] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:20 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x2000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:20 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xb00000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:20 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x1, 0x2000)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r3, 0x501, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x1c, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @empty}, 0x10)
r4 = semget(0x2, 0x7, 0x6fd9c8565e924945)
semctl$GETPID(r4, 0x0, 0xb, &(0x7f00000000c0)=""/155)
getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x41, &(0x7f00000002c0)={'raw\x00', 0x65, "f0f7355214166431f6508a3fe10f1b582be6b8ba42644c36b6fa7910dafffe5657673323f9ebdfc466e5e4b6fe9b64a8e50317a0a8a1df02d2371e4bf291f12724c90bbb594bedbbb24e04f9a5d81c84e180142f84cab0d6abf401e3c894effd77282c1497"}, &(0x7f0000000380)=0x89)
close(r1)

08:16:20 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000000)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

08:16:20 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x5000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:20 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x8, 0x4000)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000080)=0x8, 0x4)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000000c0)={<r3=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r3, 0x80000, r1})

[ 2402.955796] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2402.964242] CPU: 1 PID: 22612 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2402.971625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2402.980985] Call Trace:
[ 2402.983595]  dump_stack+0x244/0x39d
[ 2402.987247]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2402.991703] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2402.992469]  handle_userfault.cold.32+0x47/0x62
[ 2402.992505]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2403.006241]  ? mark_held_locks+0x130/0x130
[ 2403.010493]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2403.015524]  ? futex_wait_setup+0x266/0x3e0
[ 2403.019893]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2403.025104]  ? userfaultfd_ctx_put+0x830/0x830
[ 2403.029697]  ? futex_wait+0x5a1/0xa50
[ 2403.033521]  ? print_usage_bug+0xc0/0xc0
[ 2403.037602]  ? print_usage_bug+0xc0/0xc0
[ 2403.041680]  ? print_usage_bug+0xc0/0xc0
[ 2403.045755]  ? zap_class+0x640/0x640
[ 2403.049491]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
08:16:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
r2 = dup3(r0, r0, 0x80000)
ioctl$PPPOEIOCDFWD(r2, 0xb101, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x1ff, 0x80000)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0)
linkat(r3, &(0x7f0000000040)='./file0\x00', r4, &(0x7f0000000140)='./file0\x00', 0x1000)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

[ 2403.054608]  ? futex_wake+0x304/0x760
[ 2403.058435]  ? find_held_lock+0x36/0x1c0
[ 2403.062529]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2403.067134]  ? lock_downgrade+0x900/0x900
[ 2403.071306]  ? kasan_check_read+0x11/0x20
[ 2403.075486]  ? do_raw_spin_unlock+0xa7/0x330
[ 2403.079906]  ? do_raw_spin_trylock+0x270/0x270
[ 2403.084764]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2403.090433]  __handle_mm_fault+0x4bbd/0x5be0
[ 2403.094872]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2403.099738]  ? zap_class+0x640/0x640
08:16:20 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x2, 0x2)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f00000006c0)={{{@in=@remote, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@loopback}, 0x0, @in6}}, &(0x7f00000007c0)=0xe8)
r3 = fcntl$getown(r0, 0x9)
fcntl$getownex(r0, 0x10, &(0x7f0000000800)={0x0, <r4=>0x0})
fcntl$getownex(r0, 0x10, &(0x7f0000000840)={0x0, <r5=>0x0})
getresuid(&(0x7f0000000880), &(0x7f00000008c0)=<r6=>0x0, &(0x7f0000000900))
lstat(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f00000000c0)=0x1a, 0x4)
r8 = getpgid(0xffffffffffffffff)
sendmsg$nl_route(r1, &(0x7f0000005a00)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000059c0)={&(0x7f0000000a00)=@bridge_getlink={0x4f98, 0x12, 0x310, 0x70bd28, 0x25dfdbfe, {0x7, 0x0, 0x0, r2, 0x40400, 0x100}, [@IFLA_VFINFO_LIST={0x4ccc, 0x16, [{0x58, 0x1, [@typed={0x8, 0x72, @pid=r3}, @typed={0x14, 0x95, @ipv6=@ipv4={[], [], @remote}}, @typed={0xc, 0x0, @u64=0xffff}, @nested={0x24, 0x3b, [@typed={0x4, 0x18}, @typed={0x14, 0x19, @ipv6=@local}, @typed={0x8, 0x80, @pid=r4}]}, @typed={0x8, 0x67, @str='\x00'}]}, {0x2100, 0x1, [@generic="01b3550fad658e7f9ddb09d95be0acb9b8708dd0714bcd674e81d750be44382d2364b32d0c62036431bac9ae1026315cf52b1fbb51fa7e0a34ebd3a9dcf984d7424615568c5dd99ffd05bb149d83c934e091da8c2ff9e6ab99187afb707412d25c8d556af89d9eb3cdf058af4cc24e2ad7bfa4dfeb801d9518f11d49e023606ea5694a7a2b87d73584b76164fe1bd075c15930478c339c885266c8751f2fe2361855cbc1a67fe6a0bbdf06e7d7e38b3512f5408b71d7e9cc8a51365713f14f838ab8b836478fecd7a7bdf6a8c922b02fd3dedaa859437d05985489593f4aaf30198d6ee5ec36db715e3c79e73db2a03aab0c21f1ec424ee6ba0c454fdb7005e6ba7d496f2d458e76154198ffb50b65c56628d71f1a68bed96c598d58de548685d63d520de4a0d09717242dcc51a20ccc1d21dcdc5a21f9973501ed3c97782c5238ff3903265a7f1a0c0a9b4cdfe5df25d59ee69c93e9fdb64ad4d3528e343c3090ddf7922f474e82b576f6a0272220d46fc735294c5f99a2775357a7b35efdc658f165f299a5f1eb2d4d648e223ead6c104f3d127164d7209bd3a7cf0abdcfd85d12817acd916a0d6db27b6713ab0e01aa13fe8a255a140b032634a9504951b822a689425708ab103315969a879569c524cadf3d3a236426171fbf35cad2c04901ce617588cf4325a88ff7d0d6f1a654b5ba53aa831dc4f4eefec5c29df9b0227318c39656b963fa8d4e17b0dc7307f23580312903d2f0a81acacac71f2064dfaf174dc9880a9de26c750e9726ff52bbc8d571cea6f1b2d55a05e9ce918c50c397a7d9fa3155fc41759ff8a843e3ce00b6a314dee8fb8fbee1d4a25bbf145ae0d92bad930221689a9154ad2e323beef5a01ead69ddfcaf9d048cc6b5e45f4f433823f5428c4fc4ca5c400267cee5baf3f278acb7ec18af26d701f64187a716efb226a6ca704b04d42557e84452d4f1af6a389eb073b43d0326e7aeebdc257d6b8eff7df727c40de2fc5bd6816b9e742877c78675c3759ec301505e77bee7030f2e6e450bc41158e8dd7984bd519a4781a23215eda82558968c700417ffb828bea9817bf92a69be7fd4f4e59da5292ec217b3a4346e3f85ed4bc3a52ba22cf691aaeeb779b9f0a99865107293e9d04f38be8abfa70c05103637f5ce4de1d62f6c4837bb5d0581621011d4ed268132c7fcd0b999c63c803bb74dbaefd41948ca887dff1341247672a5ff7ad3586625dac009b04bc8fcc1fbd5f41fac8b83b8c0c432f22b920aad93c6c231581857f02c6d6514ff4f6386e7f9cc4a7c9adffa37f2f22b7bd2116c33bb30724ed62767ccec8d98c23ab36d014ea8f8a977798e04818c62cacef7c236f27a1c87d50dfcf9ed32c429c956c066853553038ae06964cc19ddba201ab461cc1166de81b56c53145e6c81b6709c31f3bc84498e7b2073a59323ade27e1232c54907d817c20db9d2d1a80ba1543f75c1a6099e36e6f6e15169a1f5fc3c1a4fb802e25e2cc10bf21a5c8a2cf29c1e16c1b724463c65a91a50061fff4876502ab8c52ec5a43f872ae5269ce23e7bc976510ed7978a2031543a14934fef7fa07ac805656bcc47203a0009af291614151e8c6fca41f378cb048ad7577ad3d299a3684b02b7d38ad573899aa3c1d284bc83eecbab00eaa5a8b3c3153f0f30a460c75c99c5f3bf7dadfaed96070a63cea12b148fd3ce0dea8248a6173b2bc55b1c0893a35627dcb26783a49f3acba8caa6603a7f41d16b355d4032102706b5191b8bc3c538bad16f9a5d5645c694a738cadb39cd07a86628cb5b063a0536f1027471574ba4c99b626cd0dddd32d32196bc1659adf7f2b43d407848d24f9f32656221711d7c8b09d45a1f5919ef16b872dbdd510960591c14c51a2189a195f104f506f43b3be297d7ad2bbc831b0da76dcee7b729ca46c55d6846d466a2960ca839494b46f4743cb44ff46bedb9c7be2e058dc58cab900df83eb1e4eec128e306bead839de15d2ac4c703c21497fe86d8e2d0db5e195099a9ba41bcc05600c753e6cd94c3b9d2811c6ca4837cae054cb0df17151788990c07483678eda9482eda40462b8e632b3433c54252576203288657f2fcb24fe2aa94732cb697cbccd6565e6d226cd75a295c61cba5470f766a3b0114570d42d29acba68d5082c099a6146b850cab1cddd0cdf5b7e99efd3fea5f03c31a50f41c422a66ee5c40a801cbe4cdae907534cc00b0372dab0cfc19f6f3cce757c520076b7339273837d40f306dd3a7efb8e8e10f8968d9798d0b58068d36e9c27984ca5db84b52bfe030fe8cbaa09430be01e208d2173b187c7144ea4b1dfbf054e42a5a3396a15d0ce3b603d87dbe90a8ead85219ea580e6f1ab3c5011d7f64a8e31ec3d4de180ae113df74d7039b960a24be8f20d49f6858a2957b91ca38dc6b5a43f2b371a7b916cc9d85ec2ba81d7a8354e02d4248402816c05d43f8ccb6f5d056a3ff374f1aa9d136d5c129c03dff69236d8008fcc659599d5092d94d39ce6cc2ffd20f25e0e457401bca035dae1d01015047c69424578c2467473f7f15df7a29c852169bcf25cac29b066896667177d1ceaaae0b8e960b51cc7244072dd247a0025ef0693dd213b133117e8fac8f80f27605d08f6cffcb7c47fa480c75f7604e0adae46f147fc4fc5a7aff8d346742202cc988292ff2b4519548d0f94127b0b51f484b5f0e671ca3aa4c6d8f186de0eeffb552efbb4c229c28deb6cfc7f10107ed17340ce2b0050bb8bb0711bba08a7bf670ff9b9c25efbb4c43bebac46050e91cf867a9060aefaf3db5db157ed0df97f842a8dc9473dd8bcc8a7af034c80b904d1edf26370151f9c71bf07c699752fb1a6b02f963b1a7570eb892051e574f02cd28c2c4bd1d5a21f137606e10f2a0eedf6c7693a28ee9a3f1fae2187536b60d09997d3f81cea0bafea78e6a0e780aae5c8d9468f23228f248f2f86449b653226542d664a35963e2a72adf6773052c71fc632995b04d497eed3426d69dee621abd1d9320122c987290b28054b891d5301cff92ce0e11beaf5c5e3e19de2983854b93b7e569d8f37f3563f7616f75f4b1665675f66c0a8012977633c45539744b6138dc8b268f5c5309fb86a687b0d3109056f1ae99ed090b99eea4ca8b3f6be83341c2be7bcc247b75ecd7ee78c64358bc33337f26774ed9fb5bb0cb6a62fb3aca8ee306e97829e1644a480a991fa05eaa3877ed9652b516fbe59b55244db615cff8840ddb77901c2e1253280f4316df23a1c82a1d60b2d5b2bb6f3cd96a3693a2501330aa6f2c6e901ca3ff93f88b973b4be1be67988efdfef774445fdeceaead94dcaf11c369feb472b23663b2d9c1a26e3f9dbefcf6b37481771935e0c72c430c89097a078e6448f192d4f39ef0b36184b1b7789e5100b9d032963432bb9d82329a62f4d8d35ab5c4f5a48a55fa5230fa9e457b7529bff27a6a2433b716f60f56c0b3c97fbcb4231505e054d52bea5132c8488bf20ba34e5208fb9de7feddeb75c5052d5eea6486987cd832ce6097b2bc6af2b12f1ebac346e51816297c62a0089341e7421bf92668eac8384a51faef1d7e9e530c1451c01b1910fc9a268e75de445a9d9b5e6dd203f756f6afc8ac85cf942032cb32dd5feccd1889602c32d78b4bce350c0fef8a8dd0ee0cb9012ed54a2ca8a388fbf9f90b0dd8c79f89d9b61a7219bfb8915618ef73dedcb2d9e91ab08e4060b91b78b74677d18db3b5a6e96433fcba181de8ebd5ef870bd6cfa798baa02b9863ab7f5f2a0a070baaacfa4ddfc3328518594fa8483a400e3ee0182b179a8d951dcb1c4dae283e5ade786094075f419fde57d1ead1e2de2a5f28125a38ec700113fea9e849eba3cfb7efe907e453da7524649c56cfa7c08c72181bdc7e44d316ec0d46c2c4b15a02b554ab2b6aa1d4caa4af541dbba7558e0bdbe2b916ffff4c6855b26f5a2d4002ac96b233cba9a52eaf5f1e4d46c1a0c0cfabb6e4678cde48a6a7f75c76cd82966198fbee488e0fed5746a8c936db46dfccb8e9660b0a714584e60b4a3b593b5108f3ccbcb8511520cc6a5f444116a6f768fd33112e08096b74cf8d3bb344982b92c7a9e29ebd6ab7f1d54a8a0b6f8714a392d947b18e515d6ceed0a35b11c9f2416971f7abea4a9bc5d23b9c022a9d009742e7452e9d2aca141558461c8c9a1fdded8eac08c6ac51fe1b808fffe58cf1339f1aced4a51d3e9692cc5261ea17bff28b6c1fe44266788f77479a7a1edf41bf6b516db99ccb79c6241e6c8865dbf3470f9a4d77e138acea46c30ab7683cb0fc0784a5c9b01c49f463a1cf88dfda0ca402ea3879cac87f081c78c8753a82152d97e7e5fb1434973a52ae7055425e88bfac962ca96cba3d330a2d90d84fff50f6f94ab7593b3f3f0c110aeeaf4ef1705b2e59f1f94df2b4617d0c7435039185a203e2e93b57a422351e2a7b5d5212401df673125689a5a4c9e2a19032093a47f33f4d7876bff035eace35375723f8e741d66964937fc35d6c5c795e74491e82f4703ebb24548dd396becb47a9dbf13c8970f902b8485de35c6b2e47bafa694cf8c7083f3a4827656c76d3c706d17240a6d9887f02d15f355c7e7da142e9f6ee8e992426bf10daca240fd771a581298aedbab83131eb22e3d315cc66a7c9741ad3603bb2e80576557707937233f6c31a285c9c8c050b4ffba0c54e73b1670a3a34b65c2325e9cbdb7db104c2b4180a3904179ecc38d58958fcd6a87d1716cfd1a0da8915707c83a64b7acdf1413351b5a5a224b4592d05e3ee612fc59505ddfc4b3de770f0f9995b0914ec66a175063d1c5536ae93e0865381536b713cfe13e1ecd4dada9f35d24c4bc13e175eb49f9cdfee2e960686ac487b92986b129d02c4a02a3d746f05c5484378a7b4b7af9a2675c02df70d3975593df6020d5d4fd25a3abd82270ac1b3d2b2e9a6e28c5225fc14a1a9a6fca500183bb601de368ee616d280213a0d532ecc232c21d8b20bdc3857ff90d0100aaba09d60abda9c4282c0ccd500e7ce5cb637f92b5ce9f341e85107620c437895567571f8969358c0e7f7b9422b7131224ae68d6c17af5ec926fcc6a1d641658b625b53c44c7fe09359c9a456855869044f4f7d1a4331e3f20917e03b2801f6a9296eec0e85855a7ee34dbd2a48ee647676f9479030b7a56f1181ff3576603ab979a17782dc61a1238b34d5033a31c2c778c0a630c4c1b49b87d28d8201844659720557795117675e0596952aa687d146c5b95a868048ba040d5ef3fa1c36c261b927c550ecdcb848353d2958aa684fb15baa77687160606f90f050adcfd8b1b0667db5547ad8ecc79a183c62192065eddaebe770ed58022f7627ed3be4b5bad1b09b289d8b9621d08dd0a896bbb4249ddd415f68a754b58d7f0b31c5d8b82f2c3f13a2287316e35c8ee0190fa1478c9ffbc2eb44bf9d64cb008ed042c12e429158a6640b0e5a9954b7b496eac795514056866a2a36f1010a1d47845c87b6448be822654a81eafa570cdd771cee10066dfea1758081b87b1e980caa5ab64df9b47117bf9503e21eafaa46385b589b4a0695f6537c44917aab5d904b74d073074c2074974faedbd7836c27ad17977100ca00bd7f256b934ab813aa38b9de00b4d729b31a894b164e9701599bdb6a0c305bbcc33bb1b68d52be8651925f073d48d504ddfee3d9ae5f73507cc52b876e0d83fdb23ff36bd88d8c6379076af820a61236567d80dc00f605f317522ab053ba8019f413cf514245bcf60390d58ec8ee99f71a", @nested={0xf4, 0x41, [@generic="e27ae3fef2fd480aff690959a382c2b69eec8db83679ed23f62b4ae1d20ef27dcf81705d7cd386e3c065758c0fb426bad79ffce0f3e71604d23483cbea1d84445612fac2e24dc233752ce2a91440835f66a65ce270990b13d9796315524fd6cbe86f449aff84d64561ab44ac70e70e9cbe26ad62e9bb9ffb2524d37501e6d0cc3977569b9e8fda8091cee09a4d63d5188e1a2a38edcc04aac6112e06d0d480a743762bd171444a41f0865f19008e113ba5c6a9fc3445181358b1ddf25b55cd91ca04c195aa0dc2a48d49e646deffc6afcec87f88552b900bd3369322f9a3aef1ca666bcb90dcfec996040463e7"]}, @typed={0x8, 0x37, @ipv4=@broadcast}, @generic="fa205c3a3edd794a446f82a9c2d77335773966988b9e93e161b3467721f7c6032195059ce31c8cc778a0a667452525a272cf0ef3a737a1320b85195e1c0591f34534a670dbdf757c3e3f5c8e6ab960b48efcaff53c7382510e640ac1d817d2bac3c224e1cbec06a11fceb558a878a47af2e69510040d79c7ebfe0a9231deb663f9425aaea3eefe7d34cd13f291fc30421bf95e6d8610c55f7801e811c47be9dabe116951e61efb19cbad6d4ebd26e4aa3ab12b8bcda1f7e8439007472c5fa030a6515ce7ac86ac5ba04fb08aa98d030e6d3dd02640981625352cf9bc9d7b10b60ef3f59738b098c83d087a9624568b4a3e5ab282aea6a2901fe51a2814172e065dfec27c7b92ce7137e391fc8dffc711cd8c80637887b27e2842525c57224ac4b23d64ed0699219093a0a7b250af832a7d29fffebc892ec21df62082673c2a19b9c4fabf4662b7bb271e556aa162c288f7d60a3438ca796d9776a1d3920f41486d57af9dd8b75781430cad15c042212b5d4585da80b779bfd798bbd94ed4c3864d01d813e0867ed643be84ee5396544273ae69158643eadf701be318c5c67ffc2d397da2c3990b8741c6c31c86f15d93effe94c9b88c7bdd8a64b881273689f9fd8988f6733de691e7c7674da9d8a44da08d5ff9a6d3330e455cefacb0ce617810540e9c60b7eeb2c3c5077a4d6c5cab0471c80e2553dad0b5090c255d3584911a13db5ac524d2730263305b199b774706ec0ffe21413bcaa57dfca4543fddb96d235a112d7c4848293604f6e9a10891a2b10314bcce18aae6be31b3858742a52320d7f1c923f5fa52f9f4ea196c418d00cb335b32fbd65f9a6c1e02732cddbca853114811b214bddc191f64aa0644b982d4ef3b3b6b98b8358a84ce0c874543c062e169f60c7ef25f7e0001fe747636565bf4804a82b8895c5c1da1f4e48a9a77191e45f5fcc0291fcca94ed2267a0ef9dc2eba1646ea19ec4c879c3459ab215613e05fb6bf2d9aab40bd61f9ccb17ce0929a8c04ec04d190f25a982b5f3b9e90fb3c03e7a55068db594e81a9e1117d726fc194ac251767b3abd7ccf537461bbc6ec3af2c216ca57d2257ca4b41e0bf43469ea9fcbc0c150409ab5cbbb9cb1d9862d4bc84ce9ddc1a5608a532584d4af73d499aa944a27e7523f2a272fa58168498493bc4549656b26055550910d18000d6a386986bb414df6d22090147729f8cc247aeed016d0e422b68ab013b3eab4928b789cfc4313dff2f757786f5caf6f6e6c2f6d45dfc2b58dd3cd47d8fb2c26cbf619ef225cf9be88001683d298d30fa501b3be2023ee0a8b2c7bf03b66c8270824d570f6e69579fc19f3c5d146fe866a87a06716dc82e259a6148de55840966dcee6017307e053367190c35bd53fe7db8a67b1382c3489014e0ad2f80a2ae4cf911c247d284c083bf71134728dd3eb6ef11852eb7ad592d76c85ebd53ca361951377b3ba8fef70936a37f01d53bdd49cb3c12e6e24df4dd6b56543560076caaf85b7a8fb8dde2380903b97494d15e9f05daa95298f665437c9d400ecfa55c884da66f8e9e244c5fbf85b28b8ea2eb93db3168aa6adeb67810c83ba4798f798b9cc069f029cb138b3ed0bdeadef4accea33ae506180d5a7304265f188f866ca8fafa7ec4ed07e2ea8a90c15bc035d6e344b12ac2e71f2295dd6a1ad47fb68dfb2dac4e36b961d84cc6b43aebe17314d581cb5f09242c4570bf264942a2cdf1bc56e4b5710a25fdb8a9686ecf2398446c4845e46d9522dd8333681780acf3a95a7139f0fdcc0c1fa5adb6d591ba1a19c76b3f07be07fba48d2c0d4439c237d61be4a928cb18d199a5b412fcb768742049fab1ee3a6942aa37c7979d4cb2511b70e35841feebb3dde6370382b470fe9767e6fc421fe020b93c878aac9a851143cd609a86ce6affa9111b48937755ea62ca4bfcd390fb44a16fb789d1f46b4ee53232842d24b780e2c0236d83f5709627db5f5845378e05e56a94e402153829ecea173ee429a896827e65a6985a71a60a05f235bfd25b43ba4240df9ad12c4035ac86ca499577fcff8fb8e66c62471e435042dc9a4fa4c7a404b572b5752a8cbc3d8d0a9b243a612c74e636ad3f0c98c4d77f4cb8136d367edaf47ee6fd82e60504cde7370a3d310b5e849ba6400ddceef975ac1cf33bacb4d16c6db98bfe3c8a9c15c24e76275e9b652d696a59a8ab9e7f95eb1b959447f73306fdf0513b71dbfc375bc81eb96e751151d3cc5a9fb0ced4165f6bc4c23344f2c7e43303561f4b9079a94414a4a1a378ae9ad2d577c4c732dfe6c83e7bc32d1fd97905e6418b04b302c7387c8ff24ed713368aa72f4997b06e446a1072ab5d4e1778a2e4fcdc412037d9e8fd14713eef6d4d5897e697c8f1c4c1917c200edafe1ca5b46800cd2f57ac61c35ef6a8a279c8f36a287418d411ddee74b4742d750f58f38be5f1c1a9df11abcdc31bb852e3d5735d946ad65b60787211b33195d4309b454f3cc57941bed2fd11a51b5021086bb6d9a63258c949b6f7aa1f295fc7e8c89f7025f79bd81ba5c4e3d55514f97b85a7589bfe13110c6775cb72a26dce5a8c77ab0c279a67f4634b5d26bb9100a19c74cc14ea80dd24411cc85e4197f2a97a6853784e480a3f0d075d37d0e1d8f1a99c76ed1d70e7b6cf80684b10482ed085f2d4950c4edfacdc07b2e1101568e132d6306e5a62d5fe64f102a1be392a156eb0823cf84bb97b09b04355c4509194519a2d13e39343271d79f9c81dcdadc57a19e7dea82a64298c4b90fb7cc91ff547af1d095262987b5480f1bfa298175a029ae7d6775a4a06950b132b3456ee997cdce8fb7b199c093756e35bc90122e7c7d88995bd56c0729e5c9bb949b3143ad6339fc0e3cf7e33f491cf6de8d59262e7058806e768044f13ff8d211c29ef80cf3402b8433bec1af84014889cf919afee3b1c8228bb519f17029906d4cee2b49139b6b7a5eb71e7401b5fcb5c396cf51f83724ffaef85ab0c792606904cf5774420a961553c4280ec29fa99e385b3445f63287429a80cfd791ef690aaabae5b39f04b7d40abcd7598f89d462908496fdf23286ce0365f0d592d0fbc0f344b7be83b0b22ecc71fd0da7474058908435979859d83332e24bcd1618e9d69c1465b604dee5fa3705c440f558a0cbea9e9f96e4d965f9456159a428cfc80b2f1702a908d41171f0e0bb94a001c86d791a405111fc0e5d7bc3ad3e32053f8cc07f08f34206f702c864885342fd9bbc723b230e08a9b9f8e12272b95b8f0c6158b4e5b55522efc1ebb79e23e88b3014f913947735a19f479ed1afdc6c5032f40efddee224bd08759831bc91128b6ca9ca9ff7dfae1767b30e7aa44e451c17a1b7e41d7abf92aa5a7c3383ba3b69950665834bd16b545a1fc2d58e844cffe50addd0139ecb7fe26873bb47472459198fd78063ad3e4fd7218a89f31c1f51e58d729a9e6e3ac3712ecbe5aa129228b515302ddc5e43cb3596af7062cd737ac45e761faecf5ef73baf41ae5f43d39ad9ee59892cb4e35e3fbad821d394cc1369a22268b1bcf9fbbf1c169547a8b452dbbbadc06dfdb13c93962d98914698e56e0d76826f6a03f32a3781be4584ddce871c679cc6aa91cff179a91afd5d0c52a5585e718f9e0fd94ee02268d7bab8777925f2ce551f63d29a55669c20fee52b4e8583e2ab6235c56950e16f75253aa20cd3062d6a4c6abe18dde1af6ba26ade1ff7eb0e3d5b19aa1594aaf1b9ed6b4beaa4faee029dd3300110dab134c3b30d8b67a55d804f2196d89dce848502858579b49c78cef75083a26e1d8dacb760b4b6567df2d9773899ca35e8a90df4d20c07a91441ec96956fb31017269661a50281c9d487922e58e9d0996ad77f356d2d090cb9aa659501d649c6301175f1333c9574a93f4ccbb99b323a67bf8b531e9075fa36b956a3ef70b9c272177aea79b013def0558ef1ae635b60081a96488de93dfe91ac29f7c3dc265d29dd8b5b9db7952330cd52cb8977ba288f7d6bf2a5bd1e9ff6fe08747765c284418c1cf08a7072984cf5776de375448b362220d0f0ad88b79fd433cd5e3412e5249e9da72a7a2edd420f20bc5351c0d14269f2ae9ff69a92331e1c4604c3a306b72dab056c67bd4369e09357c0b301ecd878e52d4ee322747b39c4b5f0c0de677f7e60f162c87988a26b5ae3a459094a9fda2ecf42cd6e80f665d2878e904cc8a08ce74310e9adcf8d31bc9c393fca2f53aae0d1db4a18e74d20690d72b309a36ee95bbc355227e6dccd492114e44ecd818758aa4a4ccc7d050cec7b0b90ccbcc45acb9ab4f41df894d5179167609f85a81c2a1d033ec543fcdcb3d2bce40a0ad07ae809b35247b41e307b88feff8b780b89215ef677a5febc5d723619b932925a630228061f6f3108a8aaf2602671e9299924d153562c2068baf328aa871b7223d768c9b65ebaff4a0f3e47b0787ba4936a137b75a186867a18b9b27c44db69fc4fb70ef1455ee903c2ac1c1f43b3c57f8ee8537cd59da001cefff72a5b1878890967da488d68a657269c0a8b5a21cfc6e4939b937f9b8fa60cb7c5a1bd36eae9fb7c899d52c5599f23c0ec21a434f7ca6a6a429f0b9e98ad8fdf8fdc3a5094e0986e93ef56a1ce44dd6f9a945b50d837e3ebe141bf06c46f9bb499b4c7526c5b3e3ec96f00a34a6fee741504d5c6b555c25fad96ccad323a717bbd011a80b6ac4e8ddf1f9508a9db8f0b0cbc8d7d64d25fb05526cc5ef15e83d57d6f48c5bb89817a549b9bec4f3df9193bd14bf39a51d5c610b88c0995fa6f5c9a7329f8e3f09473ae9167352c85f7aca18c05e7239cba1ff6b2f45d5cab6406f213e6c595722ec5b1331ad4b743cce4333a366d6ad758326cbc1fe545d70c371371e1d7f5418c8f62d3ff7ddaa5892cd37c7ee64e9aa9da5887c145087a9af3ea4e9e3f465e649bbe05c24ced9ed6b90b27629e7944ecaa1c7027f4f867ab69c5bfc4aaec25656fc6ba4c4ef88930e7a042de27291dc5b5bd7701db2cf80993506b72b2d04698d55ea9cb37a93fca8f68e2be01f2367a0d8196cd8199a0426602b5519e77323d157087348c3a73f71db4eccb49e4618d205919387c45ca449c8dcfc630ec4e3e1be5b74eb32bce97b4ea61ae065732e22bb4915808e14c1a6424ccadf8c7f52d607b14d6749e6b1200b40b12afa1001ab186ed66bb320939ca69859600c7ae74b3d348faa86b9d26ecf5f1af6ec11ea37dbc28d9098114c5f2fdfc7cd8b7cde980487c1b50edfe820ea749f3cb019e766de2c9001fd685a8a1d76a87f10a25f37390b742c08f07b8d2a462ba42d2a061d0116f9c48b6f64899355002dc9ab90bfbab51df10f8cb13c78919639a1a7b0dc8ecac47fc50b7793811fb5b56a02275affe4aefb8225394141eba8d3289c4da2478ce454aedb5e780311619a8fbedb3039ad46c2720cd612e97a6ea4958d1ac8fa47c25dd29ca4386f9ef3d602a7cc0210fbfcaf6b12339ef20d9209e68d03a1f5d94be0312c7733169b1b41a618571bb8ab5349278cfc03f78fa93534e8a54cb0747b218bf1fd6cf01de8bc95bff9df9c11be60096c1044686e7030ae3175ed9ea9f97fc06ef62944c4eb75ae84298f809580528377a2e01d449e0172a9d840a48c485b14b4d4b2c71c142e7bba61224ff49fe3c95de324a3ddd41bb8db435fa2695049f7bf30ebaf69b384fc4f17613132c44539c83da8bc36bcd6da3e2fb78b7bb3714e804f237496ae158dba70a60acdc1a2291d9e45cb490e1a9e15a0cd"]}, {0x260, 0x1, [@generic="822cd478e52bcf9c390fe50983a3b0b22d9b47ef2b793b492ede897cf83b2c9548edc3736de6c51d66ece317339f0cb1e566aa1e3c9d816667df0228d98018af7fecab69a4aa38bf0e4f1b588c918cc6732ed46ec1427b3a650eb92f3425846de42bb35c2f4ca990a958bafc5524bc3ec8ca63d9bbbdd18603ae91ff71309983bdaeb5d92065d27ff49212344812952c3baaea45cf5fa550e9dda7e4d896150f67451ee42de7242a80c480e0f1f1f49241c6d4dff279460e3f7d657990256053045df989bcfc3ee195a02780933113d702c92d004ac95f9f96e687f324bfc25c5686276d8783034853b9d7333e4c30c25137a0399813d35e2f75204ed29acf", @generic="a8bcbb73c81ebcfe4cd9d856a901effebaffbe10cffdc73f2de71f7d683c219224da442ba604f5bf9d4332152c3c21f9293b04031f67c416c871e2f81ed2bd5dfa2c3ef252ec698f39020c887b9bd4b92eec554d7e615b5cf262e570e63ba2d2a6d78023dc0af9403ef2dd7ae7f679bb3d9cd79ef13e1dc320b54417818fdb6d02d277", @typed={0xc, 0x21, @u64=0xfffffffffffffff8}, @typed={0x4, 0x24}, @generic="58b3dd00e0eba04b6941f85f902ce03c9c63481573d61c5913261130546d137f833f33c5fddb36dbcd385c028b4f8669bf15a162f82d2ced130b8dc52a8db0d446f9f272c5363f0e24bf750888a51146d4f86645b1268476f12cf97bbf86a7457725e96856ac424f1890977043727e991ceea74b9a908f80fa005dee42299fa0c020ea69687195cb4cdea15e19e3c2a1045f3be11100028143247628bee6877bbc711d9ed2b319ad2235bdd33fa39a48f05ca2c5754c0cf001095c1c7e0587fec7a931131724e9"]}, {0x16fc, 0x1, [@generic="7606952214d6e9c2d251bb6c0be882bd362e0a1030e33c2eaa829dbb572b01db545451c967f5858c3f6ff915fbb330f88a21121d5ff2405af1521e727d082751bf9a9a5a67f52d219f435c26055922712c851599c46750c077611c66c6b2cd23665410acdb", @nested={0x178, 0xc, [@generic="ce3225d2431875eec2c7caac217f253fd6d8c0b9ec7f303ec2d16a8628ebcba44e9e9db4788bf3dd942cd650053b710cea6db418e90c4b04", @generic="ba81cc7e0a2896a3c582f616776447d87124212181f1205600a269ed213533c8112cb2d4d2c51ddc4018282cccc3651449553a1a57b575efa8d8b25dabb5b2a512482242838f6e0e63a5cc98185e393e6bc9ee4ee33572280677fd81a8f024e721b1f69d2885f36ed244a7fbc406fdf8c061cb86c6ef4b5b4732290d7833aea204806ef472bd4c722487c4f0b2ca31c1e67e8bed3204129dadf11820", @typed={0x4, 0x60}, @generic="05a1c220661f4697144ea76c0b137fa5ec9815525b848ad382687ed6a087494cba909d16a28f093a00323b122b6834641dd4753682b81ab32e4d6acc87129f5d301fad72b5ef6ae32b357a7fda51dcd408506a492f632c4ca1605780349c293f1102b7177888ba298096771c0d859798786f9174c68430aee7ac7ed12b469b5c60e66b72d636ec27dc5a6b2f2215108f717ee9ea8a3a813496173b1d"]}, @nested={0x11cc, 0x1f, [@generic, @generic="02eca7809373e3b2eec8bf65ca4c3d265f11c8c698e7eb1162bab36e9098fc4169b510d6a4e3dcd507ff7a038642ae85d6d2d703a447ab4be7c74f27b52bc7b261e7ba14e367b527173eb2e788e809b109999c759a4a3444d42787f00e3e7190cc5295ace6fb6e575d2f2b4fa203ce4359b89cef50ae506f36d1aa87856527d7ba483d960cd58c298ab31256c001c4224559711ea88f556ff3e7b38ae06c73c8e8c4337d40c0fc747bd3780f12db10b04a144342a19d4c6a6dd10fe2314fb3f671035c7e8342", @generic="185102e7f2f8b2bc495f25fb855a40393e9546aa6f84bf6c38beaa76da1f3150f19bc20191767bf820a8ae08ed239e5539f0c5ab8d1e03cb5407416b0278a89e1c75c1a9e4e2496ac86e9e970ad82b8b60ede0874b3d5e7c60b432b4b91c1fd973e66542625e191da9cd380370a642e95054b51eddf724747fab89614ffc5df0f910726939bb35c0c58c86adfcc5ef668207a1366b1e7bd90f1199f7433a592bf5d97e8e36c464ff9f973da7aa026c501d91f7d668f3199ea0eac6fcc8e2fe113b52197bf8237449decf0286bea0bdeb70329d44f305d7bff24a8a3fd53e934073b48c856aa2a349bec16d1a4562bf94e2f3bea72729b81d5628c3e78e3661bdc95699b5b4b831cc118aa5cb3dd2cbab73a85a3de72434c5e7b2948a1859d076bcf7b0f9d9bcef8cf44a5d07a7f9cda406e105a62dc6f0fad3718582103e8ee7859d1c124dee768400f030807d042fc017a42feb297b5965784d063610796a9f51e51d8f6ef7bc2fa7a74f8e14a08792b0a9d28d1ebdc9493fbedec775ef902c748bd6e9b5f53341a99fa82627515e51e525ea2c1d00bd2168451ffa91aeb4b825e8d2ed73917d8da2d6a981e3559c13de6369168b772d190f753b20847f0a6bca21173984edc9ec76a48f0da813cac56162074542aa845b04f3b3693ce6b7fb9e58ba854da50f715b67e5d4731a12bbc764c2cbf6fb6ff6df6aa768889dbfeec03195c1756a8370b945787237fd6c336850dbffdc8b727a09a8977b57675d7fbdca685b0209698d37065a23df884db72946d71c6ca1a5b4bf718a1e031c74a01c15f3e0b6dd11053e151322ce7bac5ff667cf6cc544607ae07e7472ae12d548111a8c22e4dc37a3c59d498c9150b3a83597908d142e64f4ed521e29ae46f1792d73ab63039ab5e9f1eec7cceb1345ca1c3a376408b8c18748ea0aab9ecfef7ac7a7cece0f666a859007dd2ad3bc3915a505701d2bd10ede42d48a639d022f10f944a6cc74a595d7e74879acc6c6695bc08040f531a8624897ff05de0a0604c3d6d3cc4100786b49e88ba0af2f2b4c3a033f8e26a3c97e1f82f55f290fcc46089545f3f98f5bfa0e8d1c12526bf4eddd7fb808feb58f09235b80424155350fa78581ccd42251d450490b2e561b1453cdb15a0e5b61d9c95cd8c145306273c9c06cb5cc42bf10eb63752c8cd080c3b15694dabd1b0a6ffa672d02fda159303975b5901c8324f71072058649b1457abd49f16b57734618a11f555a2762e661c66f9fe591694a03ba583f4b5ac6227beaf75a3319d82af494885a7670d80a79faca67394c85527e3cc178786b88afce90071ff793f84968cce2d3973eeda43d5c8bfac394df15e801b68591639e032594dfbaccd1c5893eeed596c610ee9c57f2dde79669f5eb65ea0be740262d306858eae8c000e941be9ad48f0885325de4e47223d52d02b8215721f52b76427eacdf256cfe5c7e71bc750a84c93c96d17660b7ff97f28ceb7e7c7fc7ea8eeb551ffb71098dc60e7fa6add943fc756b3dd210f1266ce05c01714a25c4bd96b84b742f90242f81c23e2e06cacd1d95146d40b171882a9c32858ddfb4aca674349fc663a1c6918ff90e96711a1a9d01a019a2f97a1359c7597cb0a5d825b07d07eb3319f0b67701fe0befb77acaca695ee2971c060d4e14d0b63bf9d39e6e993f53b7d8f13136a511c9b3f81d3feceb199a8516a121ab1977d4810c92801c23cf3d57e691238b50a80d79ddef09a4bb11e4f59fc252662fd45f3f27dfc35d92fb01e1210f171efa71aeacec32f6f2ebc4fd20e32091b78f0f50ac442adb6c3259ee97f9897793f358d4c7ff99f67f8f1444adbdd96912cad12306935c52fe76035d3ad221373f8d24354dc7147fcdc999f15ae3d244d6cec786eaf09564e4aca4978a0d1431b49383258090cd1a23e7a585917dc4d61828101d383d94e7df6f01095a1e312a902851c28fb13b35efe7c96aaf6ee8239266b24ae3e7bb2549f31cb56d70abd521b52933460d7d996ae1df7bb4f385a682b9c00ef6522da6569bea2193edb0e0ca691e3fb1a327d59b0ff26f8c2c8e824ebaca08d925fea3899e309457ce070d791e608f75a062eca87f093104c68676b5f49babc8d11d3a636add8cceecfaf66c3f5ac8f4c8825533359c74fcab894863a34df0ea6e65ab617a9b928d27021725afd9781c8f17c21959d6974a23f44d0c720841d57e852b5a1e933ad98d77a53bd7540f12db2a2262ec125a5017b9b7a13578891f59af54a5fbf9014a44cb9345bf108520bf7f9dea170a887bfc30e95eb74ca57da185f99165665164b7e9c3339699cd9242c25e247640776a121dc91c1d14d03e0f7925c3da3de966207876eaa1e558f7bc2bb79bb431efc55e9618b67eb69a7e6bd13b30232c54aa4518b42744f8ef15c1204a3c6b092bd20576da7cfdefac1f654fcd4ad0afb9d22ef3201147c8607af33f9ba42ab8d38ed2e161d5d39b11344dc61269af6a3d4af57cfe78b3008a63439be7a4c14d75a8d5fa480a3cf596c2c766f0ef7388534deeddbfee756c01e907ad51977b1521a92f49ae319c835a85ae0f34e5e9972e7ddc477f9eb480811ec58729e66b0288d99ce0ded510369336f19f87b45deef47b5f2fd7b213e32476524fa1406af81ae56ad68322550fbcc94b9aecd04305a1820574c3dcb68b13a417970588a5aa130f3e21fc8d04baa061ef95c0d427d47b4a8b4a5d5640536297528e47ee5ccc97cc38654e44b128d0498d200f643f4bbbfcd98f4bab3aa3362b4b85f522d5a8bed26f1b30dc3862302da9a900ba3d756449042f0703cebf7f5d5a9a3fb5143b5e27bb518586c391ab483519888fc0df254339a80317fe06e11eb2e730f3492a1e30d09bffb839c1f7dd90eaf1838ee2e06359b5c5b2287ba639e99d0200e1e21580dc702b79b87d4626e7ab37efc80f6defb13cc2cd912cf9fae79bb7b3ef1b9cf40453fc74396049523b00ea93c4f8d175d3924c1d2fd92b5bb947d3bc51d2eaa004a8937b0003ce93dbfeb11cdcfd8641e881fc32fbce2c4be10eb445a6da50c576528036e5f760912942f2231bdf83a186e35cd3e114cc7c8b12f7ade78224930343eb93cec973bb47a73442e85e16dc98ccaa0d5437488fc82b0a266ec8c6b82cc3ee02f8df21d8b144165b88270d75bb324fc77605f573ef08cd77fbb5df7667cd4c24179efd8ed77f5e19f2fda17e9f313c266c1c896873edb43dc0b0a584d9525e81ce99844df0ed1754209ed5634984c344b028d6b8fddb265d8cb9b5e6d93432c2a2d59b0c89b7e7d2af9ab54473fd82734219f73a66824f61a79b9d3fd013119569a26147c0fa05671e2c66917102cbaf74c4c48cee23a4abe039a1a66f1b9c8912c59bf3c1aa364645a51fd87dc49708e801edd5402c952c32fda7b58b96b298b65653db5a16f49eddd4582c0cf6f035b66616261953285e26a3b81f8264b86d0a754bbe1b12c6559bdbfd84c2dbf6ff76f33fc50be9e89e3b034480b21bee001d1001942ab4fb4d2c0f4acb2cf0a0a48d0b843870b6ccbc059c364b96b7bf54811766e508afdcf44b76ff6bc1c5238c787936501c1e6ebbe68ac9dae3ed76ed4e3c6517888351f4887cac7f1424fd982505c4cfd2e610edfcde70447f7a61fba6e0558062fe9564d2f003b916e13701812132f5a7c86dfb0d0dc27196f9844605ee612d53ef121041cddfd7e8d42a109b4bc1132ff1ed4e913c5d362d70ba04716ca25476e0a6338ec19cfb5c34cec405b9ff8590c4aa18285b26fc48a93e50862f28d580781c5d3c9fec58f24d6444c5b0503b7612c9e3ba79c95c7f096b2996ffb9512603e6ec56f7198bb1ce82e84635d00405efcf1827867b022d5557f60345861ac3bc06c59bc1452c01ae4eeace495ce3a2dffaa1287dd5c11eac26859ced9dae7a62dae89b893ebd2ff38ba1684e93f1f7005cc3766f0903aead58f156eb357ef85160571afc6661a68efacb2597cc2e4293aabfbc4f34d9430227f67846dd7614e94199150a542c76cf41d7019c5444882f75901ab1676a8663054f9f7faf097505e25ff8af8b61a3d220f0628e56d41a082cd2c0e751b9294655f9a92098b20146450eed67a0a7baf1b46a2d4724a02f9d3d33ed43a8762f8ef77099a0c5883c789659b3dea09af9cb1c81697e698e58d0dac4f8d9dfbd6b03e2cde626f711357b79e810200b3b5f4bb8e0ee5a8ca774cbaec726f89e89a74d5794aee12892ae3b3515be475ff8c7c45e3ff8f01ac74758e938c24377d0c3b44705402124b6f9967dd77680aae1b70ee2ddebb314b601a3c0008c54a8c022e7609616b30caf04be55f89f74f3ccdea4accfe596b04067e1ef9b5b5e7c197d958e18dc272cf6e33de1d6cf071b61cae3a7b401fc7f4d2de1a546364b56eae43623c3ee67815df46523c006191d2830aaf07dc8d6d0cc27e4c1c8eac2896f4e19c06e2dc8a6df586bfcb54e6d6765de27df7afe6ef06b98113442ec5dab20211bec5b4b82c8879ec4020f24f0fcbe57668f7991cc956c50a973a366754f36937d11216fcbabbc7e6ae11b91d7b1c79196137e18a83a260323ca0b246e5638ac194f294c90af03871bfe3d88c2f3fabd75125c4dad67b95658545e70e443a8a20614e46e20c69b3f63b525d8af9b691d27f80db5915c9ac9c27a385140dc29ea233878dda4043abae88f17f8a5e05a8fa4d0a6cbe7b8119ed3d67c7e1a772022359baf146bb173fd6da68b5da08a7ec7cb805d61380acfd5dddf0954a4c8390df16943a29faaf9b007ca41d0740985de6fd78b118259785d51299a2f101dcbd5889b4669fd54c91d883cdcc5502430fe49e4e606f9f6e872022bb8058347aa67051d57c1dbe40454daab494d408a22ef62f3eef8a0c751b613551cc18b5b83225db52ff941d60b7233096c53f2d6f209b36d73b0c59fc5c4ab3ca103e290da0ee78fbd9eb15b3b6d4931b772c515112961847d717130dea1c44eec8031392288b5e6acfd1235a431edb2073c107f3c73bf877d62d7af1e6c1a27aeffb76d076dfff4df33ada3911642ab8b585c7b3b75a30326d26a4c790569afb610962e87a8e6397e88f479664dd3e895c3dd133ee5817593a02f33f8cce7a569ced5704d330fd1c07e86ef036653b5558afe868048efcf54f6b656ac9c7008569579352b6c3f05ee3f1e315d37b34ac80f23ddfb70825881dd193ebcaa0d24973a426aa1c58d61c00d33efda2554d9fabf20e4118d0eb91f54402911e6f921e195a32b6e581226e25579fdbcb6dad45c36deb48b2d12db7e06c90dfeef33fcf42fdc62240cc9229b3c56a4f731c0608b0f6a476e02ee628d2b8f1cf34da28c1d151ee5362c16bdd0003af8cfa3a3d473dc7cf09089182e7879937f864ea591197c8b4712b984e0f6490d942e884d35b985b07fff9e817e0d886ed4a7b5e04dcffaaf942855c5cd4fb7816dd49404a638790390ecfdbb43872cefaed0bfa131597a0785b544f965e3b466cb725c820c7d186a3f8e752c1c8752db21b8c6e18b0695662871a38068acf9fbf010942c8801fc75d3c4d03de5d1d5f730d0310e2fc8e2864400310b316dec8e8d3b2950998237c5c0326d46eac2f91702c5b7055e2d9f885af203f6525bbfff3ada19b03bf1569e280ade309e3764aff25b0edf74036d53a98a14c958447c5b922b862c0fc145530c616df1af2994333f17fa5c79650e5614af731f462469109370cdf9ebd95e9f40d4992004b571c78baee2f9c095fe380012ee3f", @generic="4f9ef1ba5811e40c537d50c627f891bce9d259d9c5ef389b168b8de72d3e1cbee3aa42f0e697bf9510c0be89da423fc0e8600f99e3f02669b22619a2e368409a6194dfbd72a96d6af943f874cb77c7bb6484378c84300c358672ad8e690b5034f66d37fa716de46211a29d15a7a73a164674f67943e298972bfd7cab0abb6ec64f5e7da31aa3f3a6f6c42981a79fd29d1f875a22cfba6857a813f4413e066949e81a69196d5ae82b2608a2e2d24b491115abd74b2206d06a8b", @generic="e41fdd56960d2a0e58a883274a4f1a0c6d4a355eba173d38aac34a03aff5d2eecfb1bd5c840d656cd3573986f368a2bd2d3f9a6593217a6aefdb817c8a0e99e7bf025a2f6f844188b7"]}, @nested={0xfc, 0x93, [@typed={0x8, 0x6a, @pid=r5}, @generic="61e0041a3950fea3e3858d7b49bb6aabdbd7f8e47d04acde7a46edd546ab4279b8b704b26d56cda35943b032d05ce2d419e8e2854e8b26f9b10cfd7d55c2c0d550930d85c23eb6bdb485102e0c7794bf099d221747416793f739f862e2f65fbc841a09fa1f7b5b9c2817fa38ef91e75e74201d1fd5741efa2cac0922e68b54386892e4dc2f4dd3d2963688205ec559446aa0e04aa473f04f5398ac234a7e454402253f04d32303463e509bd22fb5f4d486663e383e208a0a6b4b81253dda37c4ebf5408ed12dfa10c4e16218d891abd45f49c56aca00f6c1e0e56b991088fe9a9f6d3b2aa5e03120", @typed={0x8, 0x6e, @u32=0x40}]}, @nested={0xc4, 0x51, [@typed={0x14, 0x43, @ipv6=@ipv4={[], [], @broadcast}}, @generic="672878db60939f5f54b792f9adc26d257a3f4ca5f1cf56634c1e4fe00ddafb1c09056799fd73025505a36b31ef7af81531720aa23a963297797702d32575e77ea9a8aa6cd274fbd9cd49426c3e6d293677694b8e08af07", @generic="b6c2d2a422b6471d93b3edea45e50ec341b9dea0302b49f254dd8fc943de173e2520d59aae47b9bda01f690c3c82594444c4f22caffa4fb1a19b51b788d602f1f0ad53cb85958bb9f89f83e76cbb2e43bbfba5"]}, @generic="4433040a59db32c780cf94cd28c51077574b451810483a84a323b823a11f41da93eec86232c5b22c1cca83c73de55999134577b85e31764bbdea3addd0e8624efe164cd9eac981e20d9a38494541b26cf3c1c12a7f7d7f7a4189a0beb42d8770db758de4aeb7cd2552bc5a5026ec5dd3b99cb9b694cc51d3ed5ab837", @nested={0x110, 0x45, [@typed={0x8, 0x12, @uid=r6}, @generic="f306f0011cbde8a9d0df8aacc4a623729ebd52d6beb6f9d7d4114e622f0b0d5ce651be418b097de69c6ffe22462044b8e93e5173738a3a82044532d5d92c1bef3c90243ca276985b83974ccb25e2a7c2f937df5472d06ac06e03edd4b9e3921e1ccd3be95290492a4219a6c3f2befe4308e3453ef3ea3676fcf1645124dfcef92df32cd9b7b4b31a48e0ea2f21485d1b0c1bd9acd9826779864534cf1307a6b5017fb476a612bb2a9e9c39847b8c8134bd890e860d0c86dd37d4645584180b548b4d581b5d8720787657e9024ffcac788f3e23ecb99646d8", @typed={0x2c, 0x84, @binary="f360afeaf77326d7e45c74fe7178824681bc98773e4d562068ed0b15b49445a2c70c09e5736dce55"}]}]}, {0x1214, 0x1, [@typed={0x8, 0x8f, @str='\x00'}, @generic="58650c584683c7564f4c8480241f52145df353ff6270a804a19e4e66059af0a1d69820b92399bd8caa8362ee8250b4764fd50f705eb268b392f761175e17042b41b99d99de809043794b92e0f9a037d84f7bdd68eb69967083febcf7b2007260ad59b0dd04e351cc25ff1d941a62c0ee4642e1ed23ac116b184dae5262fad4068009992e84e074515f9d9e053162c838e6cf20ca907cb8f37062ca729751b65894d80763f83c620145092c9caa02226ad86faf604ad2d55be22544239798d0c29d02139736311bb2f7468ed9d8216c4a99876dbc61daca58890065d8b949fe3ceadf3615d3c0bc5cb360166a1fe6755599300b326eee234e", @typed={0x8, 0x8b, @uid=r7}, @generic="6e411a86853d14c3256bd584b0a07371ddf7d8eece14872050365d03bdd83f5e9b30267ee8c6e973239aa2875d397e0fb76b2c35777f2e964852b959b5afb549c12ef68fd80660c10c7d3de21937028cb8ceb2863a7e87eac5d1ba54b10f0739dd4e707082f47af596ed22a33f998957171fa7f3c31f6efcdc5f3c35a7bbc447ade69220d1a6ec40f17e1753a6d26e08c5a066b50c9fb3b3e9ac4af3dcc3f2149dda6b5c1b879706a601", @typed={0x8, 0x38, @str='\x00'}, @generic="7d5a77c502349ad9f83ee078baf2bf4a70b3434df45fd0c9f5525f66a019ac8e1372635a7fcf2f12210358e537c1666cb74a9149cae2c16c9d4857badaab1e481687fa3b7b6a2a15088235cec338", @typed={0x8, 0x17, @fd=r0}, @generic="113fc07decc271b3710eaca400235bd46affc6b271fc1ec1afdf493f95d7d6da7d7c9f51b3f589d82ee729254688f52bd9fa8a33e3feaeb5138f2f31978588d3274ff5e45ea644d3d38d2f9eb826ac0ae310798d7ee95a6dd65bf3ff750dd4ceef4709a2ad9e8e537acc26a2870ca7cc95f7c8d390cdaf4513cf2d09d2235eb212d4da6f40cac081c1919f39b267a9fd78b531ea089e1c7f1ccdf298baa5150f3a18b6cc659beaf7cd45a85ccd0fc5d2953ac89cea72296be3de50e2ec3cf312e6f9c48bedcf502794ac92fed6fa571b974d7039771e902a56cae299a2aa72bab07910c9c964f4ac928fd30e5d179f6ac293495a7e92e85c551ea1af4dada152f86bc54b162cb3cd2581c371f404f3ee14aac72e3a4e9d3c0cfa0e117dba6c5a1155dffcc845bcda1d623f60a9b5bd4c2f17acaa8421e3ac27fa76122e04ffcf6108f45f6cc64808ac7523badc05c6a359ac8d09a884111a57842ea30f961e85f8b12401aecf1fb8709334325e113dfa4dd80df216d13831dbd706a5b23f78d4010d76f669d91f689ec87fe25294525541eada3a304c47fe64dbc8a2c66a365b83b234b8d4cd6fd7d4cdddfad298f38580bc0d31c1fb890d9a0ddf32b4e52e6dc559593799c7d166a18b99152999228533b8a0b0cbde4d687b3a7f00079c9abdd0a4ed23ed60cbda1e328ed4ad3f84dd17cb01a7d06f661555d1c7c8716fbe93f17e9098d7d80aae5f89b87ba78b8d1a0cea2b10bcc97000c284528c6647635a8f2d565541acb1f8bcdb2a203281125292d2bb4bb412d606a40023acfdf20c7827da35f5c00b1b1f2892248c1bb13acd929a87eae11e39d2858f904e8c5ed0d8e31a2979cc1a38832803282ec66b6a8985be6496fecc90ce98bad2c90a35ebbb76ec29c0e8a0aa661804fd4c2ea76b52ce8b405af4188f32f7cefa1668db6779a437ce39e1751f1b8c937981c97274196cfd40b2a22f3b4632c7cd5207a667e3cc895fbacf504f03d9c1b0663e5bb1c4648e2cea04480ce436cf946c38884c35590d27e07b8c600ff91b743268b0991372028ef5c10ae0e7a811cb4979c24fbef6ce986643ba67345afd2e95d8364253cdba1b7b0a0144ed8cb06ca5b79a9e7314d07518df0df105ad55822887be62fba7ff67cd74d2d707c39e75cccba53bc2cca29c85b0a8bf6896780f81c49d5cce0b7035b487a968713ec9417239bc03323957e59e1794ec5e5349008553804de482aa4863c86a57447d3715a6e932c57bde64bb2cdbbba7ae31d81b7c7ec7811ad32397aee2cc4dd1618f162c512d77cc5ac3ebad213d203ba81a88d61c2f7fc126314077bdf38f779fba368917e7f86dca91ffef81c1e8acd966fa2b6445a0b4bbda7c768c07812adbdf6662a6b72fb2d2db8496c423b0abadb6b2e7008bdd8e1f3348582cc38bc4eac2bd3a9c9f0c1dc6a7ba63c331e1b4b5850b9ee16d48cf7b03ff5961cdc80242392fe27a07a308ad27f1b442dc68e67926c5953eda1fd12cb48141f72c756d3f2d5689c4227c33a09422552e40acf63a5173230c4f83528ecd4a6cf417bd143a5e4180f082304e4c9c090d8c9158c8faf644e8fec6d6101c6467a2678795afe2a5d667ccb6dadc12d9008a1079621320a7574827fc85584e99b06f3eb1c24caf5585196e8b3fa8f5081858b9feeb7563851b31dd8bfa0966e2adcccc5a10a6cb39691535ec0763dc4fab0c91f576b87ac8e9fdf482707d2c2f27fdbb12908067ac3005614f0117a1e59b6516366d9a2fd82c950a1109fe3e123579ae5356a879a7cc1ac2680481c5ee6c29cd4bde1758644386ac11b8781a07595c92ff77147c82d8124548511559dabecea9b1d1a1c3f3a06d3e2bcb0896da11f5fc4fc19fb60d92fe1d8b0f79de5394fdcd583c6f88b35fbf3a5e35ef352e8ae45f0e285407069aede65b0e7a2126348e275c4b181168f319b733d6fe086717140ed17fe478669bfc839c3aeae1927d47af598c430465ce5d262eb281db7aa6755ce88125b2967422ed62bf51fbeb1f6118fd1a58c4bed64ab6cb594b192abca001226f293fa5f854eee0be33614c80c461b9b963efccbebc9582d1890e24b37376e83af3ef906ed330bafe4ee2e75b03b963c1c2598228afcce26ad43b38937d316308ce2946047dc281de63c129c057b7cf8efec3027ee949422a2ab305652a1d5dc37ed28fee5b6ea47f83091af6db1e7bab507b77ae3c58e5fd0cefd6504bd62bdbac812a5646256ede9de31b70d619adfa6e5568f49389fb192ead27abc0c0581c273146eefb5e467bfc96ef924e1540c3ddda12a47c5b2e2b897e2080965bef5e8e52404b6d215b3b8325fa1c59f177b8f80b3dfcdad6a36d669f62d3747325c6cc705bee9380a3615216fdcfd5b608dfbc7726b9817271b54d1e45571378d51154b6063ec7cce719a6e72337493259ea6920848df71bc5f0db98c8efe84bf7699b09c6338a736f5ee4620eafc4edd9fc5b9b47d895cfb5124ce8925699b47baf7018df9b963a0c8b60dd54904d7c1cd96c544578e209bd8b45466ff68db1c77659372d17b3d651a5067a5f12f72093153d46bc8ce2ddde22abb23117b2edaffc12fcab7c0f8b59fd9ef28a3b678243c50a85adc060582e6d1db019951f29705573162283b7fc8e7cde1d1a51780c9f70748b75cd9a0d17bf9603f04b254d8c554060b225eac5ac4485633def29472c912281f3ae8a99ec63d25d37f019a9b2176e069d3c1a66e51c4cb9335fa1ccb0944f80cf1a29f1b6929780a1e12ee4de5de6c212149fdd80ebd67452d47f70c4ee23bca91ff6fba3e5220efe38461bb23e62d0bc80119456afd16e150f9e41d73a6d01d8235ab925f13a5e09840bad6effaff1106ac6f88e060e3707f46e97cfd3732eef2952629457a48a9af5926feb4618114d9a66c2c7f1ec91c63357476a2b6625f6e9ad36a8dab32b2ed388e05a8705ceb48fbc9ddb2d04930e34d015ae715595255a49f2f62d39d786086cca8a12ef508a2a82e236922f4771704cefb86f1975940bcdfa26b830e382446ed5cf1d43037ad03c3f8c9bc8b0facb6aa0f8ddd0b80fef7dd0c2b9335bb488c55522d9124dd73ad3f8788a47eece0d09c6a3206cd7fa31c5157f14c97365f420fae9d7c5966ecb796f6db2298613eff76fa8bb38f9678e6fce080969f7f4e82f6ece5241640817405136260a1c2a5829bed3ab49a0cc9757b402bc4e34428983c308a4abc9f06ba3fd1b7708382ede3a148c2a76d6ab91dc37aedc25548f1b6c44a9238a796db6f5397b3b3fc8c2e427ec5a55679d9f45b52bb3a389b581ae7e4eb006352c59815d1c958c3dc2daf3c062ddb6234da64a5f71b0271697e9a8e94cc41f8a3431bc94567d560b8d68d38489a4f66735c86c34406d7bd89e3dff22136611a7468d48e11e9f2d3390f57a6401eb0d63ff905cad1b62384ef9c8acb9199c0bda7b351f7bd7cd61abbe971b0a081b2d5ec00d38920266963b6183ee367a1c17378e5ab22d54915d31e3c5de01bf6b5d633a6408d9902e04b619d2383c84c4e81ceb1f51541b128e6da6e61e305cfff0d4341392b12db50984410c4401dbd542b1e7dce6fd3cd04e768294e356345858247be3195c5a90b2f8a91a5cc3187273ed89ea4b6e5d22855078280e8b3133cce0349964b1991f9e493d0009ffda2abd25241eb0d90cdb85119ec51ff056891e080d50b43b830ecfeb4647e5a02f618ca833b76c42ee78be5f1d8b583fb81f384e795e831e29ae22e1a582fa4370d0bc08b5cf2f2ffb325a0d9ed194468d3ecc379d303a7e89f9535861637e5abf89f0dc188f4cfa884866cb5c2d99c1688bf1a000d67e127104063932c603e6951b0b7ee9ea8f1bc89495ddacd2cfdeeee9358dcb9a28ac530dc241b42833b4d1dcae61dd0ba048652cf7b5b0e53cd8356294a12cda9d2117d546ea222fab735235123eab6ee78a2ab8fdf7534f160aa4fc4219ac18a2fb7d519ac2dc76b4dd400b1dee92465c89ca0cb9390b9811cc6bd4aa6d54185a1a77678c7c4561577d5a847430e84cdab6e8c029ba749629c8d385745df2bb7564dbc82ab9532849e3f8fa34e7f878f4b256fa1607192581fa2c59d76353c594a3f1ca9d12ef39f79de8dbaab2bb3054bd9a64edeaa489aae69ec6375aa7fa855ae29fbb0f8e4d50e3f79473f9911e8d5713163615325424e03876ac3d8263eebeaab05efdb40417e586871526d1bc6bd48fc71094a1054b8d8a8b834047561ed089436c341aacf4e24400917b1a137b464c804052372e8d359fdf40aef13ab8bbaa9d7bf17d5c9e5675403c10d64b5575ef798004813e39b48e8094d24be400e9f1c0f35e7a42859127bc33d0745e45f68dda827d87ba7874499e6e58539b20edb7cec2d30b44d5969154f1958da66c762d05d533626391b47d4b58a9437afd086bf2446bc7b897059d15365b3ad8b9b2352a3fac4d377f7d3b501eafcb11d54e4209f3bf2176e89a6ca047604d9f34f1c6761b153afdc429d1b5bcde4c1fe2eddc38ad2bebae8984115bec5b7858d4913567b05ad4ae3da76c159c8049465a1065e2017d5c18f55342c51ee0f5efa6dd3669107c890d44cf05bed58f8455da9482b2a9b5179c49bc5d4793391076851a02e3510b06aff2822110382eab549205409fd9a2b6b6894dbe90bb593e3e3441041168d81f171d06e166e13ce6555dc779f6b2b2cb8525ced09afe7dbddbffc97d869ea0304a20747a5d49ff6a9c0a99034f1c36a5bb6e4950f7ff4c64f4e3861aaf8372b8481c0af825f51d702bc8834b73f0f7620ed7e4e98f8904182a0528c069ea98baddc33c01df2ee274dcd33603cfec1b230215bf89593fb1f6289a9f5afc42ff583342546f170d9b78a7b9ab5953f26076927b1ead45e5a52a26d6cbad05f322c114765c0a86b9de17eebcaf5a602104831e9136a2a0fc94f93ef8b00b7cea1aa3de1222ad192872a68a9397a7d47bffb581ab2cabaf7191bfd81275f8709d4d3fc183e88294a23b3396d068b9bef2df595692e916950aca4d39aba51b77b50bf7da97c1c36bce3ebc2cfcdff1620f1ddd36fca48ef78db2f95129ed8f8a8a54b81612af5a53da45d4dcab880deabab94c252d64750bd96313e6e3571a44a2536533f00d2891a5f1861caf8e2495a001cf569f914b3536cb69c5a0b7fccc7871369cc266647e62d4e81913f7e8b3c865da406febf835b0a241b9d36011864d74d59b765e5df7b1924c1615526e1dcf4e432dc9d3a861ad9b42e51de6b12e8655c40847f86905ef2920282f41bdf271badb581a137140e2f3b6d1a1f2da990c6f3b029bcc87c150c8a6ce8c3abaff3c0c908c797fc2f47a7612da7b590dc3eab6fd79aa7ce1688ebdb1a1c6eeaea69b88fbc84695436ff01b93072806d06a18c78e96feffffb2165310a74a11881cf51124ec2dd986e24cc42d620a334802df982b2105016364861207d4e5aca0383fa1f002d370f7ee8ceabb59f7ae6b5ef5c1683fa74e75ad3a85b8a5eb23f6f3e6580aef80af9ee4eae32fbb5eb4a08d6dbf19ed5d80f82c721c20c78d1aaeaf7e43f75b6b920063fb1fafe8e2917d8654f9affab4e94841351b3e4c53d7b02dbdf32f44e4c7555d441586309d3001f19087976038c2f99d7e1dc60a69695aa125e9639cec3088f30a07542550efaba78a2c989f941bf39f2356d08a07a4c1c7b52f7250c22425c67247f0416de737fdfe9440d3e0e996d090f31dcb86d5ad00246149789857c2c70db9e4876c73f4a1c85c"]}]}, @IFLA_IFALIAS={0x14, 0x14, 'syz_tun\x00'}, @IFLA_IFALIASn={0x4}, @IFLA_EVENT={0x8, 0x2c, 0x6a}, @IFLA_AF_SPEC={0x2c, 0x1a, [{0x4}, {0x4, 0x1e}, {0x4, 0x1c}, {0x4, 0x1e}, {0x4}, {0x4, 0xf}, {0x4}, {0x4, 0x1c}, {0x4, 0xa}, {0x4, 0x2}]}, @IFLA_PORT_SELF={0x234, 0x19, [@typed={0x8, 0x93, @fd=r0}, @nested={0x220, 0x37, [@typed={0x98, 0x1d, @binary="ec7886de6b6e4ab41ca43803375a090ac6e6daa8d0fc5a70ef7b383fa01edc5f29f522a5480122a36d1b5381222620520d58fb4eca3236bfc1c5a2f35fde36f183f72f69e8e366c16535d2135b86260251afeac7f321681d39a3730d656c078a8d51a4426410a3eb192b0e3b8acbe9af201cd759bf5e0694db04064b42c20aa6884a436bd2d83bb238033356e869907102"}, @typed={0x8, 0x88, @pid=r8}, @generic="aa42921c7361aa9e81ec5462f0c4eede1e431355ca7fc7256ab6d1ce6d2566cdca1a0874f27bfe0ec35330193f92a7e7b108f884b7c58146a9092ec5f5b4bdc8a993921b8526cce516fa2871fad287300975d32390bd23cb607a372567314f091a5fe251f647d66cfb17f450ff99e63f54f75454e3daf43a2d7a02b473c56429f308dc4e71f9a8dfc62bd4d730a75deeed45996102ac8b11a6cff0f143df7d8690eb5f4e33610d4c3cb7eaaf694c89af70806f15b4160ab6f1b802b4aa0a76db03f99abff76cbc6021f1d3cf86bf81b1637b9b47e8016bcfb0", @generic="60ede0effb3696cd958ee2a2fbcca026c96131dc41a40dda291db98456c1f9f567b94553320374d1f092f54449d27935b553c08ee14f0359d1a3d3fb61a5121bd437b4304c057a10545fc09b05534ca15f614332549fc7089854c477a71b16f826f9772e5324fd9a4d1362f36bfa242b12fdbe0d802cfa858a210cecb3", @generic="b80a6490895f03475a28ae5ada3b6de67a597f1003cc67a7538a61adbaadc9c846458400"]}, @typed={0x8, 0x2a, @u32=0x7fffffff}]}, @IFLA_IFALIASn={0x4}, @IFLA_PHYS_PORT_ID={0x20, 0x22, "09840f534eb966c139f4e04460e1df2dc2eae95d14e9f0a920e0020e"}, @IFLA_LINK={0x8, 0x5, 0x2}]}, 0x4f98}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000)
r9 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r9)

[ 2403.103467]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2403.108410]  ? kasan_check_read+0x11/0x20
[ 2403.112574]  ? rcu_softirq_qs+0x20/0x20
[ 2403.116574]  ? zap_class+0x640/0x640
[ 2403.120301]  ? zap_class+0x640/0x640
[ 2403.124051]  ? find_held_lock+0x36/0x1c0
[ 2403.128138]  ? handle_mm_fault+0x42a/0xc70
[ 2403.132392]  ? lock_downgrade+0x900/0x900
[ 2403.136557]  ? check_preemption_disabled+0x48/0x280
[ 2403.141595]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2403.146538]  ? kasan_check_read+0x11/0x20
[ 2403.150709]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2403.155996]  ? rcu_softirq_qs+0x20/0x20
[ 2403.159986]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2403.165111]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2403.170665]  ? check_preemption_disabled+0x48/0x280
[ 2403.175704]  handle_mm_fault+0x54f/0xc70
[ 2403.179783]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2403.184393]  ? find_vma+0x34/0x190
[ 2403.187958]  __do_page_fault+0x5e8/0xe60
[ 2403.192038]  ? trace_hardirqs_off+0xb8/0x310
[ 2403.196471]  do_page_fault+0xf2/0x7e0
[ 2403.200294]  ? vmalloc_sync_all+0x30/0x30
[ 2403.204474]  ? error_entry+0x70/0xd0
[ 2403.208204]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2403.213241]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2403.218185]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2403.223127]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2403.227983]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2403.233304]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2403.238777]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2403.243810]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2403.248845]  ? page_fault+0x8/0x30
[ 2403.252411]  ? trace_hardirqs_off_thunk+0x1a/0x1c
08:16:21 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000100)={<r2=>0x0, <r3=>0x0})
pselect6(0x40, &(0x7f0000000040)={0x7, 0x9, 0xffffffffffff0e6e, 0x4, 0x1, 0x3e6, 0x0, 0x5866}, &(0x7f0000000080)={0x81, 0x6, 0x1, 0x7fffffff, 0x10001, 0x100000000, 0x9, 0xbf}, &(0x7f00000000c0)={0xffffffffffff8000, 0x5, 0x44, 0x5, 0x40, 0x9, 0x3, 0x101}, &(0x7f0000000140)={r2, r3+30000000}, &(0x7f00000001c0)={&(0x7f0000000180), 0x8})
close(r1)

[ 2403.257269]  ? page_fault+0x8/0x30
[ 2403.260827]  page_fault+0x1e/0x30
[ 2403.264301] RIP: 0033:0x4510a0
[ 2403.267520] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2403.286431] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2403.291806] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2403.294855] IPVS: ftp: loaded support on port[0] = 21
[ 2403.299085] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2403.299096] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2403.299105] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2403.299116] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2403.308477] CPU: 0 PID: 22618 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2403.318291] *** Guest State ***
[ 2403.318949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2403.333481] Call Trace:
[ 2403.333506]  dump_stack+0x244/0x39d
[ 2403.333527]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2403.333555]  handle_userfault.cold.32+0x47/0x62
[ 2403.333582]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2403.333611]  ? mark_held_locks+0x130/0x130
[ 2403.333631]  ? find_held_lock+0x36/0x1c0
[ 2403.344276]  ? userfaultfd_ctx_put+0x830/0x830
[ 2403.359820]  ? kasan_check_read+0x11/0x20
[ 2403.359839]  ? print_usage_bug+0xc0/0xc0
[ 2403.359858]  ? do_raw_spin_trylock+0x270/0x270
[ 2403.368255] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 2403.370201]  ? print_usage_bug+0xc0/0xc0
[ 2403.370221]  ? print_usage_bug+0xc0/0xc0
[ 2403.370242]  ? zap_class+0x640/0x640
[ 2403.379057]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2403.379074]  ? futex_wake+0x304/0x760
[ 2403.383324] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 2403.387712]  ? find_held_lock+0x36/0x1c0
[ 2403.387739]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2403.395943]  ? lock_downgrade+0x900/0x900
[ 2403.409360]  ? kasan_check_read+0x11/0x20
[ 2403.409377]  ? do_raw_spin_unlock+0xa7/0x330
[ 2403.409392]  ? do_raw_spin_trylock+0x270/0x270
[ 2403.409415]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2403.441179] CR3 = 0x0000000000000000
[ 2403.443024]  __handle_mm_fault+0x4bbd/0x5be0
[ 2403.443051]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2403.443071]  ? zap_class+0x640/0x640
[ 2403.443086]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2403.443102]  ? kasan_check_read+0x11/0x20
[ 2403.443119]  ? rcu_softirq_qs+0x20/0x20
[ 2403.443143]  ? zap_class+0x640/0x640
08:16:21 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x2, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2403.452668] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[ 2403.456005]  ? zap_class+0x640/0x640
[ 2403.456029]  ? find_held_lock+0x36/0x1c0
[ 2403.456055]  ? handle_mm_fault+0x42a/0xc70
[ 2403.456074]  ? lock_downgrade+0x900/0x900
[ 2403.480126] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 2403.483716]  ? check_preemption_disabled+0x48/0x280
[ 2403.483738]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2403.483755]  ? kasan_check_read+0x11/0x20
[ 2403.483770]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2403.483785]  ? rcu_softirq_qs+0x20/0x20
[ 2403.483802]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2403.483821]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2403.483841]  ? check_preemption_disabled+0x48/0x280
[ 2403.492499]  handle_mm_fault+0x54f/0xc70
[ 2403.492521]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2403.492542]  ? find_vma+0x34/0x190
[ 2403.492564]  __do_page_fault+0x5e8/0xe60
[ 2403.492592]  ? trace_hardirqs_off+0xb8/0x310
[ 2403.492623]  do_page_fault+0xf2/0x7e0
[ 2403.492639]  ? vmalloc_sync_all+0x30/0x30
[ 2403.492655]  ? error_entry+0x70/0xd0
08:16:21 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:16:21 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5c, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2403.492675]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2403.501476] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[ 2403.504500]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2403.504518]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2403.504534]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2403.504552]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2403.504569]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2403.504586]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2403.504610]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2403.514293]  ? page_fault+0x8/0x30
[ 2403.514314]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2403.514332]  ? page_fault+0x8/0x30
[ 2403.514363]  page_fault+0x1e/0x30
[ 2403.522643] RIP: 0033:0x4510a0
[ 2403.522661] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2403.522670] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2403.522683] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
08:16:21 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x7400)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:21 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5c000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2403.522693] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2403.522703] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2403.522713] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2403.522722] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2403.621935] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2403.762979] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2403.770985] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2403.782459] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2403.791731] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2403.800516] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
08:16:21 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x4800, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2403.814362] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2403.822730] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2403.830870] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 2403.839401] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 2403.847960] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 2403.874965] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 2403.896265] Interruptibility = 00000000  ActivityState = 00000000
[ 2403.925528] *** Host State ***
[ 2403.939797] RIP = 0xffffffff812047de  RSP = 0xffff88818361f390
[ 2403.957046] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 2403.965790] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2403.970478] CPU: 1 PID: 22655 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2403.977848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2403.977862] Call Trace:
[ 2403.977891]  dump_stack+0x244/0x39d
[ 2403.977917]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2403.977951]  handle_userfault.cold.32+0x47/0x62
[ 2403.977985]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2403.978009]  ? mark_held_locks+0x130/0x130
[ 2403.989960]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2403.989976]  ? futex_wait_setup+0x266/0x3e0
[ 2403.990007]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2403.990025]  ? userfaultfd_ctx_put+0x830/0x830
[ 2403.998828]  ? futex_wait+0x5a1/0xa50
[ 2403.998858]  ? print_usage_bug+0xc0/0xc0
[ 2403.998882]  ? print_usage_bug+0xc0/0xc0
[ 2404.008119]  ? print_usage_bug+0xc0/0xc0
[ 2404.008138]  ? zap_class+0x640/0x640
[ 2404.008156]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2404.008173]  ? futex_wake+0x304/0x760
[ 2404.017424]  ? find_held_lock+0x36/0x1c0
[ 2404.017453]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2404.017472]  ? lock_downgrade+0x900/0x900
[ 2404.026983]  ? kasan_check_read+0x11/0x20
[ 2404.026999]  ? do_raw_spin_unlock+0xa7/0x330
[ 2404.027014]  ? do_raw_spin_trylock+0x270/0x270
[ 2404.027035]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2404.035415]  __handle_mm_fault+0x4bbd/0x5be0
[ 2404.035441]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2404.035461]  ? zap_class+0x640/0x640
[ 2404.035479]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2404.043585]  ? kasan_check_read+0x11/0x20
[ 2404.043604]  ? rcu_softirq_qs+0x20/0x20
[ 2404.043631]  ? zap_class+0x640/0x640
[ 2404.043650]  ? zap_class+0x640/0x640
[ 2404.051424]  ? find_held_lock+0x36/0x1c0
[ 2404.051450]  ? handle_mm_fault+0x42a/0xc70
[ 2404.051472]  ? lock_downgrade+0x900/0x900
[ 2404.060380]  ? check_preemption_disabled+0x48/0x280
[ 2404.060401]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2404.060416]  ? kasan_check_read+0x11/0x20
[ 2404.060435]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2404.157044]  ? rcu_softirq_qs+0x20/0x20
[ 2404.161030]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2404.166144]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2404.171689]  ? check_preemption_disabled+0x48/0x280
[ 2404.176717]  handle_mm_fault+0x54f/0xc70
[ 2404.180799]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2404.185401]  ? find_vma+0x34/0x190
[ 2404.188955]  __do_page_fault+0x5e8/0xe60
[ 2404.193021]  ? trace_hardirqs_off+0xb8/0x310
[ 2404.197442]  do_page_fault+0xf2/0x7e0
[ 2404.201257]  ? vmalloc_sync_all+0x30/0x30
[ 2404.205411]  ? error_entry+0x70/0xd0
[ 2404.209131]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2404.214155]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2404.219089]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2404.224026]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2404.228892]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2404.233918]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2404.239385]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2404.244414]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2404.249435]  ? page_fault+0x8/0x30
[ 2404.252982]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2404.257830]  ? page_fault+0x8/0x30
[ 2404.261382]  page_fault+0x1e/0x30
[ 2404.264837] RIP: 0033:0x4510a0
[ 2404.268039] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2404.286945] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2404.292308] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2404.299585] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2404.306866] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2404.314154] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2404.321428] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2404.330803] FSBase=00007f59dbda6700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000
[ 2404.335761] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2404.339164] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 2404.347331] CPU: 1 PID: 22657 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2404.349500] CR0=0000000080050033 CR3=00000001c5db3000 CR4=00000000001426e0
[ 2404.356518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2404.356524] Call Trace:
[ 2404.356548]  dump_stack+0x244/0x39d
[ 2404.356570]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2404.356599]  handle_userfault.cold.32+0x47/0x62
[ 2404.356632]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2404.363796] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360
[ 2404.372998]  ? mark_held_locks+0x130/0x130
[ 2404.373021]  ? find_held_lock+0x36/0x1c0
[ 2404.373051]  ? userfaultfd_ctx_put+0x830/0x830
[ 2404.373074]  ? kasan_check_read+0x11/0x20
[ 2404.373092]  ? print_usage_bug+0xc0/0xc0
[ 2404.375782] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 2404.379285]  ? do_raw_spin_trylock+0x270/0x270
[ 2404.379303]  ? print_usage_bug+0xc0/0xc0
[ 2404.379323]  ? print_usage_bug+0xc0/0xc0
[ 2404.379349]  ? zap_class+0x640/0x640
[ 2404.379369]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2404.379385]  ? futex_wake+0x304/0x760
[ 2404.384703] *** Control State ***
[ 2404.389252]  ? find_held_lock+0x36/0x1c0
[ 2404.389285]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2404.389304]  ? lock_downgrade+0x900/0x900
[ 2404.394021] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2
[ 2404.400544]  ? kasan_check_read+0x11/0x20
[ 2404.400560]  ? do_raw_spin_unlock+0xa7/0x330
[ 2404.400575]  ? do_raw_spin_trylock+0x270/0x270
[ 2404.400599]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2404.404957] EntryControls=0000d1ff ExitControls=002fefff
[ 2404.408893]  __handle_mm_fault+0x4bbd/0x5be0
[ 2404.408920]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2404.408941]  ? zap_class+0x640/0x640
[ 2404.413653] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 2404.417646]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2404.417662]  ? kasan_check_read+0x11/0x20
[ 2404.417680]  ? rcu_softirq_qs+0x20/0x20
[ 2404.417707]  ? zap_class+0x640/0x640
[ 2404.421859] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[ 2404.427821]  ? zap_class+0x640/0x640
[ 2404.427844]  ? find_held_lock+0x36/0x1c0
[ 2404.427874]  ? handle_mm_fault+0x42a/0xc70
[ 2404.432575] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[ 2404.436489]  ? lock_downgrade+0x900/0x900
[ 2404.436509]  ? check_preemption_disabled+0x48/0x280
[ 2404.436527]  ? rcu_read_unlock_special+0x1c0/0x1c0
08:16:22 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='map_files\x00')
getdents(r0, &(0x7f00000000c0)=""/47, 0x2f)
socket(0x10, 0x803, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1ffffd, 0x20)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_pwait(r1, &(0x7f00000038c0)=[{}, {}, {}, {}, {}, {}], 0x6, 0x3, 0x0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
fstatfs(r1, &(0x7f0000003c40)=""/210)
sched_getaffinity(0x0, 0x8, &(0x7f0000000140))
setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000500)={0x1, 'ip0\x00', 0x2}, 0x18)
ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000280)=0xfffffffffffffffb)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0)
unshare(0x40000000)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000300)={0x904c48a8e9bc8f45})
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000003800))
sendto(r4, &(0x7f0000000000)="120000001200e7ef007b0000f4afd703", 0x10, 0x0, 0x0, 0x0)
fsetxattr$security_evm(r1, &(0x7f0000000180)='security.evm\x00', &(0x7f0000003a40)=ANY=[@ANYBLOB="02981e54bf917bd3c2d77539f93a0f775cbbd703f73e1580888d7f3be8c85bf1f3000000487cdd654d7084e8e7aa6d6be8df2e633cfaf5017b6399908f3d40e6f85c2ea487fd63b32204e0763e971c1f2bab71cf0876d68cb267d1c1b45ed436b3528dd7ae4fd8a7030000000000000000000000000000000000000047cb6a9c8d927eb0d4f6549853b2e90755501797f602003f73bea913d5c9adfae742a1a020764c851271d969aa2bb3c4288f9e41545e78815392749e20757e334ce526fa4b8d7317f13f3287855e2514e15a9e81"], 0x1, 0x1)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000003880)='/dev/ppp\x00', 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000237fee)='/dev/input/event#\x00', 0x0, 0x0)
syncfs(r6)
setsockopt$inet_mreq(r3, 0x0, 0x0, 0x0, 0x0)
getdents(r0, &(0x7f0000000040), 0x88)

08:16:22 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x700, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:22 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040)={'syz0', "9cfcf0857fc0fa615aa6279e31f60926d6e96f370d18700284ac3fa8fa10518f64f20b090332f856cfeb523ad2792f0a74140ecbb9e008830d269e8ec46c12a3c2a4f9da2841e6cda77852c49322189dd2beaee8ed32999b551cce5a11b04cdf49b1b1020e0a2f99ce41aad07e2d2d1c1961b4180ebc8ef6f83b9598895c1bee3335dea60b2c9e559bb51fefa3a5abddf8cac7de15426313002b1f6eafff22d8568390f05af69f103f381c96e2b467f23e0e7c23f267cb1819051417e19fdf822ea60d8e6c4f7af6ec3611ecf2364175dba5b7b9536b1a11ba2f2133eb23edc19dd734884eac092c86bd536b5d4c693d4f147ce9f214d9afe7c9404017e3ed02d21c805b071b03dfb94e14e2967f5b710fa97c1c80044a1b6e4659de3956ae148b6772cf3a547399b0de867a16e18aab0e74f6d771aa8583b77da6ff039bc0748f759d40df4bba6ac1754b220d604b46eab3919e4f64cfa7df4b81d7d3e770d10493f7a3c932937a7a82dfb8446fc436d0f3d292051c03aef1f11fd200f0bb02d7edc5413cb7d579670cfd4d3767b996f40581d11cde2b36e134756ad7991a7b9e9b1f9975040b6e3b8b4cdd77afcb4ef86d324ded93b7947d58cc9b5ab2431836d6ac24fed25550bcf98cbb88c65d3a5ddb167a35552ecff4e905e81110ad5bd93f1fb2346500778077daa3f5d5988157579b5c93d0089f4e50ffe109ee599a77cef9098bee735b6d3db1eab8e0cc41dd5d14fde56b12f5a7d3c8146eb89a724879f98f65eeeb7fdbfb1f61f7c33e56fc0d3b0e84081b96e7c8ee3184f1ed6cd2589f0118cccdd71cdd7f91c60cf6ada0c57f1ef7aba21613a9e79f6b81b1e742db39105e49c6294d07e9b2cddd0e47ba74ca05bc3a341727b92ad9c895fe2829dbfcd5c4fe73d399432cf14c2ffa3016e5b97e21453ae2a0059ac1b94a0b7b3beedfaa1303acd2ae33f8098cef36ec394d840ccb0f9f608b09e65e8dc48f15ffaa7040571c2c86d627284bc987ce5d79ebefbbe18cc84d8c52911617a4b491703b8221a6d4abc98514d9a88ebceda625a11e35f4977901a2a0e689a218adef05e848f65232e048d86be7e19670e098a8f4f1eb7157068c618154938a9862fae7ebec814d5f61ff2bb9bfba4bb02e761800324dfa7f00a5aefd2f0a85e585dc2d30968abb8e34a2543a344b7eee2f3c804f419215f27bb4a15d1d9674b30fc9ca2020863afa8a5c65278c7e1ec7f3c091bff7b914a8653470a7e622087cf199ae2d43055a30d3e4f6ad3440bb53400d9d1fb36e804a812b513f43308d0ca389a6b32699c9dcaffc58eb28a8210590f52fcc8c2f0fe3aa8b1e2f0bccf0fdc13b8030f14e3f5f891ae26ac22ace51fb5f08d13c755c5bcb1e78f5fa283b8589a54a3f2c2c72b6062f59899fc97ed13ba996f20d9e00d10a8cfdfa7fb041a8378b42453a943a0005b48cef7d5d386e66a65c373535890ac75ea0a5064294da89166f5518efbdc6a7c385ee3ddd59e7d3bfd6fe6522d77b2f56e930a2d0cbf80b08b638b366b3fbf6811d89a024e01e67dd34c98d295ac42e83f3531c3d39d888a70a7959cd80884ee8f15347d67741f5ec27de1e06f24df032302d3cfb37b9393c398b4e5ca8ff2741308f09dee647d2eea7ea3cc80d75c6baade4dfb932a8bf13653d21cc3a4d229e08d0d10a3d83ba434f25d21e446cf2c3a6408a942ad2ecd2d169ddea78d50cf89208e2d8aaff457caf4b36ad887477b1d30d448ac0cc7a243b05a70174d02f6461a4e7475836b59f8b04be4e71ad99a635f44a5913894d7697769d21a1ada4b9c0f6040ca0789570d9c75106a3da6090be724e0a22c8836651cd778d52b6919d86c9f0cfc9623703025e10f97c86133416170455810e7843fb58200bf68245b56ac2d8308db89e31aad56da8fd2cfc99210312433d8d0d6cc57cbfe05c3b0c06eeda35b2ae1a71319bfc65ca248715af6a46e7d26fd93cdcd713606b66534c1becf0e787ab6630523d6cd849dca9a5d63e5f998ec36c24001f3d74f75642171af5e1305ea761e44062a7cf36bfb502c3fb256746be4c4d846470ac0d18cfc958eb32bea95b1e937d91c823f193de097c9f792beb559b98f4a9f25090dd5b586d5e084effde01da1744ee74274bf5fb80a4a5d57453fbc05c53b29d882a20a9f1915e9c6c5ea37e7d4324a5ac044b38c2e9cbc3f50a61b315a1ca1591652df443fb809d1c5c1d288c388d43d4e81ed4099380f22c54530882422f8b83b082b56dbdb6e08226bcb70f3509f721dd010f43b0ea731ad9c544e176e469a8a803e189899f614bb2a3346aa3fab249ea2399adabf51cc98c3730e187b4eb2390cc4b9a9da82341b9429912db3c3637e796a9364c8ec1b280b66fe68af0d28c44d32bc35fdf837aad2b4958c9ac67cebb84c50a6e111f6a373008eeb9bb7450bf0d9ef31643fcde87b338746383769e5a0802f985282df663955acd08df25ccf1bb1f390ba9571132288a3fdee5bb5e05a41606523ec180a89d14405565bbae756d94035175b012f70d3f0f8126d0e2f41de44f311cf2c73f4b764fe6200f1d811144cbcbcba46df44fdd6260d7789d05dddec751400b5de9d6426392e08eb7a4188336ae7ac84a630af39386007dfc314928eb61080ff40b74334f85d32b98ce81bbcf39b4f613926f351da8c7ea0c8209949ffcd7a98413350a85371a8705ff7bc120769cc5e62cc33b334098ad68a9a30061b1a2fda44f3286956bfc482cba2c4b14f824bf4e6b1fe719bbf899d0b8416c4cc67223c007ba970ed5898cc30ac88bb4e5a4c4ce84a862a4ea1f8699d7d4bc093afd156bb7c4900f87c4efdcf2a724eee96db0d95c93e89839e128027596925d98a5381b7e5628a97d52dc12a01dbf0be7839c68e28cde77e7259b7a6477318f29b8bb6e5e4492a37f2e33e9b2be75cf82f0c54de5d3c807180912a3fb8b8de444f6b6fa098c448655b16856f95e4a3dcf9f40e95ec3ee86520608daad9f9927db83ee1b45236647452488a81ddb3bba49fe756e988af176732a7f2fe40744a49bfca900744685d7e8bd595039764c90209af406a23cc243137bef7023d38554a168c91a3a34467d62cb1c5eea5f10be17922524610641bc9e621e252ec970fcfe6b3f9913af005dfd25a041d39acbf6ec28bdd5643c253b0887d276e7a47537aa026e5106b589e958d6421666236f5ab15d3ecfae51d66c4cbdfbd6729cdd707daa20308fcb7a72890c6d6dd5a059f13c1c1fe546c7aff155e421989766282e1d07eed498eb7b98335c755b87036b47d32696432196b9f527f6cd8df2b4b7fbf7afe628e340a0d1e73ed5035e1ac5998d9b08e92293cc226c110f6efb10649d7b911fe887730343eb0db57d4841a3ea9d8b95e6298433e86d16077dc6012b6cd63bc5b4ba0edad7978348004029d30f70406a9d5051a9e5af605b5e2d183e9dd02bf8dddce4a05523a2329388a70934cf69b32c252dc8cc7edfc74da7124a72c7278731989456c68fc9fbeda7e998a9b1f47ed10849cda925e831234a673ac8ce95add10a6fc25d56908dd1f2a8c4ecd36fe89a1441e8ca81063eecba668420fcae028e0135e6426895eab503beb0d6953cf98b5077e4366b22dc26af42ed206360dd27a0ded6847be2a72b61221b0ed3e1d5727cfa8f66b7b9f54d30440ca545e8924d07b1a640b916d2bf3516a2a168a78843bccbd8d9b210414b9af0785e3fc5b686404a3c49754923b08bba1c4c2018f9027565ebeb68878819f479d1cca259faf42bbb28b317a0ffb93b3cd1ad5d9c89ab878215f3e1a926438cce0d1706263a732a94d8ff9717b755bd78550e3c111457a1cb6bf35b2b7cdf3222cee5b7bd84f8508c740df10688e528e2cd94713c961fbb890ac9f10ef9e0f4eb8d34a65af5f3188d20b6667e386b9a97f75a62c29b4f0dcdb2d5d84500b1a577fd65559c8923cf5abe4b959e64294ccb259cb322d3639543f184a587bb197f73baae42d4d50c3b51d4e25b0c63afc07a38d94921354264c51adf0c4d598fd0d659c5104132db2806e4e83dfad05b709f9ebd0284b8409ede1ef3feb5ec455b12871f4c88d8180f363e61e51f7d16ecf4e2b57a5faafd4ef03c922d97e2ba16b4e939530eec92edf0fd1e47dee30f1c5fc0a4f3389c1b8ae4b14fa9e42df16df337c85d43c56ceb2854fd32b7ad845e51679ab30e105c06f6b74510a785b2652116d09f5cf99bcaa50f570110a9c421d50c6c714da4ae7d8374e124f8834ee6544fa3cf37f1502d9661a24d390f3a09c7fbfd7411f84645c173cf16c2dd6684d935c8855aa07834ad22d6780bd88958afabcccf08c9ae5097273c2b5deb0b3c973decc33a536bf7eb0a814ea0746202181d6ba3c0a6de5609fafaca8c30ae17fa43066ff6f240b12622706f991f4b3794c22d34f9dc471c11d066ee7ce78ac2f5c09b6c0412ba7685208789e96bf0030ce81d5c4514288ff46ca983c2452d59da15461558864adb2474b774d5c243dc32c2bc1a2981698d7d56b4d83c2b13542904068d8586a3cd31256b657ba4630810949f70e6878137c302060d73024774d7afa7606a9551a7433f2d8e3457116c816e37e9995e6f00b69077de892a9e3ef2a2aec56c41cf69a6368c8123b2bf8bb801ac4058e278d34389424b737d9b0816df0124af8423db1ec00be7cd179bdfd9e772d999b241449fa07e02f5eb0bab2795638a5401193ac5a51843b34214ee092baf285a590ef502b5fb8f4881694e904cc4c699b4be6b77bf617903f8ca460f55a5c90b46ff0d64fcfab6704bc4c335fa18c9be1caca2db5c660452a53356e79173be3f67a7fd670ac50e4402ea64bdbb2af132524f7964d6c7b6e77205a891b45e674a9aeb10f5048004ce64931a36f7d3fe4d04aa70716594afa8989cb3f3e6078b45c52582eb25242052c000758f30e02848ff96b77525e8268a8aee3c578c2a060b67e341e3d56dc471ee6ec556bbc246d52c4c5ffed4d855c29946feff9795e76187ccb41bf6df71af151fb2c2805ff005c4cda12740bbf9f9f7dbed70b19210350c8b199263d1b26c807dbcf6aa87ced3357de753f7a18facba0ce1b79307b12e027e9cafa7c911c70229683dadfae619aa87a556a402359f828a30498ec1d5bfdff980df47d623576a7ca37bd8da0069847aad303b74058ff9a3746f01ca20926d6d43ca1787c3ef5ee1cb94d455ae11ab5f9308e8586682a6050281295eeb9811a859735ea154e6968900eb9823555a8a4c113266731a24199c28dd632cccdb9521bb41d8541096335a91738f530c9dff3baaa272ae0e8c43c40d5eac8c253c718e8a231ea8aa6bb8e3c8519da2828d564308b69a4a4287b4cba08812d6ebc73fb9c9b6b3ad1481d5ed6f0305241a6d0555feda865c5b16121d2f4662f0457786fc91a32e4e2ffc406cb39c1712fca587b3ce59bff2050a7eedff2b2d93212d42363377cad52ab94af8ff84665973f3fe6c25d33c28edc3868de169e9ed53c8927ecb2e99ef75b23b8ba10f4bb3715ae2ba1741ea2ea43bf24a558beeb174b2abc81a4eae3e69f09ba4cb09d38c1e21aba832e8e35b3b05044debf643fcaf0820a061480478a1e7ebf4954f46eff8a0577d2018d4d8a44cb0dc995590612f9b5998b10d2c1de366e8ddd122f52deae98737fc17a7dca7b5ca8a4222e74d937445fda3b46881f21176a782c8899ebf788ceaf261ebd5901c7160757db004ed1d7866390c369f18a71acf01985b1123f071af2b2f4a62"}, 0x1004)
close(r1)

[ 2404.436547]  ? kasan_check_read+0x11/0x20
[ 2404.440705]         reason=80000021 qualification=0000000000000000
[ 2404.444304]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2404.444320]  ? rcu_softirq_qs+0x20/0x20
[ 2404.444338]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2404.444367]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2404.444385]  ? check_preemption_disabled+0x48/0x280
[ 2404.444407]  handle_mm_fault+0x54f/0xc70
[ 2404.449584] IDTVectoring: info=00000000 errcode=00000000
[ 2404.453292]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2404.453313]  ? find_vma+0x34/0x190
[ 2404.453335]  __do_page_fault+0x5e8/0xe60
[ 2404.453359]  ? trace_hardirqs_off+0xb8/0x310
[ 2404.453384]  do_page_fault+0xf2/0x7e0
[ 2404.456943] TSC Offset = 0xfffffaf6f64e8611
[ 2404.460882]  ? vmalloc_sync_all+0x30/0x30
[ 2404.460899]  ? error_entry+0x70/0xd0
[ 2404.460917]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2404.460933]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2404.460953]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2404.465665] TPR Threshold = 0x00
[ 2404.469662]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2404.469681]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2404.469697]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2404.469715]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2404.469735]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2404.476532] EPT pointer = 0x00000001b4d2001e
[ 2404.480535]  ? page_fault+0x8/0x30
[ 2404.480555]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2404.480573]  ? page_fault+0x8/0x30
[ 2404.480592]  page_fault+0x1e/0x30
[ 2404.489562] RIP: 0033:0x4510a0
[ 2404.489580] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2404.489589] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2404.489602] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2404.489612] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2404.489626] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2404.500677] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2404.500687] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2404.507915] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2404.655431] CPU: 0 PID: 22659 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2404.683385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2404.683392] Call Trace:
[ 2404.683415]  dump_stack+0x244/0x39d
[ 2404.683437]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2404.683466]  handle_userfault.cold.32+0x47/0x62
[ 2404.683495]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2404.683517]  ? mark_held_locks+0x130/0x130
[ 2404.703389]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2404.703405]  ? futex_wait_setup+0x266/0x3e0
[ 2404.703435]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2404.703455]  ? userfaultfd_ctx_put+0x830/0x830
[ 2404.703474]  ? futex_wait+0x5a1/0xa50
[ 2404.718849]  ? print_usage_bug+0xc0/0xc0
[ 2404.718867]  ? print_usage_bug+0xc0/0xc0
[ 2404.718886]  ? print_usage_bug+0xc0/0xc0
[ 2404.740976]  ? zap_class+0x640/0x640
[ 2404.760876]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2404.760894]  ? futex_wake+0x304/0x760
[ 2404.782709]  ? find_held_lock+0x36/0x1c0
[ 2404.782737]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2404.782755]  ? lock_downgrade+0x900/0x900
[ 2404.782780]  ? kasan_check_read+0x11/0x20
[ 2404.794627]  ? do_raw_spin_unlock+0xa7/0x330
[ 2404.794643]  ? do_raw_spin_trylock+0x270/0x270
[ 2404.794662]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2404.794689]  __handle_mm_fault+0x4bbd/0x5be0
[ 2404.794714]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2404.810576] IPVS: ftp: loaded support on port[0] = 21
[ 2404.815440]  ? zap_class+0x640/0x640
[ 2404.815455]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2404.815471]  ? kasan_check_read+0x11/0x20
[ 2404.815489]  ? rcu_softirq_qs+0x20/0x20
[ 2404.815516]  ? zap_class+0x640/0x640
[ 2404.815532]  ? zap_class+0x640/0x640
[ 2404.815554]  ? find_held_lock+0x36/0x1c0
[ 2404.815580]  ? handle_mm_fault+0x42a/0xc70
[ 2404.815604]  ? lock_downgrade+0x900/0x900
[ 2404.824848]  ? check_preemption_disabled+0x48/0x280
[ 2404.824867]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2404.824883]  ? kasan_check_read+0x11/0x20
[ 2404.824898]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2404.824913]  ? rcu_softirq_qs+0x20/0x20
[ 2404.824930]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2404.824952]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2404.834190]  ? check_preemption_disabled+0x48/0x280
[ 2404.843684]  handle_mm_fault+0x54f/0xc70
[ 2404.843705]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2404.843727]  ? find_vma+0x34/0x190
[ 2404.843748]  __do_page_fault+0x5e8/0xe60
[ 2404.843764]  ? trace_hardirqs_off+0xb8/0x310
[ 2404.843789]  do_page_fault+0xf2/0x7e0
[ 2404.860282]  ? vmalloc_sync_all+0x30/0x30
[ 2404.876947]  ? error_entry+0x70/0xd0
[ 2404.893857]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2404.893873]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2404.893891]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2404.893907]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2404.893923]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2404.893938]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2404.893954]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2404.893970]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[ 2404.893984]  ? __switch_to_asm+0x40/0x70
[ 2404.893998]  ? page_fault+0x8/0x30
[ 2404.894017]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2404.894035]  ? page_fault+0x8/0x30
[ 2404.903017]  page_fault+0x1e/0x30
[ 2404.903031] RIP: 0033:0x4510a0
[ 2404.903048] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2404.903056] RSP: 002b:00007efdea14d7a8 EFLAGS: 00010202
[ 2404.903069] RAX: 00007efdea14d850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2404.903079] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea14d850
[ 2404.903088] RBP: 000000000072bfa0 R08: 00000000000003ff R09: 0000000000000000
[ 2404.903103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea14e6d4
[ 2404.913121] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2405.546997] IPVS: ftp: loaded support on port[0] = 21
[ 2405.752710] device bridge_slave_1 left promiscuous mode
[ 2405.758246] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2405.794273] device bridge_slave_0 left promiscuous mode
[ 2405.799868] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2405.964019] team0 (unregistering): Port device team_slave_1 removed
[ 2405.983768] team0 (unregistering): Port device team_slave_0 removed
[ 2405.996769] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 2406.011141] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 2406.066568] bond0 (unregistering): Released all slaves
[ 2406.715812] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2406.739299] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2406.752907] device bridge_slave_0 entered promiscuous mode
[ 2406.830425] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2406.851913] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2406.871876] device bridge_slave_1 entered promiscuous mode
[ 2406.947429] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 2407.014269] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 2407.150431] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 2407.198661] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 2407.243378] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 2407.250233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 2407.296713] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 2407.303651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 2407.436420] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 2407.444130] team0: Port device team_slave_0 added
[ 2407.487185] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 2407.494694] team0: Port device team_slave_1 added
[ 2407.537323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 2407.586693] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 2407.616557] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 2407.623908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2407.632154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 2407.656798] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 2407.664162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 2407.672384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 2407.934692] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2407.941075] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2407.947777] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2407.954157] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2407.962382] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 2408.172203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 2409.452372] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2409.541631] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 2409.629977] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 2409.636248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 2409.643800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2409.730644] 8021q: adding VLAN 0 to HW filter on device team0
08:16:28 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
fcntl$getown(r0, 0x9)
r2 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000140)="e7e1683496d80b20fc18f8adb8bc5e3504b6375a40ad190e57920eb6a078763733ea9d308ec658780a732190e12aa4b166b30ba50346f8cdaa7fe6b07c4ac97c1b8c5454143479a9478e21b59fcaae1c7514d5002b366df44b050a3e72e7bd825e0150e1996cf04a0f7c908da3cb80f95a0851b946964a011e3d81c53fd9f87a8b397ee539a58b6ff47a909b3dc50db76af00d6d8e0e3e093156450dbe1003acf93bac2048a2ac298ee2d2b6", 0xac, 0xfffffffffffffff9)
keyctl$revoke(0x3, r2)

08:16:28 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4800, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:28 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x300, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:28 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x2)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:28 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x16f342, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000080)={'ipvs\x00'}, &(0x7f00000000c0)=0x1e)
close(r1)
fcntl$setflags(r2, 0x2, 0x1)

08:16:28 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='map_files\x00')
getdents(r0, &(0x7f00000000c0)=""/47, 0x2f)
socket(0x10, 0x803, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1ffffd, 0x20)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_pwait(r1, &(0x7f00000038c0)=[{}, {}, {}, {}, {}, {}], 0x6, 0x3, 0x0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
fstatfs(r1, &(0x7f0000003c40)=""/210)
sched_getaffinity(0x0, 0x8, &(0x7f0000000140))
setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000500)={0x1, 'ip0\x00', 0x2}, 0x18)
ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000280)=0xfffffffffffffffb)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0)
unshare(0x40000000)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000300)={0x904c48a8e9bc8f45})
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000003800))
sendto(r4, &(0x7f0000000000)="120000001200e7ef007b0000f4afd703", 0x10, 0x0, 0x0, 0x0)
fsetxattr$security_evm(r1, &(0x7f0000000180)='security.evm\x00', &(0x7f0000003a40)=ANY=[@ANYBLOB="02981e54bf917bd3c2d77539f93a0f775cbbd703f73e1580888d7f3be8c85bf1f3000000487cdd654d7084e8e7aa6d6be8df2e633cfaf5017b6399908f3d40e6f85c2ea487fd63b32204e0763e971c1f2bab71cf0876d68cb267d1c1b45ed436b3528dd7ae4fd8a7030000000000000000000000000000000000000047cb6a9c8d927eb0d4f6549853b2e90755501797f602003f73bea913d5c9adfae742a1a020764c851271d969aa2bb3c4288f9e41545e78815392749e20757e334ce526fa4b8d7317f13f3287855e2514e15a9e81"], 0x1, 0x1)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000003880)='/dev/ppp\x00', 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000237fee)='/dev/input/event#\x00', 0x0, 0x0)
syncfs(r6)
setsockopt$inet_mreq(r3, 0x0, 0x0, 0x0, 0x0)
getdents(r0, &(0x7f0000000040), 0x88)

[ 2410.362729] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2410.367317] CPU: 1 PID: 22938 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2410.374693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2410.384064] Call Trace:
[ 2410.386683]  dump_stack+0x244/0x39d
[ 2410.390340]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2410.394676] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2410.395570]  handle_userfault.cold.32+0x47/0x62
[ 2410.395606]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2410.395630]  ? mark_held_locks+0x130/0x130
[ 2410.413605]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2410.418636]  ? futex_wait_setup+0x266/0x3e0
[ 2410.422979]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2410.428192]  ? userfaultfd_ctx_put+0x830/0x830
[ 2410.432789]  ? futex_wait+0x5a1/0xa50
[ 2410.436617]  ? print_usage_bug+0xc0/0xc0
[ 2410.440690]  ? print_usage_bug+0xc0/0xc0
[ 2410.444770]  ? print_usage_bug+0xc0/0xc0
[ 2410.448850]  ? zap_class+0x640/0x640
[ 2410.452588]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2410.457707]  ? futex_wake+0x304/0x760
[ 2410.461541]  ? find_held_lock+0x36/0x1c0
[ 2410.465626]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2410.470227]  ? lock_downgrade+0x900/0x900
[ 2410.474396]  ? kasan_check_read+0x11/0x20
[ 2410.478555]  ? do_raw_spin_unlock+0xa7/0x330
[ 2410.482975]  ? do_raw_spin_trylock+0x270/0x270
[ 2410.487576]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2410.493225]  __handle_mm_fault+0x4bbd/0x5be0
[ 2410.497657]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2410.502512]  ? zap_class+0x640/0x640
[ 2410.506240]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2410.511189]  ? kasan_check_read+0x11/0x20
[ 2410.515366]  ? rcu_softirq_qs+0x20/0x20
[ 2410.519380]  ? zap_class+0x640/0x640
[ 2410.523112]  ? zap_class+0x640/0x640
[ 2410.526849]  ? find_held_lock+0x36/0x1c0
[ 2410.530938]  ? handle_mm_fault+0x42a/0xc70
[ 2410.535186]  ? lock_downgrade+0x900/0x900
[ 2410.535205]  ? check_preemption_disabled+0x48/0x280
[ 2410.535224]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2410.535240]  ? kasan_check_read+0x11/0x20
[ 2410.535255]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2410.535270]  ? rcu_softirq_qs+0x20/0x20
[ 2410.535287]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2410.535309]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2410.544465]  ? check_preemption_disabled+0x48/0x280
[ 2410.544489]  handle_mm_fault+0x54f/0xc70
[ 2410.544509]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2410.544530]  ? find_vma+0x34/0x190
[ 2410.544551]  __do_page_fault+0x5e8/0xe60
[ 2410.544566]  ? trace_hardirqs_off+0xb8/0x310
[ 2410.544590]  do_page_fault+0xf2/0x7e0
[ 2410.603242]  ? vmalloc_sync_all+0x30/0x30
[ 2410.607406]  ? error_entry+0x70/0xd0
[ 2410.611132]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2410.616163]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2410.621105]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2410.626047]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2410.630902]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2410.635929]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2410.641394]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2410.646422]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2410.651455]  ? page_fault+0x8/0x30
[ 2410.655008]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2410.659875]  ? page_fault+0x8/0x30
[ 2410.663436]  page_fault+0x1e/0x30
[ 2410.666894] RIP: 0033:0x4510a0
[ 2410.670104] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2410.689015] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2410.694386] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2410.701669] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
08:16:28 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r2 = request_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f00000000c0)='-\x00', 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, <r3=>0x0}, &(0x7f0000000180)=0xc)
getgroups(0x3, &(0x7f00000001c0)=[0xee00, 0x0, <r4=>0xffffffffffffffff])
keyctl$chown(0x4, r2, r3, r4)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)

08:16:28 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={0xffffffffffffff9c, 0x28, &(0x7f00000001c0)={0x0, <r2=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={r2, 0x7a8, 0x8}, 0xc)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-monitor\x00', 0x400000, 0x0)
truncate(&(0x7f0000000280)='./file0\x00', 0xffffffff00000001)
ioctl$LOOP_SET_FD(r3, 0x4c00, r1)
fcntl$getownex(r0, 0x10, &(0x7f00000000c0))
openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x402300, 0x0)
fsetxattr$security_smack_entry(r1, &(0x7f0000000140)='security.SMACK64EXEC\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', 0x1a, 0x2)
r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsetxattr$security_smack_transmute(r0, &(0x7f0000000040)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x2)
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r3, &(0x7f00000002c0)={0x90002006})
close(r4)

08:16:28 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x1400, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2410.708946] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2410.716230] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2410.723514] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2410.730818] CPU: 0 PID: 22946 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2410.738201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2410.747562] Call Trace:
[ 2410.750166]  dump_stack+0x244/0x39d
[ 2410.753811]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2410.759041]  handle_userfault.cold.32+0x47/0x62
08:16:28 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xffffa888, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2410.763740]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2410.768337]  ? mark_held_locks+0x130/0x130
[ 2410.772604]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2410.777641]  ? futex_wait_setup+0x266/0x3e0
[ 2410.781988]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2410.787199]  ? userfaultfd_ctx_put+0x830/0x830
[ 2410.791797]  ? futex_wait+0x5a1/0xa50
[ 2410.795417] IPVS: ftp: loaded support on port[0] = 21
[ 2410.795638]  ? print_usage_bug+0xc0/0xc0
[ 2410.804892]  ? print_usage_bug+0xc0/0xc0
[ 2410.808973]  ? print_usage_bug+0xc0/0xc0
08:16:28 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x86ddffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2410.813056]  ? zap_class+0x640/0x640
[ 2410.816783]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2410.821895]  ? futex_wake+0x304/0x760
[ 2410.825726]  ? find_held_lock+0x36/0x1c0
[ 2410.829810]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2410.834413]  ? lock_downgrade+0x900/0x900
[ 2410.834438]  ? kasan_check_read+0x11/0x20
[ 2410.834457]  ? do_raw_spin_unlock+0xa7/0x330
[ 2410.847144]  ? do_raw_spin_trylock+0x270/0x270
[ 2410.851748]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2410.857417]  __handle_mm_fault+0x4bbd/0x5be0
[ 2410.861855]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2410.861876]  ? zap_class+0x640/0x640
[ 2410.861895]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2410.875627]  ? kasan_check_read+0x11/0x20
[ 2410.879793]  ? rcu_softirq_qs+0x20/0x20
[ 2410.883791]  ? zap_class+0x640/0x640
[ 2410.883807]  ? zap_class+0x640/0x640
[ 2410.883829]  ? find_held_lock+0x36/0x1c0
[ 2410.883852]  ? handle_mm_fault+0x42a/0xc70
[ 2410.891273]  ? lock_downgrade+0x900/0x900
[ 2410.899555]  ? check_preemption_disabled+0x48/0x280
[ 2410.899575]  ? rcu_read_unlock_special+0x1c0/0x1c0
08:16:28 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x806, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2410.899595]  ? kasan_check_read+0x11/0x20
[ 2410.917803]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2410.917819]  ? rcu_softirq_qs+0x20/0x20
[ 2410.917835]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2410.917860]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2410.932197]  ? check_preemption_disabled+0x48/0x280
[ 2410.932222]  handle_mm_fault+0x54f/0xc70
[ 2410.932242]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2410.932262]  ? find_vma+0x34/0x190
[ 2410.946868]  __do_page_fault+0x5e8/0xe60
[ 2410.959034]  ? trace_hardirqs_off+0xb8/0x310
08:16:28 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x200000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2410.959062]  do_page_fault+0xf2/0x7e0
[ 2410.959085]  ? vmalloc_sync_all+0x30/0x30
[ 2410.971416]  ? error_entry+0x70/0xd0
[ 2410.971433]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2410.971453]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2410.985107]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2410.985123]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2410.985144]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2410.999930]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2411.005395]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2411.005413]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2411.005432]  ? page_fault+0x8/0x30
[ 2411.018997]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2411.023851]  ? page_fault+0x8/0x30
[ 2411.023867]  page_fault+0x1e/0x30
[ 2411.023881] RIP: 0033:0x4510a0
[ 2411.023898] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2411.023906] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2411.030900] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
08:16:28 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x2, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:28 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xf0ffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2411.030911] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2411.030920] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2411.030929] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2411.030943] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2411.171740] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2411.184111] CPU: 0 PID: 22977 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2411.191520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2411.191528] Call Trace:
[ 2411.191556]  dump_stack+0x244/0x39d
[ 2411.191583]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2411.191615]  handle_userfault.cold.32+0x47/0x62
[ 2411.212383]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2411.212403]  ? mark_held_locks+0x130/0x130
[ 2411.212424]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2411.221750]  ? futex_wait_setup+0x266/0x3e0
[ 2411.221781]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2411.221801]  ? userfaultfd_ctx_put+0x830/0x830
[ 2411.221815]  ? futex_wait+0x5a1/0xa50
[ 2411.221839]  ? print_usage_bug+0xc0/0xc0
[ 2411.231587]  ? print_usage_bug+0xc0/0xc0
[ 2411.231607]  ? print_usage_bug+0xc0/0xc0
[ 2411.231625]  ? zap_class+0x640/0x640
[ 2411.231643]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2411.231660]  ? futex_wake+0x304/0x760
[ 2411.241190]  ? find_held_lock+0x36/0x1c0
[ 2411.241218]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2411.241238]  ? lock_downgrade+0x900/0x900
[ 2411.249617]  ? kasan_check_read+0x11/0x20
[ 2411.249634]  ? do_raw_spin_unlock+0xa7/0x330
[ 2411.249649]  ? do_raw_spin_trylock+0x270/0x270
[ 2411.249672]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2411.257792]  __handle_mm_fault+0x4bbd/0x5be0
[ 2411.257818]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2411.257841]  ? zap_class+0x640/0x640
[ 2411.265603]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2411.265619]  ? kasan_check_read+0x11/0x20
[ 2411.265637]  ? rcu_softirq_qs+0x20/0x20
[ 2411.265666]  ? zap_class+0x640/0x640
[ 2411.274580]  ? zap_class+0x640/0x640
[ 2411.274602]  ? find_held_lock+0x36/0x1c0
[ 2411.274628]  ? handle_mm_fault+0x42a/0xc70
[ 2411.274646]  ? lock_downgrade+0x900/0x900
[ 2411.274668]  ? check_preemption_disabled+0x48/0x280
[ 2411.283291]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2411.283307]  ? kasan_check_read+0x11/0x20
[ 2411.283323]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2411.283338]  ? rcu_softirq_qs+0x20/0x20
[ 2411.283371]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2411.283393]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2411.291671]  ? check_preemption_disabled+0x48/0x280
[ 2411.291696]  handle_mm_fault+0x54f/0xc70
[ 2411.291716]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2411.291735]  ? find_vma+0x34/0x190
[ 2411.300717]  __do_page_fault+0x5e8/0xe60
[ 2411.300733]  ? trace_hardirqs_off+0xb8/0x310
[ 2411.300760]  do_page_fault+0xf2/0x7e0
[ 2411.300779]  ? vmalloc_sync_all+0x30/0x30
08:16:29 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x9)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:29 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x1, 0x2)
ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000000080)=0x7)
close(r1)

[ 2411.310799]  ? error_entry+0x70/0xd0
[ 2411.310818]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2411.310834]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2411.310851]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2411.310876]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2411.319416]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2411.319434]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2411.319452]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2411.319470]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2411.319488]  ? page_fault+0x8/0x30
[ 2411.328558]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2411.328577]  ? page_fault+0x8/0x30
[ 2411.328594]  page_fault+0x1e/0x30
[ 2411.328612] RIP: 0033:0x4510a0
[ 2411.336280] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2411.336289] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2411.336303] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2411.336313] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2411.336322] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2411.336336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2411.344103] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2411.528229] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2411.546232] CPU: 0 PID: 22991 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2411.556910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2411.556916] Call Trace:
[ 2411.556939]  dump_stack+0x244/0x39d
[ 2411.556960]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2411.577695]  handle_userfault.cold.32+0x47/0x62
[ 2411.582395]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2411.587000]  ? mark_held_locks+0x130/0x130
[ 2411.591240]  ? find_held_lock+0x36/0x1c0
[ 2411.595299]  ? userfaultfd_ctx_put+0x830/0x830
[ 2411.599888]  ? kasan_check_read+0x11/0x20
[ 2411.604030]  ? print_usage_bug+0xc0/0xc0
[ 2411.608086]  ? do_raw_spin_trylock+0x270/0x270
[ 2411.612670]  ? print_usage_bug+0xc0/0xc0
[ 2411.616735]  ? print_usage_bug+0xc0/0xc0
[ 2411.620786]  ? zap_class+0x640/0x640
[ 2411.624502]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2411.629608]  ? futex_wake+0x304/0x760
[ 2411.633402]  ? find_held_lock+0x36/0x1c0
[ 2411.637459]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2411.642034]  ? lock_downgrade+0x900/0x900
[ 2411.646174]  ? kasan_check_read+0x11/0x20
[ 2411.650317]  ? do_raw_spin_unlock+0xa7/0x330
[ 2411.654743]  ? do_raw_spin_trylock+0x270/0x270
[ 2411.659324]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2411.664989]  __handle_mm_fault+0x4bbd/0x5be0
[ 2411.669409]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2411.674247]  ? zap_class+0x640/0x640
[ 2411.677953]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2411.682871]  ? kasan_check_read+0x11/0x20
[ 2411.687016]  ? rcu_softirq_qs+0x20/0x20
[ 2411.691000]  ? zap_class+0x640/0x640
[ 2411.694716]  ? zap_class+0x640/0x640
[ 2411.698423]  ? find_held_lock+0x36/0x1c0
[ 2411.702475]  ? handle_mm_fault+0x42a/0xc70
[ 2411.706713]  ? lock_downgrade+0x900/0x900
[ 2411.710877]  ? check_preemption_disabled+0x48/0x280
[ 2411.715891]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2411.720810]  ? kasan_check_read+0x11/0x20
[ 2411.724945]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2411.730219]  ? rcu_softirq_qs+0x20/0x20
[ 2411.734205]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2411.739298]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2411.744841]  ? check_preemption_disabled+0x48/0x280
[ 2411.749853]  handle_mm_fault+0x54f/0xc70
[ 2411.753910]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2411.758484]  ? find_vma+0x34/0x190
[ 2411.762031]  __do_page_fault+0x5e8/0xe60
[ 2411.766083]  ? trace_hardirqs_off+0xb8/0x310
[ 2411.770573]  do_page_fault+0xf2/0x7e0
[ 2411.774386]  ? vmalloc_sync_all+0x30/0x30
[ 2411.778570]  ? error_entry+0x70/0xd0
[ 2411.782287]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2411.787323]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2411.792256]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2411.797178]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2411.802010]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2411.807080]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2411.812535]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2411.817540]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2411.822569]  ? page_fault+0x8/0x30
[ 2411.826101]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2411.830941]  ? page_fault+0x8/0x30
[ 2411.834469]  page_fault+0x1e/0x30
[ 2411.837909] RIP: 0033:0x4510a0
[ 2411.841097] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2411.859987] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2411.865339] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2411.872617] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2411.879878] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2411.887133] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2411.894399] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:30 executing program 5:
ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f00000001c0))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0)
flock(0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
ioctl$VHOST_GET_VRING_BASE(0xffffffffffffffff, 0xc008af12, 0x0)
getsockname(0xffffffffffffffff, 0x0, 0x0)
close(r0)
mkdir(0x0, 0x0)
ioprio_get$uid(0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000001800)='vfat\x00', &(0x7f0000001840)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f0000000380)}], 0x0, 0x0)
lseek(r0, 0x0, 0x4)
io_setup(0xe125, &(0x7f0000000500))
open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140))

08:16:30 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8906, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/29, 0x1d}, {&(0x7f0000000140)=""/193, 0xc1}], 0x2, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
r2 = dup2(r0, r0)
ioctl$VT_DISALLOCATE(r2, 0x5608)
r3 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x1, 0x2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x9)

08:16:30 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x7a, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:30 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a31ee5c2d023ccc5690d93ba7074358e8b564a26db170126285718070")
r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x8, 0x1)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000040)={<r2=>0x0, 0x0, 0x3f, 0xc75}, &(0x7f00000000c0)=0x10)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000100)={r2, 0xff}, &(0x7f0000000140)=0x8)
r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r3)

08:16:30 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x2000000000000000)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:30 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xd00, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:30 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

[ 2412.930288] FAT-fs (loop5): bogus number of reserved sectors
[ 2412.948551] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2412.953874] CPU: 0 PID: 23009 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2412.961255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2412.970624] Call Trace:
[ 2412.973236]  dump_stack+0x244/0x39d
[ 2412.976894]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2412.979853] FAT-fs (loop5): Can't find a valid FAT filesystem
[ 2412.982120]  handle_userfault.cold.32+0x47/0x62
[ 2412.982155]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2412.982179]  ? mark_held_locks+0x130/0x130
[ 2412.982207]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2413.006593]  ? futex_wait_setup+0x266/0x3e0
[ 2413.010941]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2413.016151]  ? userfaultfd_ctx_put+0x830/0x830
[ 2413.020752]  ? futex_wait+0x5a1/0xa50
[ 2413.020777]  ? print_usage_bug+0xc0/0xc0
[ 2413.020794]  ? print_usage_bug+0xc0/0xc0
[ 2413.020813]  ? print_usage_bug+0xc0/0xc0
[ 2413.028677]  ? zap_class+0x640/0x640
[ 2413.028696]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2413.028711]  ? futex_wake+0x304/0x760
[ 2413.028741]  ? find_held_lock+0x36/0x1c0
[ 2413.053522]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2413.058121]  ? lock_downgrade+0x900/0x900
[ 2413.062298]  ? kasan_check_read+0x11/0x20
[ 2413.066463]  ? do_raw_spin_unlock+0xa7/0x330
[ 2413.070885]  ? do_raw_spin_trylock+0x270/0x270
[ 2413.075491]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2413.081141]  __handle_mm_fault+0x4bbd/0x5be0
[ 2413.085575]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2413.090440]  ? zap_class+0x640/0x640
[ 2413.094168]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2413.099110]  ? kasan_check_read+0x11/0x20
[ 2413.103272]  ? rcu_softirq_qs+0x20/0x20
[ 2413.103301]  ? zap_class+0x640/0x640
[ 2413.103316]  ? zap_class+0x640/0x640
[ 2413.103338]  ? find_held_lock+0x36/0x1c0
[ 2413.103376]  ? handle_mm_fault+0x42a/0xc70
[ 2413.111068]  ? lock_downgrade+0x900/0x900
[ 2413.111088]  ? check_preemption_disabled+0x48/0x280
[ 2413.111107]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2413.111127]  ? kasan_check_read+0x11/0x20
[ 2413.141330]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2413.146639]  ? rcu_softirq_qs+0x20/0x20
[ 2413.150629]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2413.155758]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2413.161318]  ? check_preemption_disabled+0x48/0x280
[ 2413.163278] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2413.166392]  handle_mm_fault+0x54f/0xc70
[ 2413.166414]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2413.166435]  ? find_vma+0x34/0x190
[ 2413.166456]  __do_page_fault+0x5e8/0xe60
[ 2413.187170]  ? trace_hardirqs_off+0xb8/0x310
[ 2413.191604]  do_page_fault+0xf2/0x7e0
[ 2413.195423]  ? vmalloc_sync_all+0x30/0x30
[ 2413.199586]  ? error_entry+0x70/0xd0
[ 2413.203329]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2413.208398]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2413.213336]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2413.218292]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2413.223147]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2413.228175]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2413.234122]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2413.239155]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2413.244183]  ? page_fault+0x8/0x30
[ 2413.247739]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2413.252599]  ? page_fault+0x8/0x30
[ 2413.256326]  page_fault+0x1e/0x30
[ 2413.259797] RIP: 0033:0x4510a0
[ 2413.263003] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2413.281921] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2413.287303] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2413.294581] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2413.301965] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2413.309244] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2413.316630] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2413.323950] CPU: 1 PID: 23012 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
08:16:31 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x800e000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:31 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x100000890e, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)

08:16:31 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
fsetxattr$security_smack_transmute(r0, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000040)='TRUE', 0x4, 0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

08:16:31 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x700)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2413.331334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2413.340705] Call Trace:
[ 2413.343323]  dump_stack+0x244/0x39d
[ 2413.347093]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2413.352311]  handle_userfault.cold.32+0x47/0x62
[ 2413.357026]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2413.361628]  ? mark_held_locks+0x130/0x130
[ 2413.366322]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2413.371364]  ? futex_wait_setup+0x266/0x3e0
[ 2413.375708]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2413.380917]  ? userfaultfd_ctx_put+0x830/0x830
[ 2413.385517]  ? futex_wait+0x5a1/0xa50
[ 2413.389357]  ? print_usage_bug+0xc0/0xc0
[ 2413.393444]  ? print_usage_bug+0xc0/0xc0
[ 2413.397534]  ? print_usage_bug+0xc0/0xc0
[ 2413.401609]  ? zap_class+0x640/0x640
[ 2413.405333]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2413.410458]  ? futex_wake+0x304/0x760
[ 2413.414294]  ? find_held_lock+0x36/0x1c0
[ 2413.418438]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2413.423038]  ? lock_downgrade+0x900/0x900
[ 2413.427228]  ? kasan_check_read+0x11/0x20
[ 2413.431392]  ? do_raw_spin_unlock+0xa7/0x330
[ 2413.435822]  ? do_raw_spin_trylock+0x270/0x270
[ 2413.440428]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2413.446081]  __handle_mm_fault+0x4bbd/0x5be0
[ 2413.450517]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2413.455388]  ? zap_class+0x640/0x640
[ 2413.459120]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2413.464070]  ? kasan_check_read+0x11/0x20
[ 2413.468231]  ? rcu_softirq_qs+0x20/0x20
[ 2413.472232]  ? zap_class+0x640/0x640
[ 2413.475973]  ? zap_class+0x640/0x640
[ 2413.479709]  ? find_held_lock+0x36/0x1c0
[ 2413.483794]  ? handle_mm_fault+0x42a/0xc70
[ 2413.488046]  ? lock_downgrade+0x900/0x900
[ 2413.492215]  ? check_preemption_disabled+0x48/0x280
[ 2413.497251]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2413.502194]  ? kasan_check_read+0x11/0x20
[ 2413.506372]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2413.511668]  ? rcu_softirq_qs+0x20/0x20
[ 2413.515671]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2413.520796]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2413.526358]  ? check_preemption_disabled+0x48/0x280
[ 2413.526384]  handle_mm_fault+0x54f/0xc70
[ 2413.526404]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2413.526425]  ? find_vma+0x34/0x190
[ 2413.526453]  __do_page_fault+0x5e8/0xe60
[ 2413.547703]  ? trace_hardirqs_off+0xb8/0x310
[ 2413.552137]  do_page_fault+0xf2/0x7e0
[ 2413.555967]  ? vmalloc_sync_all+0x30/0x30
[ 2413.560133]  ? error_entry+0x70/0xd0
[ 2413.563871]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2413.568906]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2413.573848]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2413.578798]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2413.583672]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2413.588714]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2413.594181]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2413.594201]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2413.594218]  ? page_fault+0x8/0x30
[ 2413.594237]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2413.594256]  ? page_fault+0x8/0x30
[ 2413.594272]  page_fault+0x1e/0x30
[ 2413.594284] RIP: 0033:0x4510a0
[ 2413.594302] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2413.594315] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2413.604375] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2413.604385] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2413.604395] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2413.604405] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2413.604415] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2413.607779] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2413.689658] CPU: 1 PID: 23040 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2413.697039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2413.706398] Call Trace:
[ 2413.709015]  dump_stack+0x244/0x39d
[ 2413.712673]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2413.717898]  handle_userfault.cold.32+0x47/0x62
[ 2413.722602]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2413.727207]  ? mark_held_locks+0x130/0x130
[ 2413.731466]  ? find_held_lock+0x36/0x1c0
[ 2413.735551]  ? userfaultfd_ctx_put+0x830/0x830
[ 2413.740158]  ? kasan_check_read+0x11/0x20
[ 2413.744327]  ? print_usage_bug+0xc0/0xc0
[ 2413.748422]  ? do_raw_spin_trylock+0x270/0x270
[ 2413.753020]  ? print_usage_bug+0xc0/0xc0
[ 2413.753040]  ? print_usage_bug+0xc0/0xc0
[ 2413.753057]  ? zap_class+0x640/0x640
[ 2413.753076]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2413.753093]  ? futex_wake+0x304/0x760
[ 2413.761229]  ? find_held_lock+0x36/0x1c0
[ 2413.777893]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2413.782493]  ? lock_downgrade+0x900/0x900
[ 2413.786673]  ? kasan_check_read+0x11/0x20
[ 2413.790839]  ? do_raw_spin_unlock+0xa7/0x330
[ 2413.795275]  ? do_raw_spin_trylock+0x270/0x270
[ 2413.799888]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2413.805524]  __handle_mm_fault+0x4bbd/0x5be0
[ 2413.809932]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2413.814776]  ? zap_class+0x640/0x640
[ 2413.818494]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2413.823420]  ? kasan_check_read+0x11/0x20
[ 2413.827562]  ? rcu_softirq_qs+0x20/0x20
[ 2413.831535]  ? zap_class+0x640/0x640
[ 2413.835248]  ? zap_class+0x640/0x640
[ 2413.838972]  ? find_held_lock+0x36/0x1c0
[ 2413.843029]  ? handle_mm_fault+0x42a/0xc70
[ 2413.847252]  ? lock_downgrade+0x900/0x900
[ 2413.851398]  ? check_preemption_disabled+0x48/0x280
[ 2413.856404]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2413.861332]  ? kasan_check_read+0x11/0x20
[ 2413.865484]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2413.870748]  ? rcu_softirq_qs+0x20/0x20
[ 2413.874713]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2413.879821]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2413.885363]  ? check_preemption_disabled+0x48/0x280
[ 2413.890380]  handle_mm_fault+0x54f/0xc70
[ 2413.894435]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2413.899011]  ? find_vma+0x34/0x190
[ 2413.902553]  __do_page_fault+0x5e8/0xe60
[ 2413.906606]  ? trace_hardirqs_off+0xb8/0x310
[ 2413.911025]  do_page_fault+0xf2/0x7e0
[ 2413.914829]  ? vmalloc_sync_all+0x30/0x30
[ 2413.918979]  ? error_entry+0x70/0xd0
[ 2413.922697]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2413.927704]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2413.932631]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2413.937552]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2413.942384]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2413.947410]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2413.952867]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2413.957888]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2413.962894]  ? page_fault+0x8/0x30
[ 2413.966426]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2413.971260]  ? page_fault+0x8/0x30
[ 2413.974790]  page_fault+0x1e/0x30
[ 2413.978234] RIP: 0033:0x4510a0
[ 2413.981418] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2414.000308] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2414.005660] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2414.012919] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2414.020181] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2414.027454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2414.034709] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2414.072565] FAT-fs (loop5): bogus number of reserved sectors
[ 2414.078505] FAT-fs (loop5): Can't find a valid FAT filesystem
08:16:32 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fe81007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000009000000b7050000020000006a0a00fe000000008500000032000000b7000000000000009500040000000000"], 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="de009b8db770076a6337ccd9e871", 0x0}, 0x28)

08:16:32 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xb00, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:32 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x40, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000080)={0x20000008})

08:16:32 executing program 4:
r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x8, 0x40000)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000140)={{0xffffffffffffffff, 0x2, 0x6, 0x0, 0x6}, 0xa6, 0x8, 0x3ff})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000040)={0x6, 0x14, [0x6e, 0xfffffffffffffffb, 0x1f, 0x5, 0x10001]})
r2 = shmget(0x3, 0x4000, 0x801, &(0x7f0000ffb000/0x4000)=nil)
shmctl$IPC_RMID(r2, 0x0)

08:16:32 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x8000000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:32 executing program 0:
r0 = syz_open_dev$sndpcmp(&(0x7f0000000540)='/dev/snd/pcmC#D#p\x00', 0x7, 0x10000)
setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000580)=0x7, 0x4)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x100, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x7, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:32 executing program 5:
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f00000001c0)=0x4, 0x4)
listen(r1, 0x0)
connect$unix(r0, &(0x7f000066fff4)=@file={0x1, "e91f7189591e9233614b00"}, 0xc)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070")
accept4$unix(r1, &(0x7f000046f000)=@abs, &(0x7f00000000c0)=0x6e, 0x0)

08:16:32 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:32 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x7, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2414.309786] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2414.326535] CPU: 1 PID: 23075 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2414.333922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2414.333930] Call Trace:
[ 2414.333958]  dump_stack+0x244/0x39d
[ 2414.333985]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2414.334022]  handle_userfault.cold.32+0x47/0x62
[ 2414.334057]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2414.364567]  ? mark_held_locks+0x130/0x130
[ 2414.368810]  ? futex_wait_setup+0x266/0x3e0
[ 2414.373135]  ? __switch_to_asm+0x40/0x70
[ 2414.377219]  ? userfaultfd_ctx_put+0x830/0x830
[ 2414.381808]  ? futex_wait+0x5a1/0xa50
[ 2414.385629]  ? print_usage_bug+0xc0/0xc0
[ 2414.389694]  ? print_usage_bug+0xc0/0xc0
[ 2414.393771]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2414.398706]  ? print_usage_bug+0xc0/0xc0
[ 2414.402777]  ? zap_class+0x640/0x640
[ 2414.406496]  ? trace_hardirqs_on+0x310/0x310
[ 2414.410912]  ? futex_wake+0x304/0x760
[ 2414.414736]  ? find_held_lock+0x36/0x1c0
[ 2414.418817]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2414.423432]  ? lock_downgrade+0x900/0x900
[ 2414.427598]  ? kasan_check_read+0x11/0x20
[ 2414.431762]  ? do_raw_spin_unlock+0xa7/0x330
[ 2414.436181]  ? do_raw_spin_trylock+0x270/0x270
[ 2414.440776]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2414.446425]  __handle_mm_fault+0x4bbd/0x5be0
[ 2414.450862]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2414.455718]  ? zap_class+0x640/0x640
[ 2414.459434]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2414.464377]  ? kasan_check_read+0x11/0x20
[ 2414.468532]  ? rcu_softirq_qs+0x20/0x20
[ 2414.472519]  ? zap_class+0x640/0x640
[ 2414.476240]  ? zap_class+0x640/0x640
[ 2414.479963]  ? find_held_lock+0x36/0x1c0
[ 2414.484039]  ? handle_mm_fault+0x42a/0xc70
[ 2414.488282]  ? lock_downgrade+0x900/0x900
[ 2414.492436]  ? check_preemption_disabled+0x48/0x280
[ 2414.497458]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2414.502409]  ? kasan_check_read+0x11/0x20
[ 2414.506559]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2414.511895]  ? rcu_softirq_qs+0x20/0x20
[ 2414.515880]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2414.520994]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2414.526542]  ? check_preemption_disabled+0x48/0x280
[ 2414.531575]  handle_mm_fault+0x54f/0xc70
[ 2414.535652]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2414.540247]  ? find_vma+0x34/0x190
[ 2414.543797]  __do_page_fault+0x5e8/0xe60
[ 2414.547872]  ? trace_hardirqs_off+0xb8/0x310
[ 2414.552301]  do_page_fault+0xf2/0x7e0
[ 2414.556110]  ? vmalloc_sync_all+0x30/0x30
[ 2414.560261]  ? error_entry+0x70/0xd0
[ 2414.563983]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2414.569002]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2414.573941]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2414.578882]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2414.583729]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2414.588747]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2414.594203]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2414.599223]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2414.604251]  ? page_fault+0x8/0x30
[ 2414.607801]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2414.612650]  ? page_fault+0x8/0x30
[ 2414.616194]  page_fault+0x1e/0x30
[ 2414.619652] RIP: 0033:0x4510a0
[ 2414.622867] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2414.641772] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2414.647144] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2414.654413] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
08:16:32 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x3ff, 0x200000)
recvmsg$kcm(r1, &(0x7f0000000380)={&(0x7f0000000080)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000100)=""/188, 0xbc}, {&(0x7f00000001c0)=""/172, 0xac}], 0x2, &(0x7f00000002c0)=""/161, 0xa1}, 0x100)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)

[ 2414.661685] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2414.669307] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2414.676581] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:32 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x81, 0x0)

08:16:32 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000040)={<r2=>0x0, 0x8}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={r2, 0x10001}, &(0x7f00000001c0)=0xc)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:32 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x1, 0x2)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000080)={0x100, 0x7, 0x2000}, 0x4)
close(r1)

08:16:32 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4888, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:32 executing program 5:
syz_open_dev$loop(0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x118)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000300)={{0x0, 0x2, 0x93}, 0x5721e7f, 0x80000000, 0x7})
ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f00000002c0)={'bcsf0\x00'})
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000180)=<r1=>0x0)
perf_event_open(0x0, r1, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
socket$packet(0x11, 0x3, 0x300)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mlockall(0x400000000008)
r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x0, 0x7fffc)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = semget(0x3, 0x1, 0x0)
semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0))
getsockopt$IP_VS_SO_GET_VERSION(r3, 0x0, 0x480, 0x0, &(0x7f0000000140))
semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0)=[0x8, 0x2, 0xffffffff80000000, 0x8])
mlockall(0x4)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)

08:16:32 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x2000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:32 executing program 1:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x2bf6070b9224d23f, 0x0)
r1 = fcntl$dupfd(r0, 0x406, r0)
ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000080)=0x3ff)
r2 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={<r3=>0x0}, &(0x7f0000000140)=0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000180)={r3, @in6={{0xa, 0x4e23, 0xfffffffffffff000, @empty, 0x7}}, 0xffffffff, 0x1000}, 0x90)
r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x137, 0x8, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7f, 0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x9)
close(r4)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f00000000c0), 0x4)

[ 2414.981759] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2415.007914] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2415.019379] CPU: 0 PID: 23110 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2415.026768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2415.036124] Call Trace:
[ 2415.038732]  dump_stack+0x244/0x39d
[ 2415.042400]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2415.047622]  handle_userfault.cold.32+0x47/0x62
[ 2415.052326]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2415.056944]  ? mark_held_locks+0x130/0x130
[ 2415.061191]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2415.066220]  ? futex_wait_setup+0x266/0x3e0
[ 2415.070571]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2415.075776]  ? userfaultfd_ctx_put+0x830/0x830
[ 2415.080383]  ? futex_wait+0x5a1/0xa50
[ 2415.084204]  ? print_usage_bug+0xc0/0xc0
[ 2415.088279]  ? print_usage_bug+0xc0/0xc0
[ 2415.092368]  ? print_usage_bug+0xc0/0xc0
[ 2415.096443]  ? zap_class+0x640/0x640
[ 2415.100171]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2415.105279]  ? futex_wake+0x304/0x760
[ 2415.109111]  ? find_held_lock+0x36/0x1c0
[ 2415.113193]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2415.117802]  ? lock_downgrade+0x900/0x900
[ 2415.121970]  ? kasan_check_read+0x11/0x20
[ 2415.126130]  ? do_raw_spin_unlock+0xa7/0x330
[ 2415.130547]  ? do_raw_spin_trylock+0x270/0x270
[ 2415.135138]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2415.140785]  __handle_mm_fault+0x4bbd/0x5be0
[ 2415.145219]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2415.150080]  ? zap_class+0x640/0x640
[ 2415.153813]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2415.158749]  ? kasan_check_read+0x11/0x20
[ 2415.162907]  ? rcu_softirq_qs+0x20/0x20
[ 2415.166905]  ? zap_class+0x640/0x640
[ 2415.170634]  ? zap_class+0x640/0x640
[ 2415.174377]  ? find_held_lock+0x36/0x1c0
[ 2415.178456]  ? handle_mm_fault+0x42a/0xc70
[ 2415.182707]  ? lock_downgrade+0x900/0x900
[ 2415.186867]  ? check_preemption_disabled+0x48/0x280
[ 2415.191901]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2415.196844]  ? kasan_check_read+0x11/0x20
[ 2415.201003]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2415.206290]  ? rcu_softirq_qs+0x20/0x20
[ 2415.210275]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2415.215400]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2415.220955]  ? check_preemption_disabled+0x48/0x280
[ 2415.225993]  handle_mm_fault+0x54f/0xc70
[ 2415.230069]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2415.235164]  ? find_vma+0x34/0x190
[ 2415.238728]  __do_page_fault+0x5e8/0xe60
[ 2415.242800]  ? trace_hardirqs_off+0xb8/0x310
[ 2415.247237]  do_page_fault+0xf2/0x7e0
[ 2415.251056]  ? vmalloc_sync_all+0x30/0x30
[ 2415.255215]  ? error_entry+0x70/0xd0
[ 2415.258947]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2415.263974]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2415.268914]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2415.273860]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2415.278717]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2415.283745]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2415.289210]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2415.294239]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2415.299280]  ? page_fault+0x8/0x30
[ 2415.302842]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2415.307701]  ? page_fault+0x8/0x30
[ 2415.311254]  page_fault+0x1e/0x30
[ 2415.314968] RIP: 0033:0x4510a0
[ 2415.318175] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2415.337079] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2415.342450] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2415.349728] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2415.357007] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2415.364476] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2415.371754] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2415.379164] CPU: 1 PID: 23115 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2415.386547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2415.396076] Call Trace:
[ 2415.396099]  dump_stack+0x244/0x39d
[ 2415.396121]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2415.396148]  handle_userfault.cold.32+0x47/0x62
[ 2415.396173]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2415.416824]  ? mark_held_locks+0x130/0x130
[ 2415.421086]  ? find_held_lock+0x36/0x1c0
[ 2415.425175]  ? userfaultfd_ctx_put+0x830/0x830
[ 2415.429772]  ? kasan_check_read+0x11/0x20
[ 2415.433937]  ? print_usage_bug+0xc0/0xc0
[ 2415.438009]  ? do_raw_spin_trylock+0x270/0x270
[ 2415.442606]  ? print_usage_bug+0xc0/0xc0
[ 2415.446683]  ? print_usage_bug+0xc0/0xc0
[ 2415.450759]  ? zap_class+0x640/0x640
[ 2415.454500]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
08:16:33 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x8100, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, <r3=>0x0})
sendmsg$netlink(r2, &(0x7f0000000700)={&(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0x40020}, 0xc, &(0x7f00000006c0)=[{&(0x7f0000000140)={0x2c8, 0x1e, 0x500, 0x70bd2a, 0x25dfdbfc, "", [@typed={0xc, 0x2a, @u64=0x1}, @nested={0xd0, 0x1f, [@typed={0xc, 0x7f, @u64=0x600000000000}, @generic="36cedbb0246d9778258c78e52cee51b99393803c6029314fe48178f2caec5f67e61d7f71230f1ae577f59216a700c364676be6be8c4b7607b4649484f6575a05b8c72ca8c3327d6f00d61d5257712d3602", @generic="1780a92d2c8fe09b4405d6fc21057c4b3cba7e11f8ca5608bdc61900690fa29b038f6e59f20b299bfa38e7e4a0ddbed7eca2706b932d2a35f0eba97a0f17b4a89256ce666fe9782d5fd21846b2ac5043a63423f3d5e18539fc330f84d1a68e68904ad20cc3390b2fea535c80", @generic]}, @nested={0x1d0, 0x8e, [@generic="201cb067dc583aa1cf2ae1ab5ffd3f46a278b577cd08901a92f0fe9dfd459f6f9f73084133fcabafadd844f1eb506d5fac199ebd54b715d0beb9b286fce226bb5180c411017eec65441f165bdf7cd12922969d424f3fdc2d252102e4c664bc826433ba94da377a909ad60076712fbc2fd1dc1118aec35c4b9621a5c9c42f80d14e5a35f8c7c51fd5fd49d27eddb98db6431d32b174c2b2c4f213b4c9b4b31f49fcac790f1b58b65817ba1d4297a8843e5807e64d485b275dd9a10155bf92fc640a3f627e6d9e20e98795a302f6", @generic="68eca191863f89033eb973376d11f1ff857c24cbe8bfb1630f5eb912ad712e2aacdc0edf11dd86744651c6b50890ea08e80f1e75efe81a412eae0c2e1a5d4a379ff7f94498933a41bc98813625143ce1f6f39c652ab0c9247ec309bfec6f971ea9d02421210bdbf84b0a4a0d97576d49020fd3bdf7b921e8ef16d384ee24eb1107887f7071ff88a038935259af899337ba299467a3fedefc20cde496242631b1f07fc829225e5e91ee309c3ff2a4c29897564a64015a59a225dac5403fb281b7a02a0b59655e3e4561752efe6c2f73214ac45a92daa61297456a067eb5131b06667c1e9d1f353e2e4ea9d1c5425b0cecaa3fc67299be63dcc26e26f8ad"]}, @typed={0xc, 0x3a, @u64=0x2}]}, 0x2c8}, {&(0x7f0000000440)={0x264, 0x1b, 0x600, 0x70bd2c, 0x25dfdbfd, "", [@generic="7298394e78116f7f37797f6fecc1edf0748be5a7e60a176053ad6f59e3fc1ac4d8594f549f8c9b66f9a92a35c6e1083e5aef8e473743994ea39e0603fc05f3fcf468c43739b46cf4189f3156393460f4d7e988939e54f005f847257b2a62e89cf10c2eb8ef5bc9aba057ca193fb157eecf35af70a06170331870ed1e6ae1dcc496d025f8c0fb25cd0d0b693321888f5f036fb236139f1b172b185cd761c223666dd237643c0dd751c4826478d10e7b3d5995b8e707a9d1b7d337b9484fcce272957f392111f9d4", @generic="044e2042f4fe8adec9bb577436f509f9fd6738eb272debe610612fafecd0c00b6a9222c5b401dab0c39282cd7cc4f460ca46e7096b5b8d0bbf7e11e3ba3cbfe8644ba8fe1e5d05cb9f1f9bc06c96dd111a81c5ab54ea557eca482554a93849db43135cda32bdc14046f1e526cc256937639e6c33f2fa3ddf6cb31220034bb1b3fdbf15aa762126a045d2174a92f2685ef0f80c42c44bfcc0f8a6098e3c0a4627f531a944bf32d3910327fc88ee03ed5df04c5064c593d0c6284cd5cb1239579733f6dd575173e240a1491ae20701c65916b340b8dffda805", @typed={0x8, 0x6f, @pid=r3}, @generic="0c60f2fc16b7d181970e7513bf4c4eaaa8afb4f3049ddf73f2132486fe014a3357322bb408a18e13e6b6972134142058cf90982ed4c3a7789da8e58b101cbb940d2b15228199918ff5272224751d245d738e5b3acbd0c49d1d8662f387dd1b3119f96a0e923510eb5a2b4ab00a6692357fd0739f7f417972c5eba081b5b26fd53fb75a09802a0ed0fe9f6421119faaf65639dbfc56b956a877000d43e134149887d4f5de1a6435ef72e9ba5fee"]}, 0x264}], 0x2, 0x0, 0x0, 0x1}, 0x4000000)
clone(0x200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

[ 2415.459622]  ? futex_wake+0x304/0x760
[ 2415.463453]  ? find_held_lock+0x36/0x1c0
[ 2415.467537]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2415.472139]  ? lock_downgrade+0x900/0x900
[ 2415.476309]  ? kasan_check_read+0x11/0x20
[ 2415.480479]  ? do_raw_spin_unlock+0xa7/0x330
[ 2415.484900]  ? do_raw_spin_trylock+0x270/0x270
[ 2415.489498]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2415.495150]  __handle_mm_fault+0x4bbd/0x5be0
[ 2415.499582]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2415.504442]  ? zap_class+0x640/0x640
08:16:33 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4000)
ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0)
close(r1)

[ 2415.508168]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2415.513118]  ? kasan_check_read+0x11/0x20
[ 2415.517283]  ? rcu_softirq_qs+0x20/0x20
[ 2415.521289]  ? zap_class+0x640/0x640
[ 2415.525022]  ? zap_class+0x640/0x640
[ 2415.528784]  ? find_held_lock+0x36/0x1c0
[ 2415.532885]  ? handle_mm_fault+0x42a/0xc70
[ 2415.537134]  ? lock_downgrade+0x900/0x900
[ 2415.541298]  ? check_preemption_disabled+0x48/0x280
[ 2415.546334]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2415.551288]  ? kasan_check_read+0x11/0x20
[ 2415.555445]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
08:16:33 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clock_gettime(0x0, &(0x7f00000000c0)={<r2=>0x0, <r3=>0x0})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000240)={0x2, @time={r2, r3+30000000}, 0x7000000, {0x6, 0x9}, 0x8, 0x2, 0x100000000})
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x200001, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000040)=0x3000)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
r5 = fcntl$dupfd(r1, 0x406, r1)
r6 = semget$private(0x0, 0x4, 0x0)
semctl$SEM_STAT(r6, 0x1, 0x12, &(0x7f0000000140)=""/208)
ioctl$SG_SCSI_RESET(r5, 0x2284, 0x0)

[ 2415.560735]  ? rcu_softirq_qs+0x20/0x20
[ 2415.564717]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2415.564738]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2415.564755]  ? check_preemption_disabled+0x48/0x280
[ 2415.564778]  handle_mm_fault+0x54f/0xc70
[ 2415.564798]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2415.564817]  ? find_vma+0x34/0x190
[ 2415.592652]  __do_page_fault+0x5e8/0xe60
[ 2415.596730]  ? trace_hardirqs_off+0xb8/0x310
[ 2415.601167]  do_page_fault+0xf2/0x7e0
[ 2415.604983]  ? vmalloc_sync_all+0x30/0x30
08:16:33 executing program 1:
ioctl(0xffffffffffffffff, 0x1000008915, &(0x7f0000000040)="0a5c2d023c126285718070")
r0 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

[ 2415.609151]  ? error_entry+0x70/0xd0
[ 2415.612904]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2415.617939]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2415.622898]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2415.627839]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2415.632706]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2415.637739]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2415.643205]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2415.648243]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2415.653280]  ? page_fault+0x8/0x30
08:16:33 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'gre0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xffffffffffffffde, &(0x7f0000000300)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x36f, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)

[ 2415.656884]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2415.661744]  ? page_fault+0x8/0x30
[ 2415.665475]  page_fault+0x1e/0x30
[ 2415.668941] RIP: 0033:0x4510a0
[ 2415.672145] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2415.691061] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2415.696442] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2415.703724] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
08:16:33 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x700000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2415.711004] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2415.718290] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2415.718305] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:33 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7)
ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000011000/0x3000)=nil, 0x3000})
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:33 executing program 5:
syz_open_dev$loop(0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x118)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000300)={{0x0, 0x2, 0x93}, 0x5721e7f, 0x80000000, 0x7})
ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f00000002c0)={'bcsf0\x00'})
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000180)=<r1=>0x0)
perf_event_open(0x0, r1, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
socket$packet(0x11, 0x3, 0x300)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mlockall(0x400000000008)
r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x0, 0x7fffc)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = semget(0x3, 0x1, 0x0)
semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0))
getsockopt$IP_VS_SO_GET_VERSION(r3, 0x0, 0x480, 0x0, &(0x7f0000000140))
semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0)=[0x8, 0x2, 0xffffffff80000000, 0x8])
mlockall(0x4)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)

08:16:33 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r2 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x1, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, &(0x7f0000000140)={{0x0, 0x80000001, 0xa2c7, 0x8000, 0x6, 0x18}, 0x1000, 0x3, 0x7, 0x5, 0x1f, "4f27b3946d26ba4a9aa5433ec3c204040cccc1f218cfd447bd5929c263534c78b45a7f8a7f511da7db876993880ee487b7a12b8d345a59386bfbc9ddb36081cad8d214cac980bd592011b6feea2053e0ffef121f8093baca6ad51cb0db72f27ae722798f2590793f7e90f0bb92adeca977dfd7a2ac16ef577979563f9d5277bf"})
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000040)=0x4)

08:16:33 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2415.838890] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 2415.866959] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 2415.918854] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
08:16:33 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x6, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:33 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x2000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:33 executing program 1:
seccomp(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6}]})
mkdir(&(0x7f0000000280)='./control\x00', 0x0)
set_mempolicy(0x3, &(0x7f0000000080)=0x7fff, 0x4)
rmdir(&(0x7f0000000000)='./control\x00')

08:16:33 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x20})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r4 = syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
fsetxattr$trusted_overlay_nlink(r4, &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f00000001c0)={'U-', 0x1000}, 0x28, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x3, 0x1}}, 0x30)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl$int_out(r4, 0x5462, &(0x7f0000000040))
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:33 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88a8ffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:33 executing program 5:
r0 = socket(0xa, 0x80002, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={"62726964676530007a011800"})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000280)={"6272696467653000001d16e747a700", 0xfffffffffffffffd})
syz_open_procfs(0x0, 0x0)

08:16:33 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x1, 0x90400)
setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000180)={{0x1d, @empty, 0x4e22, 0x3, 'wrr\x00', 0x4, 0xffffffff, 0x72}, {@local, 0x4e20, 0x2003, 0xffc000, 0x6, 0x80}}, 0x44)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000000))
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x0, r1})

[ 2416.166688] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2416.173001] CPU: 1 PID: 23179 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2416.180389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2416.189752] Call Trace:
[ 2416.192380]  dump_stack+0x244/0x39d
[ 2416.196040]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2416.201269]  handle_userfault.cold.32+0x47/0x62
[ 2416.205975]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2416.210577]  ? mark_held_locks+0x130/0x130
[ 2416.214832]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2416.219874]  ? futex_wait_setup+0x266/0x3e0
[ 2416.224222]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2416.229427]  ? userfaultfd_ctx_put+0x830/0x830
[ 2416.234022]  ? futex_wait+0x5a1/0xa50
[ 2416.237848]  ? print_usage_bug+0xc0/0xc0
[ 2416.241931]  ? print_usage_bug+0xc0/0xc0
[ 2416.246002]  ? print_usage_bug+0xc0/0xc0
[ 2416.250075]  ? zap_class+0x640/0x640
[ 2416.253795]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2416.258906]  ? futex_wake+0x304/0x760
[ 2416.262727]  ? find_held_lock+0x36/0x1c0
[ 2416.266802]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2416.271487]  ? lock_downgrade+0x900/0x900
[ 2416.275657]  ? kasan_check_read+0x11/0x20
[ 2416.279811]  ? do_raw_spin_unlock+0xa7/0x330
[ 2416.284230]  ? do_raw_spin_trylock+0x270/0x270
[ 2416.288819]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2416.294478]  __handle_mm_fault+0x4bbd/0x5be0
[ 2416.298902]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2416.303756]  ? zap_class+0x640/0x640
[ 2416.307482]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2416.312421]  ? kasan_check_read+0x11/0x20
[ 2416.316579]  ? rcu_softirq_qs+0x20/0x20
[ 2416.320566]  ? zap_class+0x640/0x640
[ 2416.324282]  ? zap_class+0x640/0x640
[ 2416.328006]  ? find_held_lock+0x36/0x1c0
[ 2416.332079]  ? handle_mm_fault+0x42a/0xc70
[ 2416.336320]  ? lock_downgrade+0x900/0x900
[ 2416.340483]  ? check_preemption_disabled+0x48/0x280
[ 2416.345510]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2416.350447]  ? kasan_check_read+0x11/0x20
[ 2416.354693]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2416.359974]  ? rcu_softirq_qs+0x20/0x20
[ 2416.363958]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2416.369073]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2416.374620]  ? check_preemption_disabled+0x48/0x280
[ 2416.379651]  handle_mm_fault+0x54f/0xc70
[ 2416.383723]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2416.388317]  ? find_vma+0x34/0x190
[ 2416.391886]  __do_page_fault+0x5e8/0xe60
[ 2416.395954]  ? trace_hardirqs_off+0xb8/0x310
[ 2416.400383]  do_page_fault+0xf2/0x7e0
[ 2416.404190]  ? vmalloc_sync_all+0x30/0x30
[ 2416.408345]  ? error_entry+0x70/0xd0
[ 2416.412076]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2416.417113]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2416.422053]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2416.426986]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2416.431839]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2416.436880]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2416.442344]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2416.447391]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2416.452416]  ? page_fault+0x8/0x30
[ 2416.455963]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2416.460810]  ? page_fault+0x8/0x30
[ 2416.464369]  page_fault+0x1e/0x30
[ 2416.467825] RIP: 0033:0x4510a0
[ 2416.471033] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2416.490233] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2416.495605] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2416.502881] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2416.510150] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
08:16:34 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xd000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2416.517423] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2416.524704] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:34 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8848, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:34 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x800, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2416.600852] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2416.607690] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2416.615102] audit: type=1326 audit(1544688994.447:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=23172 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4da code=0x0
08:16:34 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)

[ 2416.664388] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2416.670838] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2416.677643] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2416.684076] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2416.692863] device bridge0 entered promiscuous mode
[ 2416.701702] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
08:16:34 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xd, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2416.735164] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2416.741724] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2416.749721] device bridge0 left promiscuous mode
[ 2416.757935] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2416.764475] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2416.771197] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2416.777653] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2416.785207] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2416.789776] CPU: 0 PID: 23203 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2416.797154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2416.800589] device bridge0 entered promiscuous mode
[ 2416.806530] Call Trace:
[ 2416.806571]  dump_stack+0x244/0x39d
[ 2416.806599]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2416.806635]  handle_userfault.cold.32+0x47/0x62
[ 2416.806672]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2416.812488] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 2416.814260]  ? mark_held_locks+0x130/0x130
[ 2416.814278]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2416.814294]  ? futex_wait_setup+0x266/0x3e0
[ 2416.814325]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2416.814343]  ? userfaultfd_ctx_put+0x830/0x830
[ 2416.861962]  ? futex_wait+0x5a1/0xa50
[ 2416.865774]  ? print_usage_bug+0xc0/0xc0
[ 2416.869842]  ? print_usage_bug+0xc0/0xc0
[ 2416.873930]  ? print_usage_bug+0xc0/0xc0
[ 2416.878025]  ? zap_class+0x640/0x640
[ 2416.881758]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2416.886880]  ? futex_wake+0x304/0x760
[ 2416.890697]  ? find_held_lock+0x36/0x1c0
[ 2416.894776]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2416.899382]  ? lock_downgrade+0x900/0x900
[ 2416.903546]  ? kasan_check_read+0x11/0x20
[ 2416.907703]  ? do_raw_spin_unlock+0xa7/0x330
[ 2416.912138]  ? do_raw_spin_trylock+0x270/0x270
[ 2416.916725]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2416.922376]  __handle_mm_fault+0x4bbd/0x5be0
[ 2416.926813]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2416.931669]  ? zap_class+0x640/0x640
[ 2416.935392]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2416.940323]  ? kasan_check_read+0x11/0x20
[ 2416.944492]  ? rcu_softirq_qs+0x20/0x20
[ 2416.948484]  ? zap_class+0x640/0x640
[ 2416.952202]  ? zap_class+0x640/0x640
[ 2416.955931]  ? find_held_lock+0x36/0x1c0
[ 2416.960006]  ? handle_mm_fault+0x42a/0xc70
[ 2416.964247]  ? lock_downgrade+0x900/0x900
[ 2416.968404]  ? check_preemption_disabled+0x48/0x280
[ 2416.973427]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2416.978381]  ? kasan_check_read+0x11/0x20
[ 2416.982548]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2416.987826]  ? rcu_softirq_qs+0x20/0x20
[ 2416.991814]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2416.996924]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2417.002468]  ? check_preemption_disabled+0x48/0x280
[ 2417.007513]  handle_mm_fault+0x54f/0xc70
[ 2417.011588]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2417.016181]  ? find_vma+0x34/0x190
[ 2417.019744]  __do_page_fault+0x5e8/0xe60
[ 2417.023814]  ? trace_hardirqs_off+0xb8/0x310
[ 2417.028235]  do_page_fault+0xf2/0x7e0
[ 2417.032040]  ? vmalloc_sync_all+0x30/0x30
[ 2417.036192]  ? error_entry+0x70/0xd0
[ 2417.039916]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2417.044934]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2417.049874]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2417.054808]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2417.059661]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2417.064703]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2417.070157]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2417.075184]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2417.080209]  ? page_fault+0x8/0x30
[ 2417.083755]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2417.088605]  ? page_fault+0x8/0x30
[ 2417.092150]  page_fault+0x1e/0x30
[ 2417.095609] RIP: 0033:0x4510a0
[ 2417.098824] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2417.117735] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2417.123099] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
08:16:35 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x60000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:35 executing program 5:
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000480)={0x79})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000001940)={"a523fb9656eb871ffcd7ffeb51d84e738a55eba841ae487e33cdd921e8a51ce6c924020f0ac3562dd8cdeb31deac16f46da4ac16ee8165bce439eddce671c5b0a1103ea3f86a43cbb78504f6f9c77c2f09dc27632ec6036ee52a87e321e707c0cfe15576c26d52d0334c8d4693e127b3a046a5ed7796c9c5017cfd58ec871ed76369846fea9ebfa2f7f96496abf4ef57ed1ecd930eb9e13396875f01e932804ffe8a34c8fbedd97cdfb3176ec59fbbfd20a6ff17795431c341a35eb0f5f703480a5211cc6a7e2084e4a9b6aedf60b7b8084b00ca2cbed255b4cc4679c967432fea5e95119f9635e94794aab6ef54f290677fa08d0ee2cc8eae468efd02417055d3f3ccc86b629dfb878c4d115c16c75fe352cffa93648cf49577256b5d2faf0634335c97ffff966ae90cbf81250df3613c25d2789c869c9cc95a6e9d364c4c684059c593f9950e66cf81cd9f36d73fade4f0cbb795010364d13ff32c12efd91d0ebb6533700945f2db6113a630bd521eec89a74c46e1733b72d6e4d2ccee3b40f99809a9a4fb5fc2d1c53e1366d455bcbe81893100ab56b2556b55c1a0c5787356b464c3bf7011488e55f587a6d4420d46d69a74ee5bbfbcb0d6cb00aae8c3dfd6dd2e9f76d7a542f20553207b668dce69f1b463ee9166e81bb109f461b8885f15c9e525d72260ccdbd69e3345612158114780b9409ea856cb724faa6ed27ba836b35c10e7c7d43f2fa34f98f16a00f31565e16a213eaf4a7f438c89733ebe6d16328b930fd942bc64d631dd1f2aa1cc2ccdaff2324076c83e1ba4d2a0e40e010c96b42e7a4a76cd7a89ef592b9b3030f62d9fbd565ee5908ab90b42620b61e5d1e08621a31d21003cd12a450461636472fa64a7e1b98778bfb482fb4b4da31b42ee98b10f9c0f4c085d08c37ee2e3a9e4a5aff72a0ab844fcbfa224842c85f6cdfd25829c44760e3859624f891df4824f7d17938ac2dee1412cf3083e1d5ee2d29b63267ccba535409da7bef05d3fa79a3ef037ee609e01ad345ee17f48b5e8510f767de35df4dfb856f7533ad88866c6b01fe345107ba7191a8809e2e014492acf9c4f35cad664198a65c55f884490f4b30b4526324be842c393f336f16bea2bf6c6b917fdb751e12ff689ab4ffa44625a8b2bc1de4e88682abe5ce9d1942792747681ad23c31046d825140987f19a9cf10323c3f50a20f35a6d1dd8ca6758296b4537a0da1a853011b777623c8774b3689897cf9264a7782470847f36a8093f04000000663438ab39d8a777fb3e10cb4a2402a939a98d387087c5ca5fd8fbc4d96ae698b5bb84a0a8484e2b85743e623a033eb5b1889ccfb4b95885bc69d4c1cb819b95e7923e557c9ec9ec10e94d1e1295fc2f256fa095036f6cfc04c414fc57fc72c120614a586089c93741e97a61c46600"})
getsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, &(0x7f00000002c0)="b9ec090000b808000000ba000000000f300fc76b07dc920080000067260fc7ac0b000f3808580026660f3880a100400000c4c2659f5d0d0fc7af0e000000660f01c80f01cf", 0x45}], 0x1, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[ 2417.130380] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2417.137652] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2417.144922] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2417.152191] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2417.201588] audit: type=1326 audit(1544688995.027:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=23172 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4da code=0x0
[ 2417.247444] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2417.271202] CPU: 1 PID: 23216 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2417.278594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2417.287955] Call Trace:
[ 2417.290565]  dump_stack+0x244/0x39d
[ 2417.294222]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2417.299572]  handle_userfault.cold.32+0x47/0x62
[ 2417.304273]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2417.308880]  ? mark_held_locks+0x130/0x130
[ 2417.313165]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2417.318197]  ? futex_wait_setup+0x266/0x3e0
[ 2417.322545]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2417.327753]  ? userfaultfd_ctx_put+0x830/0x830
[ 2417.332358]  ? futex_wait+0x5a1/0xa50
[ 2417.336181]  ? print_usage_bug+0xc0/0xc0
[ 2417.340256]  ? print_usage_bug+0xc0/0xc0
[ 2417.344337]  ? print_usage_bug+0xc0/0xc0
[ 2417.348431]  ? zap_class+0x640/0x640
[ 2417.348450]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2417.348467]  ? futex_wake+0x304/0x760
[ 2417.361090]  ? find_held_lock+0x36/0x1c0
[ 2417.361118]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2417.369984]  ? lock_downgrade+0x900/0x900
[ 2417.374149]  ? kasan_check_read+0x11/0x20
[ 2417.378302]  ? do_raw_spin_unlock+0xa7/0x330
[ 2417.382720]  ? do_raw_spin_trylock+0x270/0x270
[ 2417.387309]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2417.392967]  __handle_mm_fault+0x4bbd/0x5be0
[ 2417.397396]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2417.402251]  ? zap_class+0x640/0x640
[ 2417.405968]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2417.410919]  ? kasan_check_read+0x11/0x20
[ 2417.415074]  ? rcu_softirq_qs+0x20/0x20
[ 2417.419065]  ? zap_class+0x640/0x640
[ 2417.422788]  ? zap_class+0x640/0x640
[ 2417.426514]  ? find_held_lock+0x36/0x1c0
[ 2417.430589]  ? handle_mm_fault+0x42a/0xc70
[ 2417.434833]  ? lock_downgrade+0x900/0x900
[ 2417.438992]  ? check_preemption_disabled+0x48/0x280
[ 2417.444016]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2417.448949]  ? kasan_check_read+0x11/0x20
[ 2417.453110]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2417.458483]  ? rcu_softirq_qs+0x20/0x20
[ 2417.462462]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2417.467572]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2417.473120]  ? check_preemption_disabled+0x48/0x280
[ 2417.478149]  handle_mm_fault+0x54f/0xc70
[ 2417.482220]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2417.486812]  ? find_vma+0x34/0x190
[ 2417.490384]  __do_page_fault+0x5e8/0xe60
[ 2417.494453]  ? trace_hardirqs_off+0xb8/0x310
[ 2417.498885]  do_page_fault+0xf2/0x7e0
[ 2417.502693]  ? vmalloc_sync_all+0x30/0x30
[ 2417.506845]  ? error_entry+0x70/0xd0
[ 2417.510570]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2417.515590]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2417.520526]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2417.525461]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2417.530309]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2417.535377]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2417.540849]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2417.545884]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2417.550905]  ? page_fault+0x8/0x30
[ 2417.554458]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2417.559313]  ? page_fault+0x8/0x30
[ 2417.562883]  page_fault+0x1e/0x30
[ 2417.566338] RIP: 0033:0x4510a0
[ 2417.569549] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2417.588454] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2417.593821] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2417.601091] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2417.608370] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2417.615661] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
08:16:35 executing program 1:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7)
ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000011000/0x3000)=nil, 0x3000})
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:35 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000040)=0x8, 0x4)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x5, &(0x7f00000001c0)="3b043c445bec6d936b338dda7c1f7907ec22e22d066d7b3df1e00f318de715da971d4d3d3214450b20ede219dd51e1530b9b6e6cfe0bcc5d7cde912f586dbfe699360e4bb21d4aa855d806906a1bc10ccee0f31f8c51c606a1359ea03a15a4507032c19ba63c34f687ff79f8d33f1f8fc275dd191d8132b5b499c9ebdb1f72dba06e0e3e0c0451e03bf9c9552b7086f40202ebb743b525482ba801fb3e04fcddcc9b782f98828603fbdb096ee5fbce668f807c9d4044046a922d23d61ddb3f6dd0948ecba8dd61efb402611b9d6b8f9fb81a72af0709322f2c62d2132eddf2b97a8916c96e9d8a860fada95ff44a7e7fd450ff65d1613b7170b0e44b420b7926f5b947ceba88b6baa78e2536c14d400f1904f3a19084d317481239028d23267d4bcb91cb06006515468e30a1bf6433356844fd5fd92377816b60bee115dd992c68c56a2873990eed7e76ef19b0d89b1e728f4ec5eb7c70209f120a8c59ed0848cbd5be9464354fc6878cce9c1ac457feaae7bfa9091d654e2d9d108af78152a8c8a604ae676951ec9bd1a8c0fac03979e94dbc774a527c9478a165004e6588ef76600396129f3fe653a9eae2581d32aea9e8b62b459fccdd679c678c81864ea28dd88659eaa4b5632880a8d2b7151b352fa5de083e710e81511ba9b4f362f8f82e64dc975e1c72e0b7f108a2b113d288c50dd5995fbda1f1c9cf7caf46f76f4b0f23a50f80f4557513a2d9b7a92607e339ce179d40c8fc67fccbf4ca55942c5e7110a7a095a9989f4fe163e00f88028598a14271781135836ca9deecc40b593f8e0c3074ab3afa29abfe5aa56ded56c66353b0f149aefc2c336cf63c0c7b3dd722afd3aab15910db542cec87acd3f5f56aad02c502e07341a696bd5b842f9eee1cf724f2be4e28863b10b6eddcd9d55e43371303b933c6cecb2c00002ebaa6d2aff8996e9494fad26c7f32cf1c107157cf697f8fe7d9a6e11bf24924f7fd6ea3e06b845d687a9553dce1953bcba11611176af2a3db1d5a69fdf16c83f12af0bca33ee3eb0c90524a7a1a70d5257a56fbfa1a1b204d84659d89b9ec46a6adf09f243d3d6d1ce6c19cccd33d61aa145dffcc8bc0e654845fe7a23678f692e993d878c89ac07ba2b7b1695ee79136e434e479e3c0aeaac7d9c50122f591be01427d0faf6bb10e029745301509d337438a2e8f8d7202d6e6ac6bda90499cb0e6144b7faa226b79ff69a3bb58a2b88a4c8a56dc1650642e857158ee8d2f7aaad25041c0fc7809c667f5bad0d6377dc0b76406321957fe1535d094e6faf1cbcb75063e23ad5f879cc7214445bb46b0d9cad81962febe85eb04b49ae4770c8cbc25593c2c8efee4c5379f2d6de98e63e84efc188ba0148d7acdc8c3f1ed6b8cbd1e49dfb81c18590c2d09f53ba5b267442ba4d90a5fb52e3d8924cbecdf1bbf3bae69cc5bfeb12ebf8d6ab846739b4564d95b9a88da68820de8c32938345fbfe8f9b6ead852e5ab8b09e887684b08300bae1ec37d56d0d932892309cc1312daf32edd6348557a1ecb1ca891b609c4a6a59089078be448ca6fb0f36115adc54fcaa78f9951359cf2f62b5cbf0db348f2c3b7ca4d1a964862337666666faf23f84cb6abfb6783b6e60dc724c03a526e3e02ad58e9e2036df11afcea6163aec3fc8819f6f213638e0238105f7b92409f5fb9223b6992d49ea83698f455b03bf8522b16a1fbc836a86fdefbe009c7d1feb85fb21ac3e92f5400c4387846c32b451293873d1810af93d2dba35304d3a7db4865937c8c16cc1fd18dd2fcd4223ba5e021eafe53d2a3ce49c2385b904b1eae37d0ac053936db8d9807656e86ab90979342d27d3c050c37d1fca23c9f0ace702b60fe0ace54caf5c1c8e573e679d4cffa5bfb6bc1016141dd6984d39d243de837544929d77e6475c7a330ba314aa2506a53952fad44c85164b0304cc034530e706427a65b24121cf1775613fff686aadadb568f4216b557c304eb27d0c456405add819b24df273160aee78c26e22fe42c40452a67984db57cf3b2411b776d82fa3f1247867f856564e9e47b3a0cdbdc5046cd6dba14b43f18a89f3cb0ad53f3829fb56d7d11199ad7f54f54cf97f64ba88bb0f3dbbf62381a68baf2491dfaa905caf88e6f3267ada808ab3739fec573a6bd6cd1a03a7553bb99ae17418f68ec7eaaf90461529029b94e77d2400757aa6b5c29e932c834c052d0a692dc7039f480e13eeb08dd1a9ab29ec5662d8c765b2d49a9dec3ea6d2402efd2dbae8b2b3b1326ffd57521b68f7e678d4fbf7d3ffd23e5be1685d52f9235550de901a4e6e8b544af30b888ad4b5f4d735a85f59412f6691b117fae0abda7fb60dd7b4bffb7b589fa190d99e78e894d27f4f4e3d7313488bae5e37a5a46fd7d5778432fa6d689bcc94cb64be117242ce71357c83cbc4ca2ceac98bb1c785c9045a488ee55ce9f07111b88515c16728e0f05ab5fd14b40394ab1d400c800a89e1a108e2105344e56e399d5de2d535316531c56f8e0f6311fc0eba1d3c06ae6b86827c97a9d252cc9f9d56374d91e89548d04c87c88bb17954cf4cc97fa0007b42f8099120610091e77ecd3621c35858b48ed5607b54c88081f57fcb770ed7656f2c939d568bec1c1c636f48f093fb1d5eba7fdea310c5cfe2553a719f00052b6c31d9ade2c77ced0ebf84c6063c7999bc39494923c7a2b87c1ec35c4c07e48018913655465bf72f574e96649a4cb868d6e46564f1afa12b0f4bc1b6fdac4f70d21c51832cc0f867eb2926348ef22ea2d3888c3e580112a1fec77907e9d45c85579a748aad7ad2073492ad1aad70eefb2a3459a0f982faaf69753323da9201b5eb6dfca02a02b28c1d56f91fc3229ae8f2b40f2be06317493814b312394a94705586e93c37adb364466466b27382553ca33a234a557ee6bfa37b4ea17b3f1c728903db11b700b5acd02c906e531d1f55708fe178f5daf9cba1152ac369a379d3f7e920a50b0bb1680968f89646518f5218d2cc8fe480e7c2d9266706ae2c5d960ec2c3666d6b0b7560286a53742a94fc9890325f28898d4f7ba1dc08121b698402e9f04ce86bd5c6a73c9c9505e721d0d68b7a0dbaf93091cd337d3d46ea6ba58681dd2828b2e2011866aded1fe592b845de142582ff0f44595386892da2577f717392da9ce3555d94fa4003ecafc933cb0ff9ddcbdce163c84c8d8db687f094f8f1f909ac64db8a410a5ec19cb326d4352aac3a233d5b4e2a6b8e9eb432fa605076e7099948fee3ee03796123bb8d62e19b037d080c67d05f0ff02889f95b6996ebc918973f7f67c16bf06462e2680d62e3b9d8366b044a57fd7cacee5da70106897201cc4ac058053e731d989ee4df05bd48aeb47e2dbd76b38624ace4bd15e4957a6662475d87503f5da4a896c196764b5a8bf22ee45034bce1da0374a5e7e4a22152b0292b64be48d7fddb7a641e12d84a6b91a0fc57bc16f81393dd4c80fd7a18c089a7054cf52c8c7dc131f7ba5ff6607038ee72c46642d84ced25010efa2f7bf6ecffdc0e03de298cb5a74c03a8caccc6a24f9bd16c58569c0bc12fe1c501553029c30c38b25eb127ca7ee0d7796e66fab94d9fead612b14c7ddc3408e086bdc8fb1ba5367750a00d90d2d5ddf8eca54f0aabeafdbb670b63358030e4fd6615a0f7da139c72fc1a9d9968e4759df09cc29b91eed8dd048fdaf664a8436b5f93e3eae8f71191410d3fdf794699b505a56264e394086cb840ac582d1f4a65fef9804c67e26411dd75f9b6f221505007efdfd548f6f0f2aed0d8e3b5095aaa516d118ca7dbc48cd51b44f712da2677c61b273da9f4cc79d90c31a1455e5bf7338d55775318f5b0a4bd4e65132f6563c9fa0d517169de635c333a9a2ed8068d236cddeb4463e2ecc0a65c777211a99f3c7ea4806a4f57afdfe63b982f2b5efda907a5327806330e08fd5c832da2066d3f0f00296a54c97c3f8bf8023624775956869fad9b5eb84173ffd132009479d704bc30c7fa6ffe89fdd9cdbfe85257418bb742226ff98ff80b6af802feb40be4e733e18dd94ddbe8f089d12599fded77970a3937772c3fe33bd61c9e1d48dd7e1789b7113637118d2fdfb162c9e9a7109c1f3ebb63c7820bd6197457e59ff0d5697bf18cb44831741205fff3025bc84c2920871f44a0c86ce30343cb5bc26c4e6429937c90f223c1f97209a29e23d0afe9d7e7720df1fa0aece6a4d0962464194fd231d395008fb946c95a231239040aee206c44aef8ca0dc100dbc16bb54e41e7bf5f0cdf94989fde9aa9d11d69f64bc09f3eddbbdefd9087ddb1b60c3d3e373814a9562ecfb25a061c8129dfbe9f70760f98a72ea759f5f8ad5d3a09f0847dc9c6cf8e105fb4fb29c0dcf6431f9e9952fba930a3f863cca38a9f74fbfbfb121e425981be3165e85e9776c922e0890d3a276da48a01f02a9a1844401661674bee81b386c761f242947843f8c21639643be084d2c66cae622d3d709438a7e283c5db29eaa66182f917395f0498ca8d56fb1a63cba050bb2d8eaf9f58e787f9b8e8ebbc18fe2d8ddcecbdf9a863af3dcbd248148c73b29364cf394182f937d8e6554c3cdb16066ea24b994ed1efd08a5302d02ea9b609226d2f30704c5472891bfabe05a54bafeb68eea9f490cab66f9fbef94c06d894216dab2391bcbb43d1cc66f7ccd8c28848d6acb98f0704683461b49d8bfc7f148067074471a4594522697a83511a110d1ab62923477c02007da7eaa7b203e1f34c75a186385f17ecbecb17f78c137ffba843a2ef22bea05ae99419b374d197f13f6ed5ab2aa46b394dc80c4a40c7f9538e3fb6922a8a749dcabdd27e2f4ed57fb3764275ba549d3bfd3e106ca87f32b4f69c4bfafd58f69ff96e4b180d89d426598e640f4c5dc894bf749adc983d197c39bba76fd53946c4ff80b3221323452e00b9a3094c16f1311d455599694ab3853fb34480ac1b7c905874f583f7a0a2a80234cbcfe12461e0b5f3cef46cd2e1e77d34631f3382a81cbeb23c71cd5a46140cde7c2265505336f4c3c95275dcf8fc561aefb4c62fe08be3cb944e79dadabc8335cd419a152b68718443e661210d0ecdc720517793dd6d501099d6d7f002eb1aebb704f4a3314052555749a481a87a831b104b5755c90e288f5a46c537e27d9c202164952efbde8221a8b319a3914a4b458b66d4fa630ab9c3c7a4f17f6f434976dd13cc247af90b848491fc4fae8a7add372f6bfd642bd54029c9ad5c7796719a16db7fe954e1a207b0a4a9cbbb3a1ea815dac86f3e4191f99bf881224f09a6d3d3fbbfeb9aae10ee1276a8da953770a531f7020e3d2aa54925da7c2fb751f76cf0b524e4b35f241e501f6eae022591197e1ac489feef47b10e32c00d23ad150be402681b0aa1c5a79df89acb77c3e0f99c65cad8ff80f2d71bdddee98f8c6125443137cf67c9723917d1298fd1396edecf0c1389f5b5cb74547280172a3f6bfd07a0adcc0666894ade9f8c23affe53f985bb95cf69a0d0114e93407d25c9d83e3ea20812999ada8f77272f87c03b4438e9a06ba987204036bf34bf88b811a1428a0d0b3e3f8564245728bf028c89f972aa249fce34e8a0f63c36a5de32eb001c636f7e83ea22f6ed37b5dd2d481fea2489498a10444e85bbcb357631bcfaa8f453307f23988c19ae33ecb07a75cd495d75fe762489656bf35c31c57e5a48adb31aec4baf4a2a58b5b5de49aed4adfe3367ee1e1b74bccd6f265da942c45ba3f528ca788d1eae63d28da66fe9796d68cc7bb94")
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r2 = fcntl$dupfd(r1, 0x293d6083da00fbe6, r0)
ioctl$EVIOCGNAME(r2, 0x80404506, &(0x7f0000001140)=""/117)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x6)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x80, 0x0)
ioctl$TCSETSW(r3, 0x5403, &(0x7f0000000040)={0x5, 0xffffffff, 0x8, 0x9, 0x80000001, 0x8000, 0xf5, 0xfffffffffffffffb, 0x9, 0x80000001, 0xffffffff, 0x71})
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pwrite64(r3, &(0x7f0000000140)="9f3bcd01c74477cf93f38593c01b170bc14160921f792311bf6ea430c990c0024c89c2aa30655ffd94aa2fb7a67145f5ffae21e76354e2ab96e41a9a9544a75f67e5dcd4190431c66a4d3a331dc618a07db8c499d0cd94618a7c0539093949e2cb5f87dcc72aa401b8bdd3bb790fd4c5a22c2ff6325f423436bb970639ff34a8ce09400cce06287b2b077f12afeb934f020d2c81ceee119aaeb203074097a388ab941f9bdaeb87ea024d12f485a6fdcc36ec51b6f60972d578dd8e179a7e8b4e0d9f7fdfe67b6a533e99b48ecfac662d2de5d33df68d4e2508d3479da5ecc60f0758605faf3497356c91e1f4b99a4d9d63b76cf4e21cd312a2d7d806e38571c3d6f71a8b03801d0a61159b4857123e4e30b15a4d94810fe1a5b0a36105b395ff2d3bd0852398b8a2a1b02a37ddb53a38e1232b6ec11fbcd977eaeacd091d31af13ced9f5ea059bed53a04bd5c85284d5ccd93e07951239891b023d02044ce1e2261151669d419553b6d3a4e842245439869babdbea409abad7dd1e58275366559b77f12a2b263810f968286b4655429625f564677b74d06346df690da16b1fcc549e6df8b0f1e4a675bd9dca66fc19aac6d41fda4533ae3e8737fc42bdcf2c39ae038bca267cc59419d60ac0fd85728913517771c09b91efb9b4a1906e18135fc1d8c3f76fbfcca475970ef55b2483eecdc76a205ed0c5dd903475e742b31f560ab752d067f5cf14fdc8af85b8e36b5dad48b7dbacbd1973812c2343aa7873622f54d81355fc31b866de0243af61606fd40e99e7757e7ee1f00e5be0fcc378c617a1abee0968c7cad4ca6eed73f32115fed6519bb8d455fa8ab2d70a33179224109ada064c0ce1cc7da095fe1d1c58a22386a371dfc15254c25b036e780226a0c24946dc414a3e2e640794c4ca6c486504bd5f547e0ed2cef51402bdb0edb5aa7c01ca7e6bac3a3bb1801286d4ba0b9d8518383dc645536f227af7a703b0dee4094eb1e704ea3467fb5af275519295cf65def9be2968b1fc50b1dc44c0312e4092545d4578e816bdf738c7517c0167156ded5a91e6815a7a56799f4e8cfeac2f82ed62440ce5bac82ba328fb8d3f7f55435c6e48d9daca47f18ce04a04433178fd2d289d561611570d35baf3f011a5a1480292cfa0a422398cad7ca82f757067c8356e481b0cb3ea72d103147b4a61dc7e84958e0bdc7a69a2add05272e5b6f70c1862551bd6dfb70f26fa2f1d7165c2d66be76f885bee877c20019bb2b31b86def40cc70a9864f405ed92e123b23a08c3eeb707fcfe24b6194fd49de2fc1b5c34ddb2495a19fc266e40e9cb1035c38284bb095f90a536553dee8317d3b59c32aed77fd57e5b990942c76239cb57e96580b5299b289fa40c451ab31ac8b8e83146570824e56279aa64781d229903c75336f7bcd9b9484b5d9c604668bc9bcebcb4dae60a82cb27cf38f443054aa6a87303a2c7a778ba2442ff27e5e6cab9792e58cf2795c59f6ee41efc4dddcf77cc45ca749ee838e806ca0caec6280b037066790cfa028f6c4897d19aa2d7ccb3643e2e3256cc18e0ea441fe8b845c89ba16c94d054fd83daf1783251328835dd436440c4f40e13354960e3336aa5a790d49417af7e3c6bb91454657f63b1fc1223f09477db82458879540260cd8fa59b7952aa6fdcc06fc3c8f880883c489103111a3286796a1db01386d8464b1ce3a259d31c5ec2556c7271b3f5d3eda1342c57bfb852485f97d1b05b654635db3bf2f7acaec6916be567cd0914d9df7e87101eeceea5ac8733b7306fbe6736cd104fae435500752786f483fcdeafe71a23c83954d4ec17ac50d63b4a4a2f9b46b6298bb2c1b58acc91ad221f9cf29d37796089df0d528e50fe769bbf95fa400d0efeb85f9928ba17d04fa6fd03d3ff422a7319de54d39de183e9e79e1070e82fd579e2e72c917762b1d3a916e748e3468548f0e4c802182ed84e22e304129b37cc6755409168614b24248c57969d265ab64d311d97aa7e1ee18df3a001e12793276d7aeb2602c0f78ef973ec25067549d90778f8d640fee79de92c6ba550daaf2e48fb1e3394db9441fd6723add375688e48652f3f04cd4ab15af9eed4f76f9f554fb236b4c51a53f8fbc5b549f728598e76fbbb9a65cd8d69091de758e877c27aa36d52c9a0ef07a02fdd9eafa8334602d4d132ff5e6006cdbd49c1eb61c7bbcfbffae72b54c29608eae07d11ac69669d9f8e0b67eb50b26b36b9673a500d65f06191cf37157773b277210037b31dda11d651ee575501745f1bac435e493cbcdef92fcdb83bde20acabb82092537633d67eece68af338f01dd615a93dcd2fae00ff7749b4ef97decd463240df51ef6bae98ac20b530519a332bee99055cc6325e27b4ab2991ac0d8b2925c43aa4b9f3468baba81e7dcfd9d7793d93d5de4b3de47a730cc82b3e82c28e625fbcd8d9108d71ac3ce227a2eeca8b5d4b5617781df863dd7ddfbd413904c5ae5f6e38a86cb2784047ae8f475fdc724fc8151687cef507c8a52b76263d5032029d6f943109c58bbd9fd9420b0cb7b4b6b6e4fac516e95ca7ee90c1b3cc793f713f95d802fbe7277fb33a74b35967b84545c44788a459954b3dd2f8563619393fcd411ace94760e4e8075e39daa2ae3e7e0686e802e29bf1aa6eecd7d8868e3178af245645f85174d04b9d0e72ff6e8f502502d992c5c6130ae9b14c0ca9d40f6b29bdb04a80f89de849b424096546905c73b1f5ffe6966f84648704721e9d928f26c059ff1a57705097fc77330f773c8353423d48f6d2973d73996df81ad818f25dbb924d186d55f3c0ee15916d0e5716672580fa578e3b23ea44472c71356e2f3e97c722e6a2a8074285ddc22c6f765b04195cbcfd92c63674a6e86d658505f75cf8b5f61d56d009ee62a5ec3277d9da8ee4a445f51c0aaf034b5d74c0a1fd864895a62535f4f8ce6f25e0c6527722e45370478574b9a5e337954c7ab552d6d8e3deda0161a5451e5a29f86bf3f362197b6b9dc4937e461172164ea3dda088296889bb48302fbf219044fd34a46b1a403ebb900341e7fff78587c66f019d66607afb99437cbeb6c9799ecc72b0057a83003a941f40aa158159a13b5f30e75693d7a59fa70d4bb544f9c4ae4a73c961d863ca9c17eead544be445ee71fdcaf945a89ab57aa0e5910fecb7286fd57c32acdf20a6824d0fd1e132ca6bf275d032550b761c3be3e2403676ff6dea5f202f0e750b0aed0561fd6a906d56b674bebbca054fa89125b85d582e419485e5096e334531ac944dc4979c8c924ad215289dc5a81c75bd1d0fdfc8c17d6a4a1d8676a2e7b01775bb63dcd6ba43397102ad5d29c7ee0702bcf8be20cc2c0b3a31da5f683a5c4bb951ee2fa7d5cc9ddd6f142d4912ce7c2a1d5f5833a5a2c71a2f291be67914db29ee0aae983dab81c4c8ab7f139dceeb5e85c9e333aec0cd5cea85f1c2a4f385eeecd17283e90f022e1654024ea4ad13db7035821cef937bddfd7f556d1abfb872330ee61431c1ad24c8a54200fcca108469637dafe8e2c8dde08d2b2e48823d7b30b3e08ac138c3d233d4d75c6a8f7b377adaf82ba556d3d149062ca617016602d24366b4bd7b617c77f1bf45dedf0a154475b2855707a0563db1321f1c4288af63bcf5d0f18c39af5dfdfbbbfee77eb4f193b8688aa233a7e06c4ef4eb2916cd3b4823ca1d0899eb7f8ba5b54abee30e18637b2f5c980555e089086133249b04a5733f32c7b49970cf37d1ac50e052590031e81e0a8bb8d04538febc3db714713627fe5b7f031797bc1cbf547c1f4a112ed6c91dbe1e61d43bfb8fd283e54460082bad1ac8eb4b72bfb15ee5917ef4f79431ffdcbde16af621786d7dba3271b759c64704232e37598e8598cde6d607f8a1f22076693f06518fe2f580cc9cdd527c696b0327af41ca6b56ed9629e1d5ba39f77d6a298dab83d7ae57d796fe9ecbd1806c41ccd0a604b8af9a045ba6a8734e879860895bc5e545e9ca23006af6e8b2a8b1a6cb3589ae2136f6eaa9c1bd298504ccd29819ec1f1b809adadc9569cbb4d374fb22f6a4a97812c14a7b0764fabf8b7eaab97af2f91b9e8a2ab045abe87015de1b8ca35e8a14ac431da0ebb5b0bcf2db6d746c3a8e7a2d7b16de0d74901da7ce74b0555dddf8e30e96c8a364217115f0cfd8e94d351e22cfa71493850584fbad8350f79f7481991547b09ae7f168c65c7946d4258d5d0f298941ed3856d5b3d9d5995bceda1a5ec1704c366c8f06a1f9fca6fa3866829a6c01d2c20fe5f3408a5e21faf3cefd0f06834fb7eb532c5f9d09c3e50c3c406d198299afc0c28bbc7b66792bbbb1d7d9fcfc84bada1ef163ad4be538bea3840e0cb4b41428eb7234abda2236808e8a97eac6fd10ff605c3048aa8984137a2b4c554f7ce73cfded758f8e0b5bec2fe3f2ecf56a47dce496bcff2a41f6c7edafa4c8e85be11a374e16303c262af77afadae468f9ba5af06e229b25233d098c4b46bb5f50398b297db2d3cce9be1b987c75d96a0e5cc27623d6005926e40d4e4a37e7f9bfdf70af69a4e01dd872c4bcb0c3d80a55f7a1ad78f01afa1b664d7ffd89fa486c4b9f9d74a7f9142de044e4c52eab8a7994364888cdd1e451522c0403090aff3750a7a2b6f50d78ffce91e48331fee8112cd32ebcbc6e486c83df2fca7cd18a788417f38ed97a65e51f67bbfd9f42ab018ea754f48b893957d421dd3a4557b73ef66223d54867c06a2c824d291ccbf39abc0ccaed92ab1509288810717018b763ca736bc9b7337049db4e8ec108e28f31529176e55adfb91bb6dfc3de4bca73f40903ae74f2febc0af80b808d49a9248f045458ced676c987ec003d54c50df4c3e0a31d992fc9666aacdb2ab3323165211d63102e4a856be6d5cd37291750a60f78188749a8c1234fcb9d85611b82630114da202ae84f9998cb6bd05b4aee985001d011b3470ba7ad79f0521c40979b34220c5c9040056d80686ecf1230458987fe3453e057428239bf2024f7119fd3a2ab8218b8b7c4e6523cf3b01742d9038ba622582a6a3fcf3ffbf860b8dfc48215508570b9db42c13a1a9cc4bb1728848839e57d18ce51228516ae4c2c0bc5a3ed9b8568d5df450ecaa28304e7952eaeb59aa1f01b67e0cd1ffcf7851f7803586f4f2d9fcb66b1076546079eebda8b7c3f02152d2360c158d4d778b7adcb385f3ece180512124ee3e4c9ab8f8e9a0e6d38a7ffd68d7ab0a8f0187a8ad53f8bfb05c340ff4de1ca52ea7e16f6771881ae5c5e0b4085bdc890c7d305a12a161cbafddc6cbf3438d3132a17a94d2a29f3ee441b5c18466b1475b4803666bb3fb3d852aaf24e445e7c3ed4a6f63ba8d7aff7d4cf4b8a0f640cef1b9c00db34ebaa53e64a646839e0a0697646fd6a5cdf0b5fa3234aebcd98d59d5916f9b473ff5d2f0b2d43ab5845645b258d7bf5eaa32830ddb4fe0a18a2ff60a17eff61f35691a228ce727e4afab2a274a11ab145370b0cf4853e4c5de34834cd5c870646d67d3fdb98c96ebc79b05d50ff2cb201e0f27bec7732ac7935cca616cd01f52e3e859d0ad65709a8ac9a193d06a4b2fd0572775590e1fd4d79e2a9007716c49c5a8d99294572dd69389fb9d18828ec0aedf6efc5892f1ab67152042e38fce7ff59a7b2f0edd4e0ab6566e4579796d3ecf49a00b4018ad1b232e4ee0b35983686d34e82e2a8641aeecd24ac51c4cd8b2bb92487c905b89b6e1db4d6dbafd1b97dda4cc10537df79c494dfe3c4d8c329f29591a9cc0ec1be10fb13f02", 0x1000, 0x0)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

08:16:35 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x1000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2417.622933] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:35 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6c00, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2417.711928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 2417.750223] FAULT_FLAG_ALLOW_RETRY missing 70
08:16:35 executing program 1:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7)
ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000011000/0x3000)=nil, 0x3000})
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2417.760400] CPU: 0 PID: 23232 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2417.767803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2417.777195] Call Trace:
[ 2417.779828]  dump_stack+0x244/0x39d
[ 2417.783500]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2417.788726]  handle_userfault.cold.32+0x47/0x62
[ 2417.793455]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2417.798060]  ? mark_held_locks+0x130/0x130
[ 2417.802332]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2417.807402]  ? futex_wait_setup+0x266/0x3e0
[ 2417.811754]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2417.816966]  ? userfaultfd_ctx_put+0x830/0x830
[ 2417.821569]  ? futex_wait+0x5a1/0xa50
[ 2417.825410]  ? print_usage_bug+0xc0/0xc0
[ 2417.829490]  ? print_usage_bug+0xc0/0xc0
[ 2417.833573]  ? print_usage_bug+0xc0/0xc0
[ 2417.837654]  ? zap_class+0x640/0x640
[ 2417.841403]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2417.846528]  ? futex_wake+0x304/0x760
[ 2417.850373]  ? find_held_lock+0x36/0x1c0
[ 2417.854465]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2417.859067]  ? lock_downgrade+0x900/0x900
[ 2417.863242]  ? kasan_check_read+0x11/0x20
[ 2417.867405]  ? do_raw_spin_unlock+0xa7/0x330
[ 2417.871835]  ? do_raw_spin_trylock+0x270/0x270
[ 2417.876438]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2417.882094]  __handle_mm_fault+0x4bbd/0x5be0
[ 2417.886525]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2417.891410]  ? zap_class+0x640/0x640
[ 2417.895137]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2417.900086]  ? kasan_check_read+0x11/0x20
[ 2417.904245]  ? rcu_softirq_qs+0x20/0x20
[ 2417.908240]  ? zap_class+0x640/0x640
[ 2417.911962]  ? zap_class+0x640/0x640
[ 2417.915696]  ? find_held_lock+0x36/0x1c0
[ 2417.919807]  ? handle_mm_fault+0x42a/0xc70
[ 2417.924057]  ? lock_downgrade+0x900/0x900
[ 2417.928230]  ? check_preemption_disabled+0x48/0x280
[ 2417.933265]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2417.938223]  ? kasan_check_read+0x11/0x20
[ 2417.942401]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2417.947691]  ? rcu_softirq_qs+0x20/0x20
[ 2417.951687]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2417.956805]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2417.962379]  ? check_preemption_disabled+0x48/0x280
[ 2417.967421]  handle_mm_fault+0x54f/0xc70
[ 2417.971495]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2417.976092]  ? find_vma+0x34/0x190
[ 2417.979657]  __do_page_fault+0x5e8/0xe60
[ 2417.983724]  ? trace_hardirqs_off+0xb8/0x310
[ 2417.988155]  do_page_fault+0xf2/0x7e0
[ 2417.991965]  ? vmalloc_sync_all+0x30/0x30
[ 2417.996126]  ? error_entry+0x70/0xd0
[ 2417.999856]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2418.004889]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2418.009834]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2418.014776]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2418.019632]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2418.024662]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2418.030125]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2418.035158]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2418.040187]  ? page_fault+0x8/0x30
[ 2418.043745]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2418.048602]  ? page_fault+0x8/0x30
[ 2418.052167]  page_fault+0x1e/0x30
[ 2418.055626] RIP: 0033:0x4510a0
[ 2418.058834] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2418.077745] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2418.083119] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2418.090399] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2418.097675] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2418.104956] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
08:16:35 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x500, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:35 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:35 executing program 1:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7)
ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000011000/0x3000)=nil, 0x3000})
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2418.112235] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2418.152728] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2418.232202] CPU: 1 PID: 23245 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2418.239622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2418.246356] kvm: vcpu 0: requested 34784 ns lapic timer period limited to 200000 ns
[ 2418.248983] Call Trace:
[ 2418.249025]  dump_stack+0x244/0x39d
[ 2418.249051]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2418.268250]  handle_userfault.cold.32+0x47/0x62
[ 2418.272945]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2418.277544]  ? mark_held_locks+0x130/0x130
[ 2418.281796]  ? find_held_lock+0x36/0x1c0
[ 2418.285911]  ? userfaultfd_ctx_put+0x830/0x830
[ 2418.285939]  ? kasan_check_read+0x11/0x20
[ 2418.294671]  ? print_usage_bug+0xc0/0xc0
[ 2418.298745]  ? do_raw_spin_trylock+0x270/0x270
[ 2418.303344]  ? print_usage_bug+0xc0/0xc0
[ 2418.307441]  ? print_usage_bug+0xc0/0xc0
[ 2418.307991] kvm: vcpu 0: requested 34784 ns lapic timer period limited to 200000 ns
[ 2418.311521]  ? zap_class+0x640/0x640
[ 2418.311539]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2418.311558]  ? futex_wake+0x304/0x760
08:16:36 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x6488, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2418.323080]  ? find_held_lock+0x36/0x1c0
[ 2418.331971]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2418.331990]  ? lock_downgrade+0x900/0x900
[ 2418.332014]  ? kasan_check_read+0x11/0x20
[ 2418.332029]  ? do_raw_spin_unlock+0xa7/0x330
[ 2418.332047]  ? do_raw_spin_trylock+0x270/0x270
[ 2418.357965]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2418.364077]  __handle_mm_fault+0x4bbd/0x5be0
[ 2418.368510]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2418.373384]  ? zap_class+0x640/0x640
[ 2418.377117]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2418.382065]  ? kasan_check_read+0x11/0x20
[ 2418.386233]  ? rcu_softirq_qs+0x20/0x20
[ 2418.386260]  ? zap_class+0x640/0x640
[ 2418.386276]  ? zap_class+0x640/0x640
[ 2418.386299]  ? find_held_lock+0x36/0x1c0
[ 2418.386325]  ? handle_mm_fault+0x42a/0xc70
[ 2418.386343]  ? lock_downgrade+0x900/0x900
[ 2418.386380]  ? check_preemption_disabled+0x48/0x280
[ 2418.397797]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2418.397816]  ? kasan_check_read+0x11/0x20
[ 2418.424379]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
08:16:36 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xe80, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2418.429678]  ? rcu_softirq_qs+0x20/0x20
[ 2418.433693]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2418.438813]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2418.444376]  ? check_preemption_disabled+0x48/0x280
[ 2418.449429]  handle_mm_fault+0x54f/0xc70
[ 2418.453507]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2418.458114]  ? find_vma+0x34/0x190
[ 2418.461670]  __do_page_fault+0x5e8/0xe60
[ 2418.465755]  ? trace_hardirqs_off+0xb8/0x310
[ 2418.470191]  do_page_fault+0xf2/0x7e0
[ 2418.474011]  ? vmalloc_sync_all+0x30/0x30
[ 2418.478174]  ? error_entry+0x70/0xd0
[ 2418.481907]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2418.486939]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2418.486957]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2418.486973]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2418.486996]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2418.496873]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2418.496893]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2418.496912]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2418.496930]  ? page_fault+0x8/0x30
[ 2418.517235]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2418.517255]  ? page_fault+0x8/0x30
[ 2418.517271]  page_fault+0x1e/0x30
[ 2418.517293] RIP: 0033:0x4510a0
[ 2418.540891] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2418.559800] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2418.559813] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2418.559824] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2418.559833] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2418.559843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2418.559853] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:36 executing program 5:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x2000)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000280)=ANY=[@ANYBLOB="0800000007e95ca87aece10f03f1a30493e0858c9e049b1e601000000009f7a07dbc1e00000003000000f4c526c0cc0800bba86ebc65fde3ed000002000000"])
syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = semget(0x0, 0x4, 0x586)
semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000140)=""/131)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000080)={0x0, 0x4004400})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000919000/0x400000)=nil, 0x400000, 0xffffffffffffffff, 0x8031, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x20)
ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0))
openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000004c0))
openat$sequencer(0xffffffffffffff9c, 0x0, 0xc0200, 0x0)
sched_setscheduler(0x0, 0x6, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x80000, 0x0)
clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0)
r5 = socket(0x1e, 0x805, 0x0)
mkdir(&(0x7f00000005c0)='./file0\x00', 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x0, 0x200, 0x0, 0x0, 0x38f, 0x0, 0x0, 0xb08, 0x0, 0x7, 0x3, 0x800, 0xffffffffffffffff, 0x5a}})
sendmsg(r5, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)

08:16:36 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000140)={{{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{}, 0x0, @in=@broadcast}}, &(0x7f0000000000)=0xe8)
getresgid(&(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000240)=<r3=>0x0)
fchown(r0, r2, r3)

08:16:36 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = add_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f00000001c0)="648707518926ecf3fa5a5f04ca45fb03e77cd1f81cc37e37e3a9eb030757aabb99a78b145720ea763df0c3b3345d8c518c5ccabf9c237bcdcc01bfb1bf8f65e749963c46039798be4b7f304d1e89e7d567eddf0f1fa444361018a83c59701f8b4942d2065bc8785d8d1a3f190d8ab8fa5fe0b2f28c1fd9765b077aed7c10e974df83fd0c84e48c6062057cab5479202a241240cedcf9ae4400b891e6875fec6703e7ed4d9178bf830245b383ad22e424fe153255c2fcdcf4426613222e11d84f9f09558716408c525e4d286e9b", 0xcd, 0xfffffffffffffffc)
r1 = request_key(&(0x7f0000000140)='encrypted\x00', &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000300)='proc/wlan0-.\'{\x00', 0xfffffffffffffffc)
keyctl$unlink(0x9, r0, r1)
r2 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r3 = socket$l2tp(0x18, 0x1, 0x1)
getsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000000340), &(0x7f0000000380)=0x4)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x3})
r5 = syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r4, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
request_key(&(0x7f00000003c0)='user\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000440)='/dev/input/event#\x00', 0xfffffffffffffffc)
ioctl$EVIOCGMTSLOTS(r5, 0x8040450a, 0xffffffffffffffff)
ioctl(r3, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:36 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8906000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:36 executing program 1:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7)
ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000011000/0x3000)=nil, 0x3000})

08:16:36 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x600, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:36 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x14, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2418.842817] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2418.847399] CPU: 0 PID: 23289 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2418.854786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2418.864151] Call Trace:
[ 2418.866763]  dump_stack+0x244/0x39d
[ 2418.870444]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2418.875671]  handle_userfault.cold.32+0x47/0x62
[ 2418.880396]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2418.885010]  ? mark_held_locks+0x130/0x130
[ 2418.889266]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2418.894299]  ? futex_wait_setup+0x266/0x3e0
[ 2418.898649]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2418.903863]  ? userfaultfd_ctx_put+0x830/0x830
[ 2418.908464]  ? futex_wait+0x5a1/0xa50
[ 2418.912287]  ? print_usage_bug+0xc0/0xc0
[ 2418.916385]  ? print_usage_bug+0xc0/0xc0
[ 2418.920477]  ? print_usage_bug+0xc0/0xc0
[ 2418.924559]  ? zap_class+0x640/0x640
[ 2418.928294]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2418.933417]  ? futex_wake+0x304/0x760
[ 2418.937248]  ? find_held_lock+0x36/0x1c0
[ 2418.941339]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2418.945962]  ? lock_downgrade+0x900/0x900
[ 2418.950140]  ? kasan_check_read+0x11/0x20
[ 2418.954324]  ? do_raw_spin_unlock+0xa7/0x330
[ 2418.958770]  ? do_raw_spin_trylock+0x270/0x270
[ 2418.963389]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2418.969058]  __handle_mm_fault+0x4bbd/0x5be0
[ 2418.973498]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2418.978379]  ? zap_class+0x640/0x640
[ 2418.982113]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2418.987058]  ? kasan_check_read+0x11/0x20
[ 2418.991223]  ? rcu_softirq_qs+0x20/0x20
[ 2418.995222]  ? zap_class+0x640/0x640
[ 2418.998954]  ? zap_class+0x640/0x640
[ 2419.002687]  ? find_held_lock+0x36/0x1c0
[ 2419.006771]  ? handle_mm_fault+0x42a/0xc70
[ 2419.011023]  ? lock_downgrade+0x900/0x900
[ 2419.015193]  ? check_preemption_disabled+0x48/0x280
[ 2419.020226]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2419.025170]  ? kasan_check_read+0x11/0x20
[ 2419.029328]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2419.034632]  ? rcu_softirq_qs+0x20/0x20
[ 2419.038636]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2419.043773]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2419.049332]  ? check_preemption_disabled+0x48/0x280
[ 2419.054404]  handle_mm_fault+0x54f/0xc70
[ 2419.058487]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2419.063093]  ? find_vma+0x34/0x190
[ 2419.066656]  __do_page_fault+0x5e8/0xe60
[ 2419.070734]  ? trace_hardirqs_off+0xb8/0x310
[ 2419.075178]  do_page_fault+0xf2/0x7e0
[ 2419.079011]  ? vmalloc_sync_all+0x30/0x30
[ 2419.083182]  ? error_entry+0x70/0xd0
[ 2419.086915]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2419.091945]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2419.096892]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2419.101835]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2419.106714]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2419.111748]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2419.117226]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2419.122263]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2419.127301]  ? page_fault+0x8/0x30
[ 2419.130861]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2419.135721]  ? page_fault+0x8/0x30
[ 2419.139276]  page_fault+0x1e/0x30
[ 2419.142744] RIP: 0033:0x4510a0
[ 2419.145948] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2419.164855] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2419.170252] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2419.177537] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2419.184824] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
08:16:36 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x800455d1, &(0x7f0000000080))
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x4000, 0x0)
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'\x00', {0x2, 0x4e20, @multicast2}})

08:16:36 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4000000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:36 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x40000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:36 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
iopl(0x7)
r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x81, 0x20800)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0x6257)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
ioctl$VT_OPENQRY(r1, 0x5600, &(0x7f00000000c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200101, 0x0)

08:16:37 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x48000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2419.192116] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2419.199405] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:38 executing program 5:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x2000)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000280)=ANY=[@ANYBLOB="0800000007e95ca87aece10f03f1a30493e0858c9e049b1e601000000009f7a07dbc1e00000003000000f4c526c0cc0800bba86ebc65fde3ed000002000000"])
syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = semget(0x0, 0x4, 0x586)
semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000140)=""/131)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000080)={0x0, 0x4004400})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000919000/0x400000)=nil, 0x400000, 0xffffffffffffffff, 0x8031, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x20)
ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0))
openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000004c0))
openat$sequencer(0xffffffffffffff9c, 0x0, 0xc0200, 0x0)
sched_setscheduler(0x0, 0x6, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x80000, 0x0)
clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0)
r5 = socket(0x1e, 0x805, 0x0)
mkdir(&(0x7f00000005c0)='./file0\x00', 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x0, 0x200, 0x0, 0x0, 0x38f, 0x0, 0x0, 0xb08, 0x0, 0x7, 0x3, 0x800, 0xffffffffffffffff, 0x5a}})
sendmsg(r5, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)

08:16:38 executing program 1:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7)
ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0)

08:16:38 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2005, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:38 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xf0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:38 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x4800000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:38 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
shmget(0x0, 0x1000, 0x80, &(0x7f0000ffc000/0x1000)=nil)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

[ 2420.383015] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2420.397453] CPU: 1 PID: 23325 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2420.404839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2420.414201] Call Trace:
[ 2420.416802]  dump_stack+0x244/0x39d
[ 2420.420447]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2420.425672]  handle_userfault.cold.32+0x47/0x62
[ 2420.430379]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2420.434975]  ? mark_held_locks+0x130/0x130
[ 2420.439222]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2420.444243]  ? futex_wait_setup+0x266/0x3e0
[ 2420.448594]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2420.453795]  ? userfaultfd_ctx_put+0x830/0x830
[ 2420.458389]  ? futex_wait+0x5a1/0xa50
[ 2420.462200]  ? print_usage_bug+0xc0/0xc0
[ 2420.466273]  ? print_usage_bug+0xc0/0xc0
[ 2420.470343]  ? print_usage_bug+0xc0/0xc0
[ 2420.474423]  ? zap_class+0x640/0x640
[ 2420.478159]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2420.483265]  ? futex_wake+0x304/0x760
[ 2420.487082]  ? find_held_lock+0x36/0x1c0
[ 2420.491162]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2420.495755]  ? lock_downgrade+0x900/0x900
[ 2420.499921]  ? kasan_check_read+0x11/0x20
[ 2420.504074]  ? do_raw_spin_unlock+0xa7/0x330
[ 2420.508486]  ? do_raw_spin_trylock+0x270/0x270
[ 2420.513077]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2420.518716]  __handle_mm_fault+0x4bbd/0x5be0
[ 2420.523141]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2420.527990]  ? zap_class+0x640/0x640
[ 2420.531709]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2420.536641]  ? kasan_check_read+0x11/0x20
[ 2420.540795]  ? rcu_softirq_qs+0x20/0x20
[ 2420.544785]  ? zap_class+0x640/0x640
[ 2420.548502]  ? zap_class+0x640/0x640
[ 2420.552232]  ? find_held_lock+0x36/0x1c0
[ 2420.556317]  ? handle_mm_fault+0x42a/0xc70
[ 2420.560566]  ? lock_downgrade+0x900/0x900
[ 2420.564722]  ? check_preemption_disabled+0x48/0x280
[ 2420.569745]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2420.574679]  ? kasan_check_read+0x11/0x20
[ 2420.578830]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2420.584120]  ? rcu_softirq_qs+0x20/0x20
[ 2420.588149]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2420.593261]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2420.598809]  ? check_preemption_disabled+0x48/0x280
[ 2420.603842]  handle_mm_fault+0x54f/0xc70
[ 2420.607921]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2420.612513]  ? find_vma+0x34/0x190
[ 2420.616077]  __do_page_fault+0x5e8/0xe60
[ 2420.620150]  ? trace_hardirqs_off+0xb8/0x310
[ 2420.624579]  do_page_fault+0xf2/0x7e0
[ 2420.628389]  ? vmalloc_sync_all+0x30/0x30
[ 2420.632548]  ? error_entry+0x70/0xd0
[ 2420.636270]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2420.641304]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2420.646244]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2420.651178]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2420.656039]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2420.661072]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2420.666532]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2420.671557]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2420.676577]  ? page_fault+0x8/0x30
[ 2420.680131]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2420.684979]  ? page_fault+0x8/0x30
[ 2420.688537]  page_fault+0x1e/0x30
[ 2420.691993] RIP: 0033:0x4510a0
[ 2420.695193] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2420.714096] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2420.719466] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2420.726737] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2420.734007] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2420.741277] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2420.748553] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2420.774925] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2420.792155] CPU: 0 PID: 23333 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2420.799542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2420.808902] Call Trace:
[ 2420.811614]  dump_stack+0x244/0x39d
[ 2420.815268]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2420.820494]  handle_userfault.cold.32+0x47/0x62
08:16:38 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x800e, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2420.825201]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2420.829807]  ? mark_held_locks+0x130/0x130
[ 2420.834065]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2420.839097]  ? futex_wait_setup+0x266/0x3e0
[ 2420.843453]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2420.848667]  ? userfaultfd_ctx_put+0x830/0x830
[ 2420.849431] IPVS: ftp: loaded support on port[0] = 21
[ 2420.853265]  ? futex_wait+0x5a1/0xa50
[ 2420.853289]  ? print_usage_bug+0xc0/0xc0
[ 2420.853307]  ? print_usage_bug+0xc0/0xc0
[ 2420.853326]  ? print_usage_bug+0xc0/0xc0
08:16:38 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x600000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2420.853344]  ? zap_class+0x640/0x640
[ 2420.878207]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2420.883326]  ? futex_wake+0x304/0x760
[ 2420.887184]  ? find_held_lock+0x36/0x1c0
[ 2420.891276]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2420.895873]  ? lock_downgrade+0x900/0x900
[ 2420.900051]  ? kasan_check_read+0x11/0x20
[ 2420.904208]  ? do_raw_spin_unlock+0xa7/0x330
[ 2420.908632]  ? do_raw_spin_trylock+0x270/0x270
[ 2420.913235]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2420.918885]  __handle_mm_fault+0x4bbd/0x5be0
08:16:38 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x806000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2420.923320]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2420.928204]  ? zap_class+0x640/0x640
[ 2420.931961]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2420.936905]  ? kasan_check_read+0x11/0x20
[ 2420.941083]  ? rcu_softirq_qs+0x20/0x20
[ 2420.945087]  ? zap_class+0x640/0x640
[ 2420.948816]  ? zap_class+0x640/0x640
[ 2420.952552]  ? find_held_lock+0x36/0x1c0
[ 2420.956637]  ? handle_mm_fault+0x42a/0xc70
[ 2420.960889]  ? lock_downgrade+0x900/0x900
[ 2420.965051]  ? check_preemption_disabled+0x48/0x280
[ 2420.970189]  ? rcu_read_unlock_special+0x1c0/0x1c0
08:16:38 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x7400000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2420.975138]  ? kasan_check_read+0x11/0x20
[ 2420.979298]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2420.984587]  ? rcu_softirq_qs+0x20/0x20
[ 2420.988581]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2420.993697]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2420.999254]  ? check_preemption_disabled+0x48/0x280
[ 2421.004322]  handle_mm_fault+0x54f/0xc70
[ 2421.008423]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2421.013029]  ? find_vma+0x34/0x190
[ 2421.016594]  __do_page_fault+0x5e8/0xe60
[ 2421.020676]  ? trace_hardirqs_off+0xb8/0x310
08:16:38 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x81000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2421.025106]  do_page_fault+0xf2/0x7e0
[ 2421.028922]  ? vmalloc_sync_all+0x30/0x30
[ 2421.033085]  ? error_entry+0x70/0xd0
[ 2421.036819]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2421.041852]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2421.046796]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2421.051740]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2421.056602]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2421.061636]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2421.067104]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2421.072137]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2421.077184]  ? page_fault+0x8/0x30
[ 2421.080743]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2421.085601]  ? page_fault+0x8/0x30
[ 2421.089159]  page_fault+0x1e/0x30
[ 2421.092625] RIP: 0033:0x4510a0
[ 2421.095835] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2421.114755] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
08:16:39 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6c, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2421.120136] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2421.127423] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2421.134719] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2421.141996] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2421.149294] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2421.333946] device bridge_slave_1 left promiscuous mode
[ 2421.339578] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2421.363385] device bridge_slave_0 left promiscuous mode
[ 2421.368883] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2421.487856] team0 (unregistering): Port device team_slave_1 removed
[ 2421.519572] team0 (unregistering): Port device team_slave_0 removed
[ 2421.554631] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 2421.593587] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 2421.655516] bond0 (unregistering): Released all slaves
[ 2421.669795] handle_userfault: 1 callbacks suppressed
[ 2421.669802] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2421.693746] CPU: 0 PID: 23355 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2421.701143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2421.710523] Call Trace:
[ 2421.713137]  dump_stack+0x244/0x39d
[ 2421.716793]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2421.722024]  handle_userfault.cold.32+0x47/0x62
[ 2421.726734]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2421.731347]  ? mark_held_locks+0x130/0x130
[ 2421.735632]  ? find_held_lock+0x36/0x1c0
[ 2421.739748]  ? userfaultfd_ctx_put+0x830/0x830
[ 2421.744371]  ? kasan_check_read+0x11/0x20
[ 2421.748543]  ? print_usage_bug+0xc0/0xc0
[ 2421.752621]  ? do_raw_spin_trylock+0x270/0x270
[ 2421.757222]  ? print_usage_bug+0xc0/0xc0
[ 2421.761315]  ? print_usage_bug+0xc0/0xc0
[ 2421.765405]  ? zap_class+0x640/0x640
[ 2421.769135]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2421.774256]  ? futex_wake+0x304/0x760
[ 2421.778103]  ? find_held_lock+0x36/0x1c0
[ 2421.782215]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2421.786835]  ? lock_downgrade+0x900/0x900
[ 2421.791007]  ? kasan_check_read+0x11/0x20
[ 2421.795200]  ? do_raw_spin_unlock+0xa7/0x330
[ 2421.799627]  ? do_raw_spin_trylock+0x270/0x270
[ 2421.804229]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2421.809892]  __handle_mm_fault+0x4bbd/0x5be0
[ 2421.814347]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2421.819240]  ? zap_class+0x640/0x640
[ 2421.822976]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2421.827954]  ? kasan_check_read+0x11/0x20
[ 2421.832124]  ? rcu_softirq_qs+0x20/0x20
[ 2421.836150]  ? zap_class+0x640/0x640
[ 2421.839879]  ? zap_class+0x640/0x640
[ 2421.843627]  ? find_held_lock+0x36/0x1c0
[ 2421.847721]  ? handle_mm_fault+0x42a/0xc70
[ 2421.851973]  ? lock_downgrade+0x900/0x900
[ 2421.856141]  ? check_preemption_disabled+0x48/0x280
[ 2421.861181]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2421.866123]  ? kasan_check_read+0x11/0x20
[ 2421.870285]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2421.875602]  ? rcu_softirq_qs+0x20/0x20
[ 2421.879610]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2421.884736]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2421.890291]  ? check_preemption_disabled+0x48/0x280
[ 2421.895331]  handle_mm_fault+0x54f/0xc70
[ 2421.899430]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2421.904035]  ? find_vma+0x34/0x190
[ 2421.907595]  __do_page_fault+0x5e8/0xe60
[ 2421.911670]  ? trace_hardirqs_off+0xb8/0x310
[ 2421.916104]  do_page_fault+0xf2/0x7e0
[ 2421.919920]  ? vmalloc_sync_all+0x30/0x30
[ 2421.924087]  ? error_entry+0x70/0xd0
[ 2421.927818]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2421.932873]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2421.937817]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2421.942761]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2421.947623]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2421.952656]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2421.958123]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2421.963156]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2421.968191]  ? page_fault+0x8/0x30
[ 2421.971753]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2421.976611]  ? page_fault+0x8/0x30
[ 2421.980168]  page_fault+0x1e/0x30
[ 2421.983635] RIP: 0033:0x4510a0
[ 2421.986846] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2422.005763] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2422.011135] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2422.018428] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2422.025710] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2422.032991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2422.040273] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:40 executing program 5:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:40 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4305000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:40 executing program 1:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7)
ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:40 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
prctl$PR_SET_FPEXC(0xc, 0x81)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000001c0)={<r4=>0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x101, 0x1, 0x80000000, 0x8, 0x4}, &(0x7f00000000c0)=0x98)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000280)={r4, 0x9b, "bf4c7ffa64f0d2f732e6d91292d4aca2156667a679276a70a0237e8b9c731fe4af0f067d9ce7b26373b26b45f18e18954510ac3d2c1fca2385c9072d12f7ac15e98f81bb192c27fb389f1d65f25d7570a4f14c222f86edbdc9b894e7c3c7dc73b3e402e3bc8f44476b4e0e5f9c51d38bbd6b430e44f652bda6c8b797de299a41e78e649bcc0e2f4fc307e81ef95be25b6cdf058ddc894ea6e3d223"}, &(0x7f0000000140)=0xa3)
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:40 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x9, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2422.371329] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2422.382210] CPU: 0 PID: 23373 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2422.389599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2422.398958] Call Trace:
[ 2422.401572]  dump_stack+0x244/0x39d
[ 2422.405224]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2422.410450]  handle_userfault.cold.32+0x47/0x62
[ 2422.415160]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2422.419769]  ? mark_held_locks+0x130/0x130
[ 2422.424022]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2422.429052]  ? futex_wait_setup+0x266/0x3e0
[ 2422.433419]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2422.438631]  ? userfaultfd_ctx_put+0x830/0x830
[ 2422.443232]  ? futex_wait+0x5a1/0xa50
[ 2422.447057]  ? print_usage_bug+0xc0/0xc0
[ 2422.451137]  ? print_usage_bug+0xc0/0xc0
[ 2422.455225]  ? print_usage_bug+0xc0/0xc0
[ 2422.459328]  ? zap_class+0x640/0x640
[ 2422.463074]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2422.468195]  ? futex_wake+0x304/0x760
[ 2422.472028]  ? find_held_lock+0x36/0x1c0
[ 2422.476114]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2422.480716]  ? lock_downgrade+0x900/0x900
[ 2422.484884]  ? kasan_check_read+0x11/0x20
[ 2422.489050]  ? do_raw_spin_unlock+0xa7/0x330
[ 2422.493476]  ? do_raw_spin_trylock+0x270/0x270
[ 2422.496228] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2422.498074]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2422.498103]  __handle_mm_fault+0x4bbd/0x5be0
[ 2422.498131]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2422.517493]  ? zap_class+0x640/0x640
[ 2422.521216]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2422.526161]  ? kasan_check_read+0x11/0x20
[ 2422.530336]  ? rcu_softirq_qs+0x20/0x20
[ 2422.534359]  ? zap_class+0x640/0x640
[ 2422.538095]  ? zap_class+0x640/0x640
[ 2422.541831]  ? find_held_lock+0x36/0x1c0
[ 2422.545920]  ? handle_mm_fault+0x42a/0xc70
[ 2422.550170]  ? lock_downgrade+0x900/0x900
[ 2422.554329]  ? check_preemption_disabled+0x48/0x280
[ 2422.559393]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2422.564339]  ? kasan_check_read+0x11/0x20
[ 2422.568524]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2422.573812]  ? rcu_softirq_qs+0x20/0x20
[ 2422.577800]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2422.582917]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2422.588472]  ? check_preemption_disabled+0x48/0x280
[ 2422.593509]  handle_mm_fault+0x54f/0xc70
[ 2422.597586]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2422.602184]  ? find_vma+0x34/0x190
[ 2422.605744]  __do_page_fault+0x5e8/0xe60
[ 2422.609813]  ? trace_hardirqs_off+0xb8/0x310
[ 2422.614244]  do_page_fault+0xf2/0x7e0
[ 2422.618067]  ? vmalloc_sync_all+0x30/0x30
[ 2422.622228]  ? error_entry+0x70/0xd0
[ 2422.622246]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2422.622262]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2422.622279]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2422.622294]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2422.622317]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2422.631072]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2422.656195]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2422.661232]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2422.666266]  ? page_fault+0x8/0x30
[ 2422.669828]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2422.674702]  ? page_fault+0x8/0x30
[ 2422.678259]  page_fault+0x1e/0x30
[ 2422.681725] RIP: 0033:0x4510a0
[ 2422.684933] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2422.703867] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2422.709241] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2422.716518] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2422.723793] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2422.731074] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2422.738347] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2422.748010] CPU: 1 PID: 23385 Comm: syz-executor5 Not tainted 4.20.0-rc6+ #371
[ 2422.755392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2422.764753] Call Trace:
[ 2422.767373]  dump_stack+0x244/0x39d
[ 2422.771013]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2422.776203]  handle_userfault.cold.32+0x47/0x62
[ 2422.780870]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2422.785460]  ? mark_held_locks+0x130/0x130
[ 2422.789687]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2422.794694]  ? futex_wait_setup+0x266/0x3e0
[ 2422.799012]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2422.804191]  ? userfaultfd_ctx_put+0x830/0x830
[ 2422.808780]  ? futex_wait+0x5a1/0xa50
[ 2422.812589]  ? print_usage_bug+0xc0/0xc0
[ 2422.816657]  ? print_usage_bug+0xc0/0xc0
[ 2422.820732]  ? print_usage_bug+0xc0/0xc0
[ 2422.824811]  ? zap_class+0x640/0x640
[ 2422.828538]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2422.833653]  ? futex_wake+0x304/0x760
[ 2422.837481]  ? find_held_lock+0x36/0x1c0
[ 2422.841564]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2422.846159]  ? lock_downgrade+0x900/0x900
[ 2422.850333]  ? kasan_check_read+0x11/0x20
[ 2422.854504]  ? do_raw_spin_unlock+0xa7/0x330
[ 2422.858921]  ? do_raw_spin_trylock+0x270/0x270
[ 2422.863521]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2422.869171]  __handle_mm_fault+0x4bbd/0x5be0
[ 2422.873603]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2422.878459]  ? zap_class+0x640/0x640
[ 2422.882184]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2422.887122]  ? kasan_check_read+0x11/0x20
[ 2422.891278]  ? rcu_softirq_qs+0x20/0x20
[ 2422.895279]  ? zap_class+0x640/0x640
[ 2422.899002]  ? zap_class+0x640/0x640
[ 2422.902733]  ? find_held_lock+0x36/0x1c0
[ 2422.906818]  ? handle_mm_fault+0x42a/0xc70
[ 2422.911077]  ? lock_downgrade+0x900/0x900
[ 2422.915231]  ? check_preemption_disabled+0x48/0x280
[ 2422.920264]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2422.925202]  ? kasan_check_read+0x11/0x20
[ 2422.929365]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2422.934667]  ? rcu_softirq_qs+0x20/0x20
[ 2422.938650]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2422.943767]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2422.949313]  ? check_preemption_disabled+0x48/0x280
[ 2422.954389]  handle_mm_fault+0x54f/0xc70
[ 2422.958494]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2422.963089]  ? find_vma+0x34/0x190
[ 2422.966649]  __do_page_fault+0x5e8/0xe60
[ 2422.970730]  ? trace_hardirqs_off+0xb8/0x310
[ 2422.975160]  do_page_fault+0xf2/0x7e0
[ 2422.978974]  ? vmalloc_sync_all+0x30/0x30
[ 2422.983130]  ? error_entry+0x70/0xd0
[ 2422.986866]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2422.991912]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2422.996850]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2423.001794]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2423.006648]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2423.011682]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2423.017160]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2423.022190]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2423.027226]  ? page_fault+0x8/0x30
[ 2423.030789]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2423.035643]  ? page_fault+0x8/0x30
[ 2423.039198]  page_fault+0x1e/0x30
[ 2423.042658] RIP: 0033:0x4510a0
[ 2423.045860] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2423.064771] RSP: 002b:00007f59dbda67a8 EFLAGS: 00010202
[ 2423.070137] RAX: 00007f59dbda6850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2423.077418] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f59dbda6850
[ 2423.084697] RBP: 000000000072bfa0 R08: 00000000000003ff R09: 0000000000000000
[ 2423.091976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f59dbda76d4
[ 2423.099253] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2423.728625] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2423.735314] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2423.742802] device bridge_slave_0 entered promiscuous mode
[ 2423.788139] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2423.794681] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2423.802616] device bridge_slave_1 entered promiscuous mode
[ 2423.842995] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 2423.870951] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 2423.950223] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 2423.979586] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 2424.097812] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 2424.105129] team0: Port device team_slave_0 added
[ 2424.131307] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 2424.138568] team0: Port device team_slave_1 added
[ 2424.164066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 2424.193129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 2424.223118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 2424.251486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 2424.510526] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2424.516949] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2424.523626] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2424.530003] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2425.456681] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2425.546234] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 2425.635488] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 2425.641622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 2425.650123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2425.737013] 8021q: adding VLAN 0 to HW filter on device team0
08:16:44 executing program 1:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:44 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x1400000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:44 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000), &(0x7f0000000040)=0x4)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
r1 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x1, 0x101)
fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$TUNSETGROUP(r1, 0x400454ce, r2)

08:16:44 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x74, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:44 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
fsetxattr$security_smack_transmute(r2, &(0x7f00000000c0)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000280)='TRUE', 0x65, 0x6)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000001c0)=r0, 0x4)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000040)={r0})
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x0)

08:16:44 executing program 5:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
personality(0x414000e)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2)
openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:44 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8060000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2426.372665] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2426.377516] CPU: 1 PID: 23653 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2426.384895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2426.394250] Call Trace:
[ 2426.396857]  dump_stack+0x244/0x39d
[ 2426.400505]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2426.405718]  handle_userfault.cold.32+0x47/0x62
[ 2426.410414]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2426.415012]  ? mark_held_locks+0x130/0x130
[ 2426.419253]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2426.424279]  ? futex_wait_setup+0x266/0x3e0
[ 2426.428620]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2426.433818]  ? userfaultfd_ctx_put+0x830/0x830
[ 2426.438422]  ? futex_wait+0x5a1/0xa50
[ 2426.442237]  ? print_usage_bug+0xc0/0xc0
[ 2426.446319]  ? print_usage_bug+0xc0/0xc0
[ 2426.450410]  ? print_usage_bug+0xc0/0xc0
[ 2426.454478]  ? zap_class+0x640/0x640
[ 2426.458196]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2426.463303]  ? futex_wake+0x304/0x760
[ 2426.467125]  ? find_held_lock+0x36/0x1c0
[ 2426.471207]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2426.475799]  ? lock_downgrade+0x900/0x900
[ 2426.479973]  ? kasan_check_read+0x11/0x20
[ 2426.484128]  ? do_raw_spin_unlock+0xa7/0x330
[ 2426.488542]  ? do_raw_spin_trylock+0x270/0x270
[ 2426.493137]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2426.498776]  __handle_mm_fault+0x4bbd/0x5be0
[ 2426.503202]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2426.508054]  ? zap_class+0x640/0x640
[ 2426.511781]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2426.516726]  ? kasan_check_read+0x11/0x20
[ 2426.520905]  ? rcu_softirq_qs+0x20/0x20
[ 2426.524902]  ? zap_class+0x640/0x640
[ 2426.528621]  ? zap_class+0x640/0x640
[ 2426.532364]  ? find_held_lock+0x36/0x1c0
[ 2426.536464]  ? handle_mm_fault+0x42a/0xc70
[ 2426.540712]  ? lock_downgrade+0x900/0x900
[ 2426.544878]  ? check_preemption_disabled+0x48/0x280
[ 2426.549903]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2426.554836]  ? kasan_check_read+0x11/0x20
[ 2426.558996]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2426.564291]  ? rcu_softirq_qs+0x20/0x20
[ 2426.568276]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2426.573395]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2426.578944]  ? check_preemption_disabled+0x48/0x280
[ 2426.583973]  handle_mm_fault+0x54f/0xc70
[ 2426.588045]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2426.592637]  ? find_vma+0x34/0x190
[ 2426.596191]  __do_page_fault+0x5e8/0xe60
[ 2426.600258]  ? trace_hardirqs_off+0xb8/0x310
[ 2426.604687]  do_page_fault+0xf2/0x7e0
[ 2426.608501]  ? vmalloc_sync_all+0x30/0x30
[ 2426.612681]  ? error_entry+0x70/0xd0
[ 2426.616406]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2426.621429]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2426.626373]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2426.631308]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2426.636155]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2426.641176]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2426.646632]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2426.651661]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2426.656687]  ? page_fault+0x8/0x30
[ 2426.660237]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2426.665093]  ? page_fault+0x8/0x30
[ 2426.668643]  page_fault+0x1e/0x30
[ 2426.672104] RIP: 0033:0x4510a0
[ 2426.675308] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2426.694214] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2426.699585] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2426.706857] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2426.714134] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
08:16:44 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2426.721408] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2426.728679] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2426.739534] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2426.763787] CPU: 0 PID: 23650 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2426.771189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2426.780559] Call Trace:
[ 2426.783173]  dump_stack+0x244/0x39d
[ 2426.786832]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2426.792061]  handle_userfault.cold.32+0x47/0x62
[ 2426.796776]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2426.801400]  ? mark_held_locks+0x130/0x130
[ 2426.805656]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2426.810689]  ? futex_wait_setup+0x266/0x3e0
[ 2426.815038]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2426.820252]  ? userfaultfd_ctx_put+0x830/0x830
[ 2426.824850]  ? futex_wait+0x5a1/0xa50
[ 2426.828672]  ? print_usage_bug+0xc0/0xc0
[ 2426.832753]  ? print_usage_bug+0xc0/0xc0
[ 2426.836837]  ? print_usage_bug+0xc0/0xc0
[ 2426.840917]  ? zap_class+0x640/0x640
[ 2426.844651]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2426.849769]  ? futex_wake+0x304/0x760
[ 2426.853601]  ? find_held_lock+0x36/0x1c0
[ 2426.857685]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2426.862296]  ? lock_downgrade+0x900/0x900
[ 2426.866469]  ? kasan_check_read+0x11/0x20
[ 2426.870630]  ? do_raw_spin_unlock+0xa7/0x330
[ 2426.875062]  ? do_raw_spin_trylock+0x270/0x270
[ 2426.879664]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2426.885319]  __handle_mm_fault+0x4bbd/0x5be0
[ 2426.889763]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2426.894626]  ? zap_class+0x640/0x640
[ 2426.898369]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2426.903320]  ? kasan_check_read+0x11/0x20
[ 2426.907493]  ? rcu_softirq_qs+0x20/0x20
[ 2426.911492]  ? zap_class+0x640/0x640
[ 2426.915220]  ? zap_class+0x640/0x640
[ 2426.918959]  ? find_held_lock+0x36/0x1c0
[ 2426.923048]  ? handle_mm_fault+0x42a/0xc70
[ 2426.923067]  ? lock_downgrade+0x900/0x900
[ 2426.923086]  ? check_preemption_disabled+0x48/0x280
[ 2426.923104]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2426.923120]  ? kasan_check_read+0x11/0x20
[ 2426.923135]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2426.923153]  ? rcu_softirq_qs+0x20/0x20
[ 2426.931545]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2426.931565]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2426.931583]  ? check_preemption_disabled+0x48/0x280
[ 2426.931606]  handle_mm_fault+0x54f/0xc70
08:16:44 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:44 executing program 5:
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x80, 0x0)
ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000180))
r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000280)={0x2, 0x20, [{0x95, 0x0, 0x1}, {0x8, 0x0, 0xff}]})
close(r1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10000, 0x80)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000080)={<r3=>0x0, 0x80000, 0xffffffffffffff9c})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
r5 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x0, 0x204000)
ioctl$BLKRESETZONE(r5, 0x40101283, &(0x7f0000000100)={0x4, 0x1ff})
sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r6 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={<r7=>0x0, <r8=>0x0, <r9=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f00000001c0)='./file0\x00', r8, r9)
lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000940)={{}, {}, [{}], {}, [{0x8, 0x2, r9}, {0x8, 0x2, r9}, {0x8, 0x0, r9}, {0x8, 0x2, r9}, {0x8, 0x4, r9}], {0x10, 0x2}, {0x20, 0x1}}, 0x54, 0x1)
chdir(&(0x7f0000000540)='./file0\x00')
symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f00000007c0)='./file0\x00')
r10 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x101001, 0x0)
perf_event_open(&(0x7f0000000380)={0x3, 0x70, 0xffffffffffffffe0, 0x1, 0x7ff, 0x29bc61e, 0x0, 0x6481c43d, 0xa000, 0x2, 0x0, 0x8, 0x401, 0xb35, 0xfff, 0x100000001, 0xffffffff, 0x8, 0xfffffffffffffff9, 0x6, 0x9, 0x9, 0x8a, 0x2, 0xd73a, 0x382, 0x39cf, 0x0, 0x8001, 0x1, 0x10001, 0x7, 0x7fff, 0x400, 0x4, 0x1, 0xff, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x61}, 0x8100, 0x1, 0xbd, 0x7, 0x2, 0x6, 0x8000}, r7, 0x0, r10, 0xb)
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f00000008c0), 0xffffffffffffffff)
lstat(&(0x7f0000000600)='./file0/file0\x00', &(0x7f0000000680))
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r10, 0x84, 0x12, &(0x7f0000000240), &(0x7f0000000440)=0x4)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r3, 0x80000, r4})

08:16:44 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8100000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2426.974646]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2426.979261]  ? find_vma+0x34/0x190
[ 2426.982832]  __do_page_fault+0x5e8/0xe60
[ 2426.986911]  ? trace_hardirqs_off+0xb8/0x310
[ 2426.991348]  do_page_fault+0xf2/0x7e0
[ 2426.995200]  ? vmalloc_sync_all+0x30/0x30
[ 2426.999384]  ? error_entry+0x70/0xd0
[ 2427.003121]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2427.008151]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2427.013098]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2427.018044]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2427.022909]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2427.027932]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2427.033405]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2427.038429]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2427.043450]  ? page_fault+0x8/0x30
[ 2427.047004]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2427.051854]  ? page_fault+0x8/0x30
[ 2427.055406]  page_fault+0x1e/0x30
[ 2427.058865] RIP: 0033:0x4510a0
[ 2427.062063] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2427.080966] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2427.086335] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2427.093624] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2427.100916] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2427.108186] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2427.115457] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:45 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5c00000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2427.209763] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2427.222913] CPU: 0 PID: 23650 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2427.230310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2427.240210] Call Trace:
[ 2427.240240]  dump_stack+0x244/0x39d
[ 2427.240267]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2427.240302]  handle_userfault.cold.32+0x47/0x62
[ 2427.240333]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2427.256418]  ? mark_held_locks+0x130/0x130
[ 2427.256437]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2427.256456]  ? futex_wait_setup+0x266/0x3e0
[ 2427.274601]  ? zap_class+0x640/0x640
[ 2427.278344]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2427.283572]  ? userfaultfd_ctx_put+0x830/0x830
[ 2427.288187]  ? futex_wait+0x5a1/0xa50
[ 2427.292007]  ? print_usage_bug+0xc0/0xc0
[ 2427.292025]  ? print_usage_bug+0xc0/0xc0
[ 2427.292044]  ? print_usage_bug+0xc0/0xc0
[ 2427.292063]  ? zap_class+0x640/0x640
08:16:45 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x200841, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0\x00')
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x200000, 0x0)
ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f0000000140)=0x2)

08:16:45 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2427.292093]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2427.313443]  ? futex_wake+0x304/0x760
[ 2427.317266]  ? __ia32_sys_mmap_pgoff+0x1a0/0x1a0
[ 2427.322052]  ? find_held_lock+0x36/0x1c0
[ 2427.326147]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2427.330752]  ? lock_downgrade+0x900/0x900
[ 2427.334925]  ? kasan_check_read+0x11/0x20
[ 2427.339091]  ? do_raw_spin_unlock+0xa7/0x330
[ 2427.343514]  ? do_raw_spin_trylock+0x270/0x270
[ 2427.348116]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2427.353768]  __handle_mm_fault+0x4bbd/0x5be0
08:16:45 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2427.358203]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2427.363214]  ? zap_class+0x640/0x640
[ 2427.366939]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2427.371890]  ? kasan_check_read+0x11/0x20
[ 2427.376060]  ? rcu_softirq_qs+0x20/0x20
[ 2427.380064]  ? zap_class+0x640/0x640
[ 2427.383789]  ? zap_class+0x640/0x640
[ 2427.387526]  ? find_held_lock+0x36/0x1c0
[ 2427.391612]  ? handle_mm_fault+0x42a/0xc70
[ 2427.395863]  ? lock_downgrade+0x900/0x900
[ 2427.400044]  ? check_preemption_disabled+0x48/0x280
[ 2427.405083]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2427.410029]  ? kasan_check_read+0x11/0x20
[ 2427.410047]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2427.410065]  ? rcu_softirq_qs+0x20/0x20
[ 2427.419505]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2427.428591]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2427.434149]  ? check_preemption_disabled+0x48/0x280
[ 2427.439193]  handle_mm_fault+0x54f/0xc70
[ 2427.443278]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2427.447878]  ? find_vma+0x34/0x190
[ 2427.451450]  __do_page_fault+0x5e8/0xe60
[ 2427.455525]  ? trace_hardirqs_off+0xb8/0x310
[ 2427.459962]  do_page_fault+0xf2/0x7e0
[ 2427.463795]  ? vmalloc_sync_all+0x30/0x30
[ 2427.467963]  ? error_entry+0x70/0xd0
[ 2427.471704]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2427.476737]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2427.481682]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2427.486626]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2427.491482]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2427.496514]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2427.501985]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2427.507021]  ? page_fault+0x8/0x30
[ 2427.510583]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2427.515441]  ? page_fault+0x8/0x30
[ 2427.518999]  page_fault+0x1e/0x30
[ 2427.522468] RIP: 0033:0x4510a0
[ 2427.525675] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2427.544586] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2427.549974] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2427.557282] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2427.564576] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2427.571845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2427.579118] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:45 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x200000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:45 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f00000001c0)={{0x1, 0x10000000000, 0x8001, 0x81, 0x7, 0x7f}, 0xc7, 0x6, 0x6, 0x3ec3, 0x1, "c917dde9f5a328f4521431472d9b1f138cb570db052eef96e2f6db325b9899cf828f9bb1fa9efbf95868f505ec1e49ef52dd0dfc5f7a88be5ebe350714ef6b515950b64f35f8e06e064cf1975c87ff936ec155837c4984ab6037037206f1698f38b5ebb27e347ce387c998d9e4c6482aa5fc972fb25db21fe45d2a7b87f1fbf3"})
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:45 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:45 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x1, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000040)='[\x00')
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:45 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x800e0000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:45 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:45 executing program 5 (fault-call:5 fault-nth:0):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

08:16:45 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x300000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2427.748634] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2427.770687] CPU: 0 PID: 23705 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2427.778096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2427.787467] Call Trace:
[ 2427.790075]  dump_stack+0x244/0x39d
[ 2427.793739]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2427.798968]  handle_userfault.cold.32+0x47/0x62
[ 2427.803678]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2427.808285]  ? mark_held_locks+0x130/0x130
[ 2427.812534]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2427.817557]  ? futex_wait_setup+0x266/0x3e0
[ 2427.821896]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2427.827094]  ? userfaultfd_ctx_put+0x830/0x830
[ 2427.831679]  ? futex_wait+0x5a1/0xa50
[ 2427.835492]  ? print_usage_bug+0xc0/0xc0
[ 2427.839564]  ? print_usage_bug+0xc0/0xc0
[ 2427.843632]  ? print_usage_bug+0xc0/0xc0
[ 2427.847703]  ? zap_class+0x640/0x640
[ 2427.851424]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2427.856532]  ? futex_wake+0x304/0x760
[ 2427.860363]  ? find_held_lock+0x36/0x1c0
[ 2427.864447]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2427.869033]  ? lock_downgrade+0x900/0x900
[ 2427.873208]  ? kasan_check_read+0x11/0x20
[ 2427.877375]  ? do_raw_spin_unlock+0xa7/0x330
[ 2427.881791]  ? do_raw_spin_trylock+0x270/0x270
[ 2427.886412]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2427.892050]  __handle_mm_fault+0x4bbd/0x5be0
[ 2427.896475]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2427.901333]  ? zap_class+0x640/0x640
[ 2427.905062]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2427.910000]  ? kasan_check_read+0x11/0x20
[ 2427.914156]  ? rcu_softirq_qs+0x20/0x20
[ 2427.918176]  ? zap_class+0x640/0x640
[ 2427.921905]  ? zap_class+0x640/0x640
[ 2427.925627]  ? find_held_lock+0x36/0x1c0
[ 2427.929702]  ? handle_mm_fault+0x42a/0xc70
[ 2427.933942]  ? lock_downgrade+0x900/0x900
[ 2427.938093]  ? check_preemption_disabled+0x48/0x280
[ 2427.943131]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2427.948092]  ? kasan_check_read+0x11/0x20
[ 2427.952247]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2427.957541]  ? rcu_softirq_qs+0x20/0x20
[ 2427.961524]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2427.966646]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2427.972191]  ? check_preemption_disabled+0x48/0x280
[ 2427.977223]  handle_mm_fault+0x54f/0xc70
[ 2427.981297]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2427.985893]  ? find_vma+0x34/0x190
[ 2427.989445]  __do_page_fault+0x5e8/0xe60
[ 2427.993540]  ? trace_hardirqs_off+0xb8/0x310
[ 2427.997967]  do_page_fault+0xf2/0x7e0
[ 2428.001782]  ? vmalloc_sync_all+0x30/0x30
[ 2428.005936]  ? error_entry+0x70/0xd0
[ 2428.009655]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2428.014682]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2428.019622]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2428.024563]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2428.029423]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2428.034500]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2428.039978]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2428.045016]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2428.050041]  ? page_fault+0x8/0x30
[ 2428.053589]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2428.058445]  ? page_fault+0x8/0x30
[ 2428.061997]  page_fault+0x1e/0x30
[ 2428.065461] RIP: 0033:0x4510a0
[ 2428.068678] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2428.087605] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2428.092981] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2428.100266] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2428.107541] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2428.114811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
08:16:45 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2})
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2428.122086] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:46 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xf000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:46 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x100000000, 0x100)
prctl$PR_GET_CHILD_SUBREAPER(0x25)
connect$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0xffffffff}, 0x10)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:46 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2428.288640] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2428.302183] CPU: 1 PID: 23726 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2428.309574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2428.319091] Call Trace:
[ 2428.321710]  dump_stack+0x244/0x39d
[ 2428.325377]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2428.330620]  handle_userfault.cold.32+0x47/0x62
[ 2428.335328]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2428.339953]  ? mark_held_locks+0x130/0x130
[ 2428.344216]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2428.349248]  ? futex_wait_setup+0x266/0x3e0
[ 2428.353604]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2428.353630]  ? userfaultfd_ctx_put+0x830/0x830
[ 2428.363397]  ? futex_wait+0x5a1/0xa50
[ 2428.363419]  ? print_usage_bug+0xc0/0xc0
[ 2428.363436]  ? print_usage_bug+0xc0/0xc0
[ 2428.363455]  ? print_usage_bug+0xc0/0xc0
[ 2428.379436]  ? zap_class+0x640/0x640
[ 2428.383168]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2428.388292]  ? futex_wake+0x304/0x760
[ 2428.392129]  ? find_held_lock+0x36/0x1c0
[ 2428.396218]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2428.400815]  ? lock_downgrade+0x900/0x900
[ 2428.404974]  ? kasan_check_read+0x11/0x20
[ 2428.409139]  ? do_raw_spin_unlock+0xa7/0x330
[ 2428.413550] FAULT_INJECTION: forcing a failure.
[ 2428.413550] name failslab, interval 1, probability 0, space 0, times 0
[ 2428.424752]  ? do_raw_spin_trylock+0x270/0x270
[ 2428.429351]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2428.435011]  __handle_mm_fault+0x4bbd/0x5be0
[ 2428.439441]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2428.444302]  ? zap_class+0x640/0x640
[ 2428.448027]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2428.452969]  ? kasan_check_read+0x11/0x20
[ 2428.457133]  ? rcu_softirq_qs+0x20/0x20
[ 2428.461175]  ? zap_class+0x640/0x640
[ 2428.464927]  ? zap_class+0x640/0x640
[ 2428.468676]  ? find_held_lock+0x36/0x1c0
[ 2428.472757]  ? handle_mm_fault+0x42a/0xc70
[ 2428.477028]  ? lock_downgrade+0x900/0x900
[ 2428.481189]  ? check_preemption_disabled+0x48/0x280
[ 2428.486225]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2428.491170]  ? kasan_check_read+0x11/0x20
[ 2428.495329]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2428.500626]  ? rcu_softirq_qs+0x20/0x20
[ 2428.504614]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2428.509736]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2428.515285]  ? check_preemption_disabled+0x48/0x280
[ 2428.520371]  handle_mm_fault+0x54f/0xc70
[ 2428.524497]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2428.529096]  ? find_vma+0x34/0x190
[ 2428.532651]  __do_page_fault+0x5e8/0xe60
[ 2428.536723]  ? trace_hardirqs_off+0xb8/0x310
[ 2428.541155]  do_page_fault+0xf2/0x7e0
[ 2428.544981]  ? vmalloc_sync_all+0x30/0x30
[ 2428.549137]  ? error_entry+0x70/0xd0
[ 2428.552874]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2428.557909]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2428.562889]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2428.567829]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2428.572712]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2428.577744]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2428.583209]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2428.588237]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2428.593266]  ? page_fault+0x8/0x30
[ 2428.596824]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2428.601689]  ? page_fault+0x8/0x30
[ 2428.605242]  page_fault+0x1e/0x30
[ 2428.608701] RIP: 0033:0x4510a0
[ 2428.611918] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2428.630846] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
08:16:46 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x1000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2428.636222] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2428.643501] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2428.650781] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2428.658057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2428.665334] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2428.672644] CPU: 0 PID: 23717 Comm: syz-executor5 Not tainted 4.20.0-rc6+ #371
[ 2428.680030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2428.689395] Call Trace:
[ 2428.692001]  dump_stack+0x244/0x39d
[ 2428.695648]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2428.700870]  should_fail.cold.4+0xa/0x17
[ 2428.704944]  ? lock_unpin_lock+0x4a0/0x4a0
[ 2428.704966]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 2428.704983]  ? print_usage_bug+0xc0/0xc0
[ 2428.705006]  ? zap_class+0x640/0x640
[ 2428.705027]  ? zap_class+0x640/0x640
[ 2428.725878]  ? zap_class+0x640/0x640
[ 2428.729613]  ? find_held_lock+0x36/0x1c0
[ 2428.733700]  ? __lock_is_held+0xb5/0x140
[ 2428.737791]  ? perf_trace_sched_process_exec+0x860/0x860
[ 2428.743256]  ? do_huge_pmd_wp_page+0x2127/0x5fd0
[ 2428.745719] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2428.748031]  ? wake_up_page_bit+0x6f0/0x6f0
[ 2428.748053]  __should_failslab+0x124/0x180
[ 2428.748078]  should_failslab+0x9/0x14
[ 2428.761124]  kmem_cache_alloc_trace+0x2d7/0x750
[ 2428.769591]  do_huge_pmd_wp_page+0x229a/0x5fd0
[ 2428.774194]  ? lock_unpin_lock+0x4a0/0x4a0
[ 2428.778444]  ? update_load_avg+0x387/0x2470
[ 2428.782787]  ? __split_huge_pmd+0xa70/0xa70
[ 2428.787132]  ? update_load_avg+0x387/0x2470
[ 2428.791466]  ? __lock_acquire+0x62f/0x4c20
[ 2428.795718]  ? attach_entity_load_avg+0x860/0x860
[ 2428.800570]  ? zap_class+0x640/0x640
[ 2428.804305]  ? print_usage_bug+0xc0/0xc0
[ 2428.808412]  ? rb_erase+0x3710/0x3710
[ 2428.812239]  ? lock_unpin_lock+0x4a0/0x4a0
[ 2428.816497]  ? lock_unpin_lock+0x4a0/0x4a0
[ 2428.820759]  ? is_bpf_text_address+0xac/0x170
[ 2428.825270]  ? print_usage_bug+0xc0/0xc0
[ 2428.829345]  ? __lock_acquire+0x62f/0x4c20
[ 2428.833608]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2428.838559]  ? kasan_check_read+0x11/0x20
[ 2428.842729]  ? __lock_acquire+0x62f/0x4c20
[ 2428.846977]  ? print_usage_bug+0xc0/0xc0
[ 2428.851054]  ? __lock_acquire+0x62f/0x4c20
[ 2428.855304]  ? print_usage_bug+0xc0/0xc0
[ 2428.859392]  ? mark_held_locks+0x130/0x130
[ 2428.863655]  ? __lock_acquire+0x62f/0x4c20
[ 2428.867905]  ? print_usage_bug+0xc0/0xc0
[ 2428.871991]  ? mark_held_locks+0x130/0x130
[ 2428.876237]  ? zap_class+0x640/0x640
[ 2428.879972]  ? __lock_acquire+0x62f/0x4c20
[ 2428.884225]  ? __lock_acquire+0x62f/0x4c20
[ 2428.888479]  ? print_usage_bug+0xc0/0xc0
[ 2428.892564]  ? mark_held_locks+0x130/0x130
[ 2428.896816]  ? mark_held_locks+0x130/0x130
[ 2428.901069]  ? zap_class+0x640/0x640
[ 2428.904796]  ? find_held_lock+0x36/0x1c0
[ 2428.908874]  ? mark_held_locks+0xc7/0x130
[ 2428.913044]  ? lock_unpin_lock+0x4a0/0x4a0
[ 2428.917294]  ? print_usage_bug+0xc0/0xc0
[ 2428.921386]  ? ima_match_policy+0x848/0x1560
[ 2428.925809]  ? print_usage_bug+0xc0/0xc0
[ 2428.929881]  ? check_preemption_disabled+0x48/0x280
[ 2428.934912]  ? print_usage_bug+0xc0/0xc0
[ 2428.938986]  ? print_usage_bug+0xc0/0xc0
[ 2428.943056]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2428.948352]  ? __lock_acquire+0x62f/0x4c20
[ 2428.952617]  ? find_held_lock+0x36/0x1c0
[ 2428.956716]  ? __lock_acquire+0x62f/0x4c20
[ 2428.960980]  ? __lock_acquire+0x62f/0x4c20
[ 2428.965223]  ? mark_held_locks+0x130/0x130
[ 2428.969486]  ? mark_held_locks+0x130/0x130
[ 2428.973732]  ? mark_held_locks+0x130/0x130
[ 2428.978001]  ? up_write+0x7b/0x220
[ 2428.981554]  ? print_usage_bug+0xc0/0xc0
[ 2428.985638]  __handle_mm_fault+0x2de2/0x5be0
[ 2428.990063]  ? print_usage_bug+0xc0/0xc0
[ 2428.994142]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2428.998993]  ? zap_class+0x640/0x640
[ 2429.002726]  ? print_usage_bug+0xc0/0xc0
[ 2429.006815]  ? zap_class+0x640/0x640
[ 2429.010538]  ? zap_class+0x640/0x640
[ 2429.014270]  ? find_held_lock+0x36/0x1c0
[ 2429.018363]  ? handle_mm_fault+0x42a/0xc70
[ 2429.022621]  ? lock_downgrade+0x900/0x900
[ 2429.026787]  ? check_preemption_disabled+0x48/0x280
[ 2429.031822]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2429.036773]  ? kasan_check_read+0x11/0x20
[ 2429.040945]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2429.046237]  ? rcu_softirq_qs+0x20/0x20
[ 2429.050236]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2429.055373]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2429.060926]  ? check_preemption_disabled+0x48/0x280
[ 2429.065965]  handle_mm_fault+0x54f/0xc70
[ 2429.070040]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2429.074638]  ? find_vma+0x34/0x190
[ 2429.078192]  __do_page_fault+0x5e8/0xe60
[ 2429.082273]  do_page_fault+0xf2/0x7e0
[ 2429.086085]  ? vmalloc_sync_all+0x30/0x30
[ 2429.090250]  ? error_entry+0x76/0xd0
[ 2429.093976]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2429.099004]  ? find_held_lock+0x36/0x1c0
[ 2429.103089]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2429.107944]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2429.112998]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2429.117857]  page_fault+0x1e/0x30
[ 2429.121319] RIP: 0010:__put_user_4+0x1c/0x30
[ 2429.125743] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 40 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48
[ 2429.144649] RSP: 0018:ffff88817fb37a60 EFLAGS: 00010293
[ 2429.150019] RAX: 0000000000000000 RBX: 00007fffffffeffd RCX: 0000000020000080
[ 2429.157293] RDX: 1ffff11038cb664b RSI: ffffffff81b1a6b3 RDI: ffff8881c65b3258
[ 2429.164567] RBP: ffff88817fb37c08 R08: 1ffff1102ff66f29 R09: 0000000000000008
[ 2429.171847] R10: 0000000000000001 R11: ffff8881b4b54680 R12: 1ffff1102ff66f50
[ 2429.179124] R13: 0000000000000000 R14: 00000000800455d1 R15: ffff8881d9145950
[ 2429.186430]  ? __might_fault+0x1a3/0x1e0
[ 2429.190508]  ? snd_ctl_ioctl+0x576/0x1110
[ 2429.194677]  ? snd_ctl_elem_add_user+0x170/0x170
[ 2429.199450]  ? __fget+0x4d1/0x740
[ 2429.202923]  ? ksys_dup3+0x680/0x680
[ 2429.206670]  ? __mutex_unlock_slowpath+0x197/0x8c0
[ 2429.211616]  ? snd_ctl_elem_add_user+0x170/0x170
[ 2429.216397]  do_vfs_ioctl+0x1de/0x1790
[ 2429.220296]  ? __lock_is_held+0xb5/0x140
[ 2429.224403]  ? ioctl_preallocate+0x300/0x300
[ 2429.228826]  ? __fget_light+0x2e9/0x430
[ 2429.233257]  ? fget_raw+0x20/0x20
[ 2429.236725]  ? __sb_end_write+0xd9/0x110
[ 2429.240803]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 2429.246351]  ? fput+0x130/0x1a0
[ 2429.249666]  ? do_syscall_64+0x9a/0x820
[ 2429.253665]  ? do_syscall_64+0x9a/0x820
[ 2429.257655]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 2429.262252]  ? security_file_ioctl+0x94/0xc0
[ 2429.266671]  ksys_ioctl+0xa9/0xd0
[ 2429.270142]  __x64_sys_ioctl+0x73/0xb0
[ 2429.274041]  do_syscall_64+0x1b9/0x820
[ 2429.277951]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 2429.283325]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2429.288281]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2429.293137]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2429.298164]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2429.303193]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2429.308230]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2429.313103]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2429.318298] RIP: 0033:0x457679
[ 2429.321506] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2429.340413] RSP: 002b:00007f59dbdc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2429.348172] RAX: ffffffffffffffda RBX: 00007f59dbdc7c90 RCX: 0000000000457679
[ 2429.355448] RDX: 0000000020000080 RSI: 00000000800455d1 RDI: 0000000000000005
[ 2429.362843] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[ 2429.370107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f59dbdc86d4
[ 2429.377400] R13: 00000000004bfbc0 R14: 00000000004d0a48 R15: 0000000000000006
[ 2429.384704] CPU: 1 PID: 23739 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2429.392081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2429.401437] Call Trace:
[ 2429.404039]  dump_stack+0x244/0x39d
[ 2429.407688]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2429.412906]  handle_userfault.cold.32+0x47/0x62
[ 2429.412936]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2429.412957]  ? mark_held_locks+0x130/0x130
[ 2429.422215]  ? find_held_lock+0x36/0x1c0
[ 2429.422246]  ? userfaultfd_ctx_put+0x830/0x830
[ 2429.435113]  ? kasan_check_read+0x11/0x20
[ 2429.439282]  ? print_usage_bug+0xc0/0xc0
[ 2429.443382]  ? do_raw_spin_trylock+0x270/0x270
[ 2429.447984]  ? print_usage_bug+0xc0/0xc0
[ 2429.452063]  ? print_usage_bug+0xc0/0xc0
[ 2429.456118]  ? zap_class+0x640/0x640
[ 2429.459822]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2429.464916]  ? futex_wake+0x304/0x760
[ 2429.468712]  ? find_held_lock+0x36/0x1c0
[ 2429.472768]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2429.477341]  ? lock_downgrade+0x900/0x900
[ 2429.481497]  ? kasan_check_read+0x11/0x20
[ 2429.485637]  ? do_raw_spin_unlock+0xa7/0x330
[ 2429.490037]  ? do_raw_spin_trylock+0x270/0x270
[ 2429.494612]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2429.500231]  __handle_mm_fault+0x4bbd/0x5be0
[ 2429.504636]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2429.509472]  ? zap_class+0x640/0x640
[ 2429.513175]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2429.518093]  ? kasan_check_read+0x11/0x20
[ 2429.522230]  ? rcu_softirq_qs+0x20/0x20
[ 2429.526199]  ? zap_class+0x640/0x640
[ 2429.529902]  ? zap_class+0x640/0x640
[ 2429.533611]  ? find_held_lock+0x36/0x1c0
[ 2429.537666]  ? handle_mm_fault+0x42a/0xc70
[ 2429.541895]  ? lock_downgrade+0x900/0x900
[ 2429.546034]  ? check_preemption_disabled+0x48/0x280
[ 2429.551043]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2429.555961]  ? kasan_check_read+0x11/0x20
[ 2429.560097]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2429.565371]  ? rcu_softirq_qs+0x20/0x20
[ 2429.569343]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2429.574458]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2429.579985]  ? check_preemption_disabled+0x48/0x280
[ 2429.584994]  handle_mm_fault+0x54f/0xc70
[ 2429.589054]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2429.593631]  ? find_vma+0x34/0x190
[ 2429.597164]  __do_page_fault+0x5e8/0xe60
[ 2429.601212]  ? trace_hardirqs_off+0xb8/0x310
[ 2429.605622]  do_page_fault+0xf2/0x7e0
[ 2429.609412]  ? vmalloc_sync_all+0x30/0x30
[ 2429.613589]  ? error_entry+0x70/0xd0
[ 2429.617297]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2429.622316]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2429.627268]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2429.632185]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2429.637018]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2429.642024]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2429.647464]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2429.652489]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2429.657506]  ? page_fault+0x8/0x30
[ 2429.661038]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2429.665875]  ? page_fault+0x8/0x30
[ 2429.669420]  page_fault+0x1e/0x30
[ 2429.672860] RIP: 0033:0x4510a0
[ 2429.676073] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
08:16:47 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f00000000c0)={'icmp\x00'}, &(0x7f0000000140)=0x1e)
r2 = userfaultfd(0x0)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000040)=0x81)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
fcntl$addseals(r0, 0x409, 0x4)
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:47 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x4800]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:47 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:47 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
sendto$unix(r1, &(0x7f0000000140)="a256947bcdda85a80b19769c37a24ab77cf3c9ed841da959279a28986f3f133ca9e718d2f5d9e76e1da00049110fa7028dbd219739014e7c9d6fcc03e8bdb8456f594e4cbcc1a475bb93af3e000ce87910a257e818a84cf62bcb77f5afb183895c24ad204def3ce188ef668c525c2f66767662c06ffbd951222eaa93b14693688d2480", 0x83, 0x20000000, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000040)=[@sack_perm], 0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f00000000c0)={0x0, 0x3, 0x1})
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

[ 2429.694994] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2429.700381] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2429.707641] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2429.714900] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2429.722160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2429.729416] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:47 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:47 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x543]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2429.832865] QAT: Invalid ioctl
[ 2429.871095] QAT: Invalid ioctl
[ 2429.875257] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2429.899503] CPU: 1 PID: 23758 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2429.906901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2429.916268] Call Trace:
[ 2429.918892]  dump_stack+0x244/0x39d
[ 2429.922553]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2429.927775]  handle_userfault.cold.32+0x47/0x62
[ 2429.932477]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2429.932501]  ? mark_held_locks+0x130/0x130
[ 2429.932521]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2429.932539]  ? futex_wait_setup+0x266/0x3e0
[ 2429.932574]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2429.941390]  ? userfaultfd_ctx_put+0x830/0x830
[ 2429.960484]  ? futex_wait+0x5a1/0xa50
[ 2429.964304]  ? print_usage_bug+0xc0/0xc0
[ 2429.968389]  ? print_usage_bug+0xc0/0xc0
[ 2429.972473]  ? print_usage_bug+0xc0/0xc0
[ 2429.976555]  ? zap_class+0x640/0x640
[ 2429.980289]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2429.985411]  ? futex_wake+0x304/0x760
[ 2429.989245]  ? find_held_lock+0x36/0x1c0
[ 2429.993332]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2429.997943]  ? lock_downgrade+0x900/0x900
[ 2430.002123]  ? kasan_check_read+0x11/0x20
[ 2430.006289]  ? do_raw_spin_unlock+0xa7/0x330
[ 2430.010713]  ? do_raw_spin_trylock+0x270/0x270
[ 2430.015312]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2430.020972]  __handle_mm_fault+0x4bbd/0x5be0
[ 2430.025410]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2430.030268]  ? zap_class+0x640/0x640
[ 2430.033997]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2430.038945]  ? kasan_check_read+0x11/0x20
[ 2430.038962]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2430.038989]  ? zap_class+0x640/0x640
[ 2430.039004]  ? zap_class+0x640/0x640
[ 2430.039024]  ? find_held_lock+0x36/0x1c0
[ 2430.048459]  ? handle_mm_fault+0x42a/0xc70
[ 2430.048478]  ? lock_downgrade+0x900/0x900
[ 2430.048496]  ? check_preemption_disabled+0x48/0x280
[ 2430.048517]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2430.078323]  ? kasan_check_read+0x11/0x20
[ 2430.082499]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2430.087794]  ? rcu_softirq_qs+0x20/0x20
[ 2430.091797]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2430.096919]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2430.102489]  ? check_preemption_disabled+0x48/0x280
[ 2430.107533]  handle_mm_fault+0x54f/0xc70
[ 2430.111616]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2430.116223]  ? find_vma+0x34/0x190
[ 2430.119784]  __do_page_fault+0x5e8/0xe60
[ 2430.123856]  ? trace_hardirqs_off+0xb8/0x310
[ 2430.128299]  do_page_fault+0xf2/0x7e0
[ 2430.132119]  ? vmalloc_sync_all+0x30/0x30
[ 2430.136287]  ? error_entry+0x70/0xd0
[ 2430.140019]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2430.140035]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2430.140053]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2430.140068]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2430.140090]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2430.150026]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2430.150046]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2430.150065]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2430.150080]  ? page_fault+0x8/0x30
[ 2430.150100]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2430.188787]  ? page_fault+0x8/0x30
[ 2430.192342]  page_fault+0x1e/0x30
[ 2430.195818] RIP: 0033:0x4510a0
[ 2430.199028] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
08:16:47 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:47 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x4, 0x80000)
prctl$PR_SET_THP_DISABLE(0x29, 0x3d)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:47 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000480)='/dev/null\x00', 0x100, 0x0)
connect$tipc(r1, &(0x7f00000004c0)=@id={0x1e, 0x3, 0x3, {0x4e21, 0x1}}, 0x10)
read(r0, &(0x7f0000000440)=""/41, 0x29)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000500))
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x2000, 0x0)
ioctl$BLKGETSIZE(r2, 0x1260, &(0x7f0000000380))
ioctl$DRM_IOCTL_AGP_RELEASE(r2, 0x6431)
r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x80, 0x400002)
recvfrom$llc(r2, &(0x7f00000003c0)=""/8, 0x8, 0x0, &(0x7f0000000400)={0x1a, 0x33b, 0x5, 0x3, 0x7fffffff, 0x7}, 0x10)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000140)={{{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f0000000040)=0xe8)
fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
write$FUSE_DIRENTPLUS(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="c0000000000000000200000000000000030000000000000003000000000000000500000000000000018000000000000003000080040000000100000000000000ffff00000000000006000000000000000001000000000000050000000000000006000000000000000200000000000600000000000104000001000000", @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="000001008f3a0000000000000000000000000000304b00000000000013000000080000002f6465762f736e642f636f6e74726f6c4323000000000000"], 0xc0)

08:16:48 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0)
ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000040))
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:48 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6c000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2430.217938] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2430.223312] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2430.230596] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2430.237886] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2430.245288] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2430.245298] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:48 executing program 0:
r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x8, 0x80)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='proc+mime_type-\x00')
r1 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r2 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r3 = socket$l2tp(0x18, 0x1, 0x1)
ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x3)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r4, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r3, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
ioctl$VIDIOC_S_PRIORITY(r1, 0x40045644, 0x2)

08:16:48 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:48 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x2, &(0x7f0000000080))

08:16:48 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xffffdd86]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2430.408869] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2430.442168] CPU: 1 PID: 23796 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2430.449567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2430.458943] Call Trace:
[ 2430.461537]  dump_stack+0x244/0x39d
[ 2430.465183]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2430.470418]  handle_userfault.cold.32+0x47/0x62
[ 2430.470455]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2430.470479]  ? mark_held_locks+0x130/0x130
[ 2430.479724]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2430.479739]  ? futex_wait_setup+0x266/0x3e0
[ 2430.479769]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2430.479789]  ? userfaultfd_ctx_put+0x830/0x830
[ 2430.479803]  ? futex_wait+0x5a1/0xa50
[ 2430.479828]  ? print_usage_bug+0xc0/0xc0
[ 2430.511010]  ? print_usage_bug+0xc0/0xc0
[ 2430.515110]  ? print_usage_bug+0xc0/0xc0
[ 2430.519194]  ? zap_class+0x640/0x640
[ 2430.522926]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2430.528045]  ? futex_wake+0x304/0x760
[ 2430.531889]  ? find_held_lock+0x36/0x1c0
[ 2430.535978]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2430.540574]  ? lock_downgrade+0x900/0x900
[ 2430.544762]  ? kasan_check_read+0x11/0x20
[ 2430.548927]  ? do_raw_spin_unlock+0xa7/0x330
[ 2430.553390]  ? do_raw_spin_trylock+0x270/0x270
[ 2430.553417]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2430.553443]  __handle_mm_fault+0x4bbd/0x5be0
[ 2430.568066]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2430.572937]  ? zap_class+0x640/0x640
[ 2430.576667]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2430.581618]  ? kasan_check_read+0x11/0x20
[ 2430.585785]  ? rcu_softirq_qs+0x20/0x20
[ 2430.589787]  ? zap_class+0x640/0x640
[ 2430.593519]  ? zap_class+0x640/0x640
[ 2430.597259]  ? find_held_lock+0x36/0x1c0
[ 2430.601350]  ? handle_mm_fault+0x42a/0xc70
[ 2430.605613]  ? lock_downgrade+0x900/0x900
[ 2430.609779]  ? check_preemption_disabled+0x48/0x280
[ 2430.614815]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2430.619759]  ? kasan_check_read+0x11/0x20
[ 2430.623915]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2430.623931]  ? rcu_softirq_qs+0x20/0x20
[ 2430.623948]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2430.623969]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2430.643882]  ? check_preemption_disabled+0x48/0x280
[ 2430.648953]  handle_mm_fault+0x54f/0xc70
[ 2430.653040]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2430.657650]  ? find_vma+0x34/0x190
[ 2430.661234]  __do_page_fault+0x5e8/0xe60
[ 2430.665315]  ? trace_hardirqs_off+0xb8/0x310
[ 2430.669772]  do_page_fault+0xf2/0x7e0
[ 2430.673593]  ? vmalloc_sync_all+0x30/0x30
[ 2430.677763]  ? error_entry+0x70/0xd0
[ 2430.681495]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2430.686523]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2430.691467]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2430.691484]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2430.691504]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2430.701272]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2430.701291]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2430.701310]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2430.701326]  ? page_fault+0x8/0x30
[ 2430.701347]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2430.730238]  ? page_fault+0x8/0x30
[ 2430.733797]  page_fault+0x1e/0x30
[ 2430.737268] RIP: 0033:0x4510a0
08:16:48 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
socket$l2tp(0x18, 0x1, 0x1)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:48 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:48 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:48 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:48 executing program 1:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2430.740479] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2430.759399] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2430.764768] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2430.764784] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2430.779323] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
08:16:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x101, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040))
sendmmsg$nfc_llcp(r0, &(0x7f0000002600)=[{&(0x7f0000000140)={0x27, 0x1, 0x2, 0x7, 0x8, 0x8, "244290101e3151096b2e4edc93d0157d7f76bad35b14d55eeb6ae6cc6b354c8b37f81737531d6e8edde20d9146ec6c3c793b87496080178a1d3b0bc4e373b7", 0x7}, 0x60, &(0x7f0000002580)=[{&(0x7f00000001c0)="b2352951bb668c26a0d91a071a759c711d90fe4c39d118b497a1fb125d37453d01a36388d609d405759aa7fbde72fb84c8755229d2b0f481c9e49399060bbdb193ad4bbfb1efc838393db6284ca097863a8445e53d0d1f348274a19b6f1312d134f7fa6f8b4e42089a7fffcc4ef34f40b28bd4dcbe43e0dc883a4d84a9a105c2b8ba24cf920fc402fbaab48fb77b0c404a212ae502a82181454a0758c1ecffbb90c7aaf60a3a247ac036d2bdc596c58b28d6f69cd05f93ccd23dc9dcf27ee988147e92eeb2bda801996d936a2a6dcbe02622d38313552c19dcfa0e1ba7ca8d1b083b4a341f9bcd3ff9c6674d808ce16273e4cc3a45801fdf7d51256c2fdd7eab2ad3be832f03f7feb41ae8adbed48584eb5f8b52ac34cf5d74124fb16513df030d8c9228552a7fe2bdb366b7e8ba3e5d8acf4b75fa84ed498e0b8e5755bf50d15ec14e115e1b0dbc7359c5879408db78af0c919f0f04eb07418a69dcd4be86c8a6354b5cfed70d191d189b6cf1f8b84d3688c907e7db23c3e7a89a34f241d3fc7aa8a3e629e5b5e4caa3dbf75260a48b716d8871a70eb49738ed4203a55cbad65791d5da6137ac17a4815c42a6237dd62c115f4865551378814919d5c658a4957d1de53eda7e3e2748da52960698331df4742322600b42476f60b226e34f778a634bc3daa13aa33abf4126dcaa9586a2b4f1e5ab72ec5f5c2c2bd82dbcb05194d515c4c5a976d5ada2286e1598cedc8d325fd341805446870ed34b39b72902d3617e2fa1d02caa8930d026250f517dc5cf79c2dfb38c22961a10d1d445c69d4beed0bbb8b273bf7493ee8ba6e273fa5b95423406b7a65ec221687514d360b08daed85d4d069b2a8be15c918351702fa358a582852e168ca5ba182af8a33735baf09a109f10bbe1995e8fa378a6edc69b72ccd176971d667fc85e3ce2030f123739bd2d39606f47eed5ef158fa33de2f55b9d7713e7806b2f8b451dcc56b8f5b2cd2781ea96a85eaef8811567c81599562151f9a381ba5ac662965efc370b5becd81843b532240d3ef224ef69a1ef8fc1ab8e30c682c2bce985c699e7c9aa51176a5fe8efe596672092ffe99dc3823b796bcbb295253c43a8ea6c0561938256f00cc54e85ff2956dff4a23d75a6820a29f6340142f7fd4587833eebceef9c6c85011aaee17b81cc1b5d815d51612729112fbb0b0138d1533dc6b85bbb84601f242f54c56409aea513dc091634e958e59bec392b0a82d5f89f9e310df79730733d30ebcdd7afadf9495920cf13b3e194c0893c100b23fd056fa4ece7f937f6bf255cc1dd2f91a4dadad98ee5d1eade87c144ca5d3d3d4b7789783ecbe94d2a05882aa7f975ebf599884727b10fc40e062c3a962e68c5b96c455693b508a99b1213ffc5382288379f256a3d8db05cdb97cc5a6089eac4e7bc462b342795c55cc6e753816891fe2fda606ae109400b47807d28c9a74e44f90fe969acd4aff66718b996500a8c1363648c833d020bfac79f4b642fe7ae914270c540a6c820c51e0d6e74ba0ea27d9b3705c9aa1b9664763f2177e6c520cedbddf84736af1a02b2bbfe27f480b4770e7ff66635cef38960ee5184029646b84f36b4e62843cd5eeb2c461a1bdbfc372c5f286fc5561d4814f642b7f2ca8164d14414592af514d9512c839145f4c27fe372985e3092c96d3152556791c795d6f067fb434ea3b9329a6c359aa21863d868d658e509c21d597ccd5e2ead2c278c779a54a171205446fac8f7c64b363f24a753cad4fa0c5bf5703685dfd13bcf3fefb66883a72091c06e13d0898899ea5a0bd5913540c3cbd3a7512184cb954f11695e65a688ae5ff900f94da5aab33ef7a3a7086a7f149dc58fbe3a0a90f48c476e2ac622e139391655b37763a8e519d39f8162e930106a1055e0b9fda58191653984bccb6392e540b58da98060d6abb736fb70f830d3729c3e2c27cad989a6f1bab76a626c966176e051fa16d288966f0f2f2a57249eea506915237b1c5ed2f97cb4e2675b9445bab49af75d65d3450330eda195b77b573b02625c3e9c462d94d2203851b9eb172a8c5681a92df5d0447c03440559838c111736596fc5ac9a39d1087589f200594dcdbafd49fc85dcd586c1f3757084d436dbba5233d756593c2a17f7b6bcf44352b4959246bd00cc7419c98ff669780a704730579ae6c5d735d1944dd0012a10f5d9307cc97e408145abf2a58d5897736e002d33e4d31379f863e8fe9b2087bd38d8a3bdff42b27dc3e6949404b0929515ad220ed8ed92a9008fe5ac9611c5d6c6d73c333b65367fc03f9aee9ed5a39d2cc133b67228ae1ba4c61f651ccde0c9dab5f7c377d4669d0955463aa764779028152bb52afd811ad8e0d470d11f4563085ed889dd89bfdb6d31827d8d83f1f8bcf9d612de2286a220e12934d745d17d09f7018951bf51bd3b13c9876d1fad757718deda833f74ae207b30ea6c4927e1783e5e51754bc1e4c798fa773ae010496e441071ef137de9ae199a1b1e6b855e25625e4c97279ad53cafc2752849856175a40afd230d53d7bcdb150dde9922aaa5dc7dcaf9b34a9e400c2a7957931f848dc3375f2af5a5ccf9dfff9417aeacdd6d37f7f37f1a1338204b2dbdf9a77c7d2e6f5d828e3a12f26c7a4f173c24415204287dab9672d8ecb4d5211bed5adc997d18f9c0fed1b548e91ea541764d359d9e250fd8602666a5be4ccf8ae5306aa55999ef01536c60ad0c341c681be09e8ee6dc8d8f5d0f1654b95a43bea0e28a56b9e818d52e5e1b2415f1ee4de01f6832ad49a25672b4cd3dd81c512164abb86ebb351ecb63da654278f27d2bf304812356c813f4ad0cd5e3bd50a5870f0a33784b8d61d96dd31dbb617b7b62d3ce26cafe093c6dd6c35981199bbb30d29ac2c16188bf9de8dd552fa85de8132e1460afeecc25b32b19de9854c01f1b66612534c2db36ed8fa64d846f4882b46c57ec6d5147c1805bafd27b52bad375059c82e3b828892acbd5744f623742e479edebce32c301a3408f06870c360a4580b42fb19a348018925b490dbe4923f11d186ad272ae94c23e3f52faf3dcc433990ec0a39dcb59f3ac749f5e09a64b6baa6deea27dfc56ee4406e92394a0c82018ae76b43c08ea657df0b817e49f06dacf65b8502df51b533a65dedb64b0e08d2384bd94f4e000157f21cf7204f8816eee45759323b2f9969fc9786f98bf2c25906b95a938827e3df22e26aec492c077a7546e3bd623173f632caf8bece3f808e5c5c6e2c3d41b1a905d667a6243cf9375a417ccb86211105c3a9b904371e45633dc89d8c8cca7a9f39fc8ff1385aa8c648e439e72202cab38518a141c69c0bc947ca05bb162b8b194d9988094ecd5f1e08afaa7461774215266abb1ff24ad6a2dff4f61733cc125b19467c3632143e8dfa25fd48e18fe79cbddf98a1ae8c37a843c9cf796a90ebeb8e40b4bdaf370dbe146eb2edb94bfd80ebfacc0a93664451226ea1d11da7fe42857f8569ee3b805455a017bdcbab481d755dd6dec05bbf434acfe366926b61a25f0aec7fa0af157da58215bba03b8613be5c68dbfd382679f59eace2c12b44c02007685a3b42848062ff97b86c612dc4c0982e0080751605931aa2723eff8469e7e51c57dda31d8274df7742c662a8ece5d9a3e96b364343e2d12d302d72d74ebc27c1483c19dd85ab4ffe0a1dbc054b5c9838650b90db99797068e2bd4fa9a7e560ceb8f98cb938bba479f64edcf8f75ee5ab21b4f1ca88ba24b5b2f05b55dfea795530ee738dc7e8eae3d2d99f0ed3f902cbb83833caa4a05d621b0c4058e20196169d39c9c2fd171a9ee3f572a696e8a5f5e06ae6975776329a45665bf8bae820f0ef8ec1ade33fef51de1137ec0742fde048ca82938b9740b9baf5dd347dd21639bb60ff7d90c9e7f71e5fde8f45977eba2a4be3d8b659afbbf2714f765d5db43d0340b3e2dd48efb68cb8201f952eb240b266bd541f67de33683712b90cd052067800fe221c61282d71d3f4233ab7c5ab6755e67545de4e2eb542c7ba9af9ed09e3718225379b4c03686fb6dcd3d643114d3afe62d43ef5e38621f18b382dc7747181031b40e05d2ddb142135dc62ee1f9cf88a1b158529c0b7380085fecdb68bcf5ebe3924ca36f04be411612979a38d8c5f33d6bb80867760ad442e38c079040402e0fa0388ea34942dd6f3ee0aa2d7ed3935931ac72cd5b50f709bf43060af44bdca04a00720b6fbccb8612f15a330e33a65748dd825f6859a2393054dbf24126d09108db19489ab4aed69f24d7ab7d8479897b16a996161af3bca0d965c3c595149a1fd151c9d754e7ed0524819bed0698505154bfab0d434a672a504b41c2efde711a9bf8f8c0f037f203e5aa720d6c3b0316cec548ebfdd35a67235a4454c067b542ac7e409def0d8eb78f762b8f72b97fc2ac6482ec493b4770cdb4e9d4c8fbf8ec5d3d6ae4ff75fc65bc05bc804f6a718ae6b82df6ccaa89b1dc18f35fd30061c8fe50c6c9719e0fd7bd871aff705a1f21bf5f7771dcebb601d414aebb9962cb9820b8e90852cb28f8ad0f8de0f94de8a6383f1dcf1d3d77ee94ec96bd179f27e4ebf411324920877ead9db8254367852cec4ccd3a75712985ba86ae42f66b82d6d78bc08d014a8f78c1819775c4637bdc0eb23af85eb93cf7b886407e1a21a95bedbf97d56e455c2a2a39c3ca74ff8a1182fbf5203c13729c88339094d92176834f49dc8c21c20adb592e50ce6b18172a8ea793a71dc47ecf244946291d631510b54d362de9e6c8b3df0efce813fef21bdda83e68b1e6726392d3465f9ab0e75450a8cc4d6f4a349a5bf1c00f409d3cef694073ee552a05c96add6c3d90328b389d68904a350fdd342e36ce69bd3b54beade13c1bf5ed48bf758d26511793ad99d58095fe6c49b9f4650528816b808f0f877ef14c276a7eabd42557a6f12a02f6ac0a1ccf12319b3e1c76e66545b8507f3688ff84b251807459165aae1026f9d1d05c518b7c8b83c11ff35f733534d73bdf3e02ca62442e1c7f51c1d7a4d403b36ab1fb7dd6cef81ca2e6051312735256cdba1be8cd77049f31342d0ea614498b848d6ab2ebc32663f6bb42c33a30695406afb2362f5af25fb74b70769ffc21f243d7414756f463a3a6cfc6caa2a6df2bb94c645120a586a119a3d492fdad1dc46ca67f924f9fec97e52ec04df8eb023b13fcb50f98d77484e69db4afeeb1b8d8e762006425482dea73ddead979944959fde5548e1d9077018e728b8ed0737d013dee7e2b2884a4d736a01d980b96555afd586dde39b4b987a84fdaf17d636dec4cf263f0c123d03bb091a5a71063b5e8afd901e9799be3775610d5b966a6814fd0fc517022c2283efb7415cb083048b93147cd2d77328d58d6ceaef9d501ccf8f3c84654958a3cdb2c0d32bb258c7b3bf3888019bb4dbc8d0938a41cb239573d4adfec640955f5b23dea5a71762b4036d751c8e0231548e1eaa4fd392fbc0740dfc63db480bfd2b3e04ec134da1ad92fa47ed0a00193eb1c2ae74ee1eb4c02cdeb5122d2967dd0b0dadd6d489188bf9fbf62c6bca6c13b74cb75c29a6e6f6e5285ef89d6d1a2b2ceb3366c1fc705dc477f7a0a1e28a4185234b906073c8ea4ffa734123d74e54456108b5a9f8dc38e5aa97b5630129be737aa7c00b849f2eaa602c9a6dc286e4e1578695e1a8fba52d72dbfe0b91ac6ed3a181dce35d99c9b5251402437f857d011ae257a93f5ba642f300c18475e6a819ecc21c52c5eb6c91e3ac64639763126f2", 0x1000}, {&(0x7f00000011c0)="197965115376e4146ebf1436110083b424e5288227461057924b568bd903ef9ee9d503b88ec549649fb689c94fc998986b9870fd109228dd456ca6d768d44917336d07f7e67fe2919ff8aedb5105a226", 0x50}, {&(0x7f0000001240)="ce43e09ffca66ef9b08d032ffb60543da2cf87063aef499b1d01e507eb145cda13432d2a14b27fcc2531300d39fdcad8c374013725b930c4016a1a23ad0b1ce9f71f1ec1c260128c48bf22fa84a9ae1cb95e4b0b8533e3fb875dfae51d584caa87fb00290da6cffe33cd656acaf9a34b2dfea3b8d93eb39df234b32d184dcb47923a392e24060148b1601803f648c922f59937a6ce41c770595e833ab44b0672bca11daf3840cb0342b73fe9bad0c3b411c676a7a480ed30b8cf4138f0cd7de7525d46d9d4d6928f4fe7a3a62bc5879b10320147f9d12d2ecee2ead9a9", 0xdd}, {&(0x7f0000001340)="52898a16ba8661dfc7c4c3de63a19be02a2e585f555577f9ffad368242ed3539ffebaec537272a358a075f375d4cf18419c1cc61b9b7f42b86bac6a74cad99ab7bedaf736a43443f4d5aeb4079623f9d11eb95f60a38", 0x56}, {&(0x7f00000013c0)="0fd62e4669bad219a33b3eeba6780378e2b8db588725f5189c9eef61c4f3fda972a670db70f5b0e9a4b06ddd1bb0b3ab613a672daee00c4a475ec7e5b3680a73fe4328043968119db3ed2c8fabe0666ba66b204ce052a88e12b5434c4cab1a9be51a1e0a33d66e219dcd4ae343270bc669eaded9410e95cd651d74df4adcb23aec343fa103c3ae5b14901d84cdee3c463138a0527f88d0bf7f1d2693ef9d7fca670472db046123ed6272257ef2", 0xad}, {&(0x7f0000001480)="7d07646c9fc0f5858395a35d19f1e37d93e6890bc25865ff64f49f98cc869dec5cac869cbc52468d76d0c333f63b60468a8b135b437474ac60d123f4040e7f048aa9659121b152394136131320cc0e8f17f384ab11d33daea313733b76df9f2f8158ee61b470b2b89885cddde35554557d85df416165f339f93c9a95cfbda38aaca2a1d130ad988071aaea5d27b7ceb59169267b8a89f44f7871737964808d3ca30c7c26cf122c869fea13e5c070e2d185c9192b68c94ac7add377a45ed9f3d9bde09fc7b9508fcd6da9537ec73eaf68c14e073626eb9690ce8e2a1bae490f80a057ff38444ef1acfecc6a5b386be071fa5e50ee1ec71b0af8ad412d94384fe0e26afbbaa52757bc250841674662815dc3b7bbaf73117c96a332cde4281c349bbc7da059cf77692b760c991f86fd3e6d2e949c541aa3a4a4d34fa49ac5868a47ea30b7d9e3de85a7ada8caf42232dc62ee64536a217803dbc457f19a75ff94d352f6562546f2fd6c070369c8b270de4c66049bdb97ed6f9d675dbdf40719df5cb4b4e22b33e67fb5055af55289fb445d5154ef4f6bdc29852fe5152da2660529a0d1e389bb289adfe56e7cab412c2d9c12d153e6e0a22bcfc2ded6b95ec3e8c5896122a0515de1e6669c353b985c8265802ebc0fbc6939347ddb866f2f7bea11a3287cb6163235ddef9573de83b9bc0dc3c95c38a156eca49a2b5c163b9fd786dc1aaa3040c6552dbf3cfa8ed8aed334fa01752f901349f58a70ec848f5129eb47a191fcbd08dfe1b4171118c0db5720d0fc1ea31d7ed27dbc9390670dc24470a5cee71cdcea6324c1fae294374451f24c5d0cbc3a06cce719d327bd1d2072596a52d1f22a16fd867167b50a8c587d28b9dc02197dacf16260a69c364f505c3bf9eca1572ddd7be56d2b91b330686069e8c810269fa892df86294ff96109ffcf07b6e51100bd156abc43f836fab1f51c1c247cf45cf8d63ef358aaf38ae05caff500320756935ac45590bcba0eb218654a68a384064596da22013205f93ce72f0821ffedbd54eaabdf6739ae26fd307b7acaa4073f0b82ad4f620ed85e10f55f1a40ef2c4acddd8b8ead111c861e705d50f54513fa8a8e030137e15867cb88911599c82e7f20e1b79eddefb3c23ebaea3a4ed8b7e85499ad70de32c061d05bf778cf3463f20e2bd04a27eec9d2ee333ecef6bc06e3f7f55cd2022777cd8624335d4817b1e492c3f2f05b3b6d1f9f7d351125014404a6ada0b83f4cde27c0f439a55a36d190e7d8676efac522338dbe8ad09540bbfbd2814e3512c55639bab04a9a9fa1f305244f4088511e712c3d6cee335b2006890499dac2addd6d358e844812724ac3e65a64de415c215d63692dc2b390dccaf4c631c2221284c4d3ed0fcd1a2d93d66a85fa9c351853bb003e993883f7716ac9e6da1990f495dc142b26d04d5d535f2fdaea671ccb0e50048bad08316d26d0ce769ca06a64676fe06ee4fabe72969771dc71f49f367379b5e93108bfd2a88598b9555e93254d1e2ead4f5e12b604efe91e328842e3bdb6791ede1fc1d408d6badeb2c5fca63d2a68aa7510587927fdcc3925b598cc900026a1bb1f34d377a8c52d874d63dcdfcabe488ac4d7a222bf4ce48861b8ca580cb97fe1c435c4fd5350626494fbff62d3e578fe6359b7b21da65ef6434918a7fc9b8aadfda7a65bdcfad20b6913af0e3b919e97d641044e4a1c868a0b4277b869c6b3b73d24148cc76fd7bcc584dd9370adbfa426ae54e709a76fac9fedb3c6b42c3357f7962b53337efc6580c58412b4c5ff0da1ee68087228df51965d882a8f8d0a4742f5ca52b0580618ddc0c6bf9930613aa20964747d63293bf230261e7522f9d42e6261f79cdc07b694f5d13b6db59c18392abebf65da826434c6ccd3731c5e28ca28b7bd44fa6ccc81ea51bc1bc66f7df860b00053a3976a40730dc3c449d907c5069e8c21885b3c26ec7a25f8cbae32d1b9fd01f7c9a7e5252b5290a2097933c412af590b14e591f840eb8abadd157759946a28f0617b33afbbe9c835c119b6cc5916bd96159bbac94671907482c0be0b45bf583f6fbdc5fcc44e1c2eda0fd4a9fc424853f1ca27434b8e55e02abaec5d975be61caf473f2ac04a00c7fe6c4a74bcef0fe3dc29bee2b1b20aff6fdd7df297371e5957ce3cedd2e3f63ef231ee41fd0f6e9176c2b913443af6601e11535ab53f8d380abde45a3ae12323025e23ee32e52e684394eb5d04b4ebf16332c7ef5cf6386121d7a4ecac498d3bab4fd49c319b29884cb49cf4295ca9e79f432f76287c16ec1ee4d3e84df9a1c1a77377af658780cfc94037d5a5da7ca4332dd3c6389c36fefdf94fdc5c60f3dae1fdb7f1a362829ab01e05784b7871be4f59d7467b179e4329466dd4dcfda104d8bb35382d9c40e2cf13412f56f91331df362a0f4681138acf3a515395d771b7163de0f3debd671e6df60b28d8a419db7765d3ab4b1e029537792bdf0ea39b0f5f0b7f222195ae367e14dc3a2a221de53ffccfa32b6e0cb641d36d07fb59afa68a1dda2598f214192b6337509ce11e87dd8a082f454c5a8b1801cefc8bfca4bc13d54f776e4107fd10c6826838cd52d1e2a685d2421aefd6d8f033d911cb691825bb295d1ab02ab65e86586971befe533bb9f1c204390d52679d4af97d54eb36f2e68625407a2c6ef237c194af0d92d222e2168013d904e3f8043268fcc4509f9d075b36282f391206b48e45ad98cda976fa36e1b063c85c1c1553cc451eec8d1d782300fd385b98aff5c858269819687356b395e82eefe47a3a54b43c19bd5d0ae6fb30add3a29ce50c603dcdbbcf3d65480e99f0e0b430c5521c377b68462354aa2ae65aa529167bc9716cca995d7825d664138c4a860fb2b2c39824f357defef5c829b9e9042252fb9cb3798bce3266492820e4f13283d6f15ffc9fb90ff996b23304728e9f4b563f44198be0dcce770032e7d3545eb64550f143b33894503d2d1a42c152fdcbff97d2e58b1bcad9f5a2adc095390981859b742a4c67fdf1852afaeed173cb841421b08e3473b50a4845413b64ceb3362bd792fb76d330943145d0486541424878e362371ce7b6b4d164f7b82c60915beaaaa13a8e3bd479f94a96687cdaec1410b8097c28ee058bd14cee4c7c1425797c83de1552c75ac0dceb05191c69feb924b20ffa8fb9bef08addad34cde3d1a09635e8bd9ec195b13a1d3ab2fb737a654fcbcb67afed27967c2cf1a5fef8e8535de99d4e696c9d36335b0e92b0cd2c5523f3e119913824361429040faacd74d45ca34f328aea43e470463d06dd4c109f7ae21938a0b994875f6a5d7e227523d6c5811f53bd26f03bd9f623547d818bddca218b1b65d01ed44d0dd046b1ce083e9f6c9fcd3e3bc255f7cfc846b3a95235e5bcec100c6befda7b8d59403b2bffe485e21e3c8bd82fc9e097bdaf7d6ccbc4fdae3fcac9c9a5133bb617126254171b38abbc730286ffdb6ffbc212685717f0e1421312f88d8e1032ea0d9ba28a2c54b25bb286d11424f87257712fc7a98318b13e178e23e49a7ca2f26b18f3214df6be571a0bbee0595bf8e613d56406f6d754247a96566b6b0cab71feea16c3cf977aa29810869c7b440fa02ceedd599098492542c3e682d4118ce7f1f6c1a0b1a79078a81e334f952f1d1059b2e24d6959e0bde11ded5928a92c7ee02de6927cd6f2971995a1e7dce9328951b8244c8b9fa037eeeaec1a9f16113e0ab09e03913d8f8ebaaf0ebdaf1dc916368a30b6f05a3a3b2018590d6d289f1ff0ac38e52d292645b98bc91b65858cae91cbceda775524cafca91d67a7a7c9137f9004dc221114eff1f3035e19e34055f8d965602017b20b91488fcd60f57e1dbc574b72d99c8c566d5f79f67e133a2dd9df0e6d0e417663eae6f9861f6c3db393d6fd7ae0aeef433a8e615378cbc2723bd1593669c5da208f37f374942bc0ef9e4035f561e081f55e09d22ae4645742d97ac402d8e050831fc0fe8b274c91fdeca90202d30d1b283b948b4143b0fc92010e60bf59d6599f7238d8f1401f0dca442796b3edff8fc97a7fde830a62c66631dba061f7cca1beffc883c87e5816232e4fb00da0e9883d8557568950d37120d0bb7dcb59b43171a74ce833f3c346ce25e158a48a4cfe896eaa039cf1dd6fdc26cdf84885a70b407d59445ea3c4f0ea2db341f2b13cd7431db9d00da3809dec67fc1190b9ed33a00a57c3213266f0119caaa76e9ebf8451d9d083512357c546636f019ea7be59786679cb68d0f9a1946d140b0d529323949f75be294fff04fa621042c93fdd5d2f0e03570766b382da859e267151a271969392bef3500326830106984de6432394085797613a164e64dd7b05f1578b3b020af0d5238499a3032cb352851b844b33b65e7826bde5a268aaf42fadb5172d74ab3118314d3805219fa82d8c8a42240960d0ea498fb6d4c451479f70f8726e39ce8564fe0c8df942120ca841a5e90eca016cda2b9bddbb6217915b2f73e92dd98fdb9b7e6211d4a081072ec2fe6b0adfa65c032b451e5c4f0a0d60751e783f24d61f412148d54e41a25100cd915174c52e09d36f24b5bea89c0600a2cd487bed4f1914723efc7d279bcc6098c9d9fba46a32ddf17ac377b5f39b552ec8ce041204309530ee5da8325f3bef8363765d1f3ebcdd65d01912838a67ec65da53cd4f22116171eaa6097bb4eafe478804ad02df23601ee8ce21e2da4d7971e9729a90f4814d157575432844ece91332cdee26e80477f490c14c36d92a2e33340ac885c218b1f1f28058de3a042a98738f37bdab9fa6ac5c0e28a462d59e8f6d0b37821332fbcfaee6f9ad3f164a785048f68efacd118c4b9e8be5ec140f7c4ec1114a5e8dad1ddb986fbc707750b505cc899f1268ccdc9d6fdb18c717ba1bc18d35855e85df0e8e0c848e2baa6e5842c0363eed59e7bf795ef87c90535fa0b6198ff91d8593244296d58f631ad25957ffb9233a384d083685cba208f471eae5c7636a4e6dcfcecee99f9d83ece4dbd6d40e816c488f38f5df48d5e6a12ea0c03bba7bd80eca81e66e067a7f9cf7a6520df3d7a7e53294d8dab7a6255b599d060c5586d363748476ad158452dbec202f42ea010abfea1e0f1609b13c50fa3ba756618d9ba72ec6f395bbaf471cf36d119239d689191f17a5745bdd7c60757c3be426cb4f6992f6b083912aabfa2284d3909f40d9aa9336e5fc4bd7294407a1038c4a007fd0f19525eea1b8993f9a2a019af4c8a8d6b36b037e001ab1a02406cd334135d12a991914a3907bc1f5a4445de697955649cf6ec562d0d6d5ca1a66cab0fa05c35257f44d72a10a893995048ac4e49166f8b02e02fdf9ec20be49454385d949fed5b6af190a254ca937b66f56efa609c6529815ec2b39a9aae362035315f8e4a0ad69d70d4320ea27e66ebff23400e884ac7dee36a517a381803fc5eecefb43f1bb5871905501537385f4227602b0bfb9b054ee47ed620820a70ab4ee3355ee319fefd97cb74869ec2bd35eb105759f4a790dffe0061846163481cdc1dee25be7eb8a09beaef00fc87aa7fd80e8e706eeb0887ac4d1666b77246b0bf66d2193c227c008ab292490c31258396ef1b23305f6c5825671257be2c872cf34c91fb6e15ac8a5eb5b5c3a1edc39979605f0ecd577d6f6273c47f350608512509568aac751187d55be100fec20436baec03ff5d3d5dea292d8588d1f98b5e4c59b0f421f13168cc672ba6a6371744f12cd25ebb1cbb2541ff523ec6463", 0x1000}, {&(0x7f0000002480)="8b74058fa561262171b96454183ca4c48a54e63d886de33506bfb13e868724d9822e1e6e18d1c0840c347abd54da96c4a8f1357c3ec48ef75bf70a47e470d9e9d96cfe2d897e23d8e68ae6f40483e089fdb5c137c1d8e4b8c48d2e0a1bcc94996c804eae14faf36ee68198e20edad4dbb5b689401a7f63e47655166b2117ae0ad66eba696334fe28d956b84764449a4ee16e2b53ac45cf1fb4db61e0be4eff8fd07f4eda33bdb91712216d97d53683626da0a8d001716d1a4639d99a9458747cbdd04056676e877ab967f3ed72e458a3efd542545b87fe7aa1953954f4c146f7f9c1bec5c46a04913390f2cdbac2b77eba64b719d27f190bc78c6b0a88", 0xfd}], 0x7, &(0x7f00000000c0)={0x30, 0x10f, 0x80000000, "ca4e5e142689f2488f2f6f7f0655be901839957cba56d71149ebd38b11e9bd13"}, 0x30, 0x4000}], 0x1, 0x80)
mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0x7, 0x7, 0x4)
clone(0x4002000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))

[ 2430.779334] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2430.779343] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2430.831605] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2430.840487] CPU: 0 PID: 23806 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2430.847872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2430.847880] Call Trace:
[ 2430.847907]  dump_stack+0x244/0x39d
[ 2430.847931]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2430.868692]  handle_userfault.cold.32+0x47/0x62
[ 2430.873405]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2430.878010]  ? mark_held_locks+0x130/0x130
[ 2430.882269]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2430.887296]  ? futex_wait_setup+0x266/0x3e0
[ 2430.887326]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2430.887347]  ? userfaultfd_ctx_put+0x830/0x830
[ 2430.896868]  ? futex_wait+0x5a1/0xa50
[ 2430.896891]  ? print_usage_bug+0xc0/0xc0
[ 2430.896909]  ? print_usage_bug+0xc0/0xc0
[ 2430.896928]  ? print_usage_bug+0xc0/0xc0
[ 2430.917494]  ? zap_class+0x640/0x640
[ 2430.921229]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2430.926343]  ? futex_wake+0x304/0x760
[ 2430.930184]  ? find_held_lock+0x36/0x1c0
[ 2430.934275]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2430.938874]  ? lock_downgrade+0x900/0x900
[ 2430.943046]  ? kasan_check_read+0x11/0x20
[ 2430.947219]  ? do_raw_spin_unlock+0xa7/0x330
[ 2430.951650]  ? do_raw_spin_trylock+0x270/0x270
[ 2430.956267]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2430.961939]  __handle_mm_fault+0x4bbd/0x5be0
[ 2430.966397]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2430.971255]  ? zap_class+0x640/0x640
[ 2430.974995]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2430.979951]  ? kasan_check_read+0x11/0x20
[ 2430.984117]  ? rcu_softirq_qs+0x20/0x20
[ 2430.988119]  ? zap_class+0x640/0x640
[ 2430.991846]  ? zap_class+0x640/0x640
[ 2430.995579]  ? find_held_lock+0x36/0x1c0
[ 2430.999666]  ? handle_mm_fault+0x42a/0xc70
[ 2431.003908]  ? lock_downgrade+0x900/0x900
[ 2431.008051]  ? check_preemption_disabled+0x48/0x280
[ 2431.013071]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2431.018011]  ? kasan_check_read+0x11/0x20
[ 2431.022175]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2431.027471]  ? rcu_softirq_qs+0x20/0x20
[ 2431.031483]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2431.036605]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
08:16:48 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x7, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

[ 2431.042164]  ? check_preemption_disabled+0x48/0x280
[ 2431.047213]  handle_mm_fault+0x54f/0xc70
[ 2431.051311]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2431.055912]  ? find_vma+0x34/0x190
[ 2431.055934]  __do_page_fault+0x5e8/0xe60
[ 2431.055949]  ? trace_hardirqs_off+0xb8/0x310
[ 2431.055975]  do_page_fault+0xf2/0x7e0
[ 2431.055993]  ? vmalloc_sync_all+0x30/0x30
[ 2431.075956]  ? error_entry+0x70/0xd0
[ 2431.079697]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2431.084732]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2431.089682]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2431.094627]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2431.099487]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2431.104524]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2431.109991]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2431.115027]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2431.120034]  ? page_fault+0x8/0x30
[ 2431.123569]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2431.128408]  ? page_fault+0x8/0x30
[ 2431.131937]  page_fault+0x1e/0x30
[ 2431.135430] RIP: 0033:0x4510a0
[ 2431.135816] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2431.138638] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2431.138647] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2431.138660] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2431.138676] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2431.181992] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2431.189283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2431.196558] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2431.203888] CPU: 1 PID: 23839 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2431.211287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2431.211298] Call Trace:
[ 2431.223248]  dump_stack+0x244/0x39d
[ 2431.226901]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2431.232303]  handle_userfault.cold.32+0x47/0x62
[ 2431.237002]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2431.241600]  ? mark_held_locks+0x130/0x130
[ 2431.245857]  ? find_held_lock+0x36/0x1c0
[ 2431.249980]  ? userfaultfd_ctx_put+0x830/0x830
[ 2431.254588]  ? kasan_check_read+0x11/0x20
[ 2431.254606]  ? print_usage_bug+0xc0/0xc0
[ 2431.254626]  ? do_raw_spin_trylock+0x270/0x270
[ 2431.262824]  ? print_usage_bug+0xc0/0xc0
[ 2431.262843]  ? print_usage_bug+0xc0/0xc0
[ 2431.262862]  ? zap_class+0x640/0x640
[ 2431.279257]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2431.284387]  ? futex_wake+0x304/0x760
[ 2431.288202]  ? find_held_lock+0x36/0x1c0
[ 2431.292258]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2431.296826]  ? lock_downgrade+0x900/0x900
[ 2431.300967]  ? kasan_check_read+0x11/0x20
[ 2431.305102]  ? do_raw_spin_unlock+0xa7/0x330
[ 2431.309499]  ? do_raw_spin_trylock+0x270/0x270
[ 2431.314080]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2431.319696]  __handle_mm_fault+0x4bbd/0x5be0
[ 2431.324096]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2431.328930]  ? zap_class+0x640/0x640
[ 2431.332634]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2431.337555]  ? kasan_check_read+0x11/0x20
[ 2431.341688]  ? rcu_softirq_qs+0x20/0x20
[ 2431.345652]  ? zap_class+0x640/0x640
[ 2431.349353]  ? zap_class+0x640/0x640
[ 2431.353067]  ? find_held_lock+0x36/0x1c0
[ 2431.357117]  ? handle_mm_fault+0x42a/0xc70
[ 2431.361337]  ? lock_downgrade+0x900/0x900
[ 2431.365483]  ? check_preemption_disabled+0x48/0x280
[ 2431.370498]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2431.375585]  ? kasan_check_read+0x11/0x20
[ 2431.379719]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2431.384982]  ? rcu_softirq_qs+0x20/0x20
[ 2431.388977]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2431.394067]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2431.399592]  ? check_preemption_disabled+0x48/0x280
[ 2431.404609]  handle_mm_fault+0x54f/0xc70
[ 2431.408661]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2431.413233]  ? find_vma+0x34/0x190
[ 2431.416763]  __do_page_fault+0x5e8/0xe60
[ 2431.420809]  ? trace_hardirqs_off+0xb8/0x310
[ 2431.425210]  do_page_fault+0xf2/0x7e0
[ 2431.429000]  ? vmalloc_sync_all+0x30/0x30
[ 2431.433149]  ? error_entry+0x70/0xd0
[ 2431.436854]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2431.441863]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2431.446787]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2431.451712]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2431.456543]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2431.461548]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2431.466995]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2431.472028]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2431.477033]  ? page_fault+0x8/0x30
[ 2431.480574]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2431.485409]  ? page_fault+0x8/0x30
[ 2431.488936]  page_fault+0x1e/0x30
[ 2431.492386] RIP: 0033:0x4510a0
[ 2431.495569] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2431.514457] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2431.519811] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2431.527067] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2431.534324] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
08:16:49 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2431.541577] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2431.548834] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:49 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000600)=@framed={{0xffffffb4, 0x4000, 0x0, 0x0, 0x0, 0x75, 0x0, 0x20001}, [@ldst={0x7}]}, &(0x7f0000000500)='syzkaller\x00', 0x5, 0x351, &(0x7f000000cf3d)=""/195}, 0x238)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x80045500, &(0x7f0000000080))

08:16:49 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x1000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:49 executing program 1:
r0 = syz_open_dev$admmidi(0x0, 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:49 executing program 4:
syz_open_dev$vivid(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x80000, 0x0)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000180)={<r2=>0x0, 0x100000001}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYBLOB="03000700023f020600000300b000ff0f2000c3b1e9e22a627671d77be332a2"], &(0x7f0000000240)=0x16)
openat$cgroup_int(r1, &(0x7f0000000280)='memory.low\x00', 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x400080, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={<r3=>0x0, r1, 0x0, 0xc, &(0x7f00000002c0)='^usermd5sum\x00'}, 0x30)
waitid(0x2, r3, &(0x7f0000000340), 0x40000002, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xfffffffffffffff7, 0x100)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:49 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6800000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:49 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xfeffffff00000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2431.774741] FAULT_FLAG_ALLOW_RETRY missing 70
08:16:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc0045516, &(0x7f0000000080))

[ 2431.798828] CPU: 1 PID: 23858 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2431.806235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2431.815594] Call Trace:
[ 2431.818206]  dump_stack+0x244/0x39d
[ 2431.821864]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2431.827102]  handle_userfault.cold.32+0x47/0x62
[ 2431.831801]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 2431.836422]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2431.836445]  ? mark_held_locks+0x130/0x130
[ 2431.836468]  ? _raw_spin_unlock_irq+0x60/0x80
[ 2431.836494]  ? finish_task_switch+0x1f4/0x910
[ 2431.845316]  ? finish_task_switch+0x1b4/0x910
[ 2431.845332]  ? __switch_to_asm+0x34/0x70
[ 2431.845354]  ? preempt_notifier_register+0x200/0x200
[ 2431.845378]  ? __switch_to_asm+0x34/0x70
[ 2431.845398]  ? __switch_to_asm+0x34/0x70
[ 2431.845416]  ? __switch_to_asm+0x40/0x70
[ 2431.876158]  ? __switch_to_asm+0x34/0x70
[ 2431.876172]  ? __switch_to_asm+0x40/0x70
[ 2431.876185]  ? __switch_to_asm+0x34/0x70
[ 2431.876199]  ? __switch_to_asm+0x40/0x70
[ 2431.876211]  ? __switch_to_asm+0x34/0x70
[ 2431.876232]  ? print_usage_bug+0xc0/0xc0
[ 2431.884350]  ? __switch_to_asm+0x40/0x70
[ 2431.884373]  ? __switch_to_asm+0x34/0x70
[ 2431.884386]  ? __switch_to_asm+0x40/0x70
[ 2431.884408]  ? __schedule+0x8d7/0x21d0
[ 2431.884425]  ? print_usage_bug+0xc0/0xc0
[ 2431.884449]  ? zap_class+0x640/0x640
[ 2431.884475]  ? mark_held_locks+0xc7/0x130
[ 2431.924884]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2431.924912]  ? find_held_lock+0x36/0x1c0
[ 2431.924941]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2431.924959]  ? lock_downgrade+0x900/0x900
[ 2431.924983]  ? kasan_check_read+0x11/0x20
[ 2431.932837]  ? do_raw_spin_unlock+0xa7/0x330
[ 2431.932853]  ? do_raw_spin_trylock+0x270/0x270
[ 2431.932881]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2431.932909]  __handle_mm_fault+0x4bbd/0x5be0
[ 2431.932935]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2431.932955]  ? zap_class+0x640/0x640
[ 2431.954620]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2431.954636]  ? kasan_check_read+0x11/0x20
[ 2431.954655]  ? rcu_softirq_qs+0x20/0x20
[ 2431.954683]  ? zap_class+0x640/0x640
08:16:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x5421, &(0x7f0000000080))

[ 2431.954699]  ? zap_class+0x640/0x640
[ 2431.954720]  ? find_held_lock+0x36/0x1c0
[ 2431.963720]  ? handle_mm_fault+0x42a/0xc70
[ 2431.963739]  ? lock_downgrade+0x900/0x900
[ 2431.963758]  ? check_preemption_disabled+0x48/0x280
[ 2431.963777]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2431.963793]  ? kasan_check_read+0x11/0x20
[ 2431.963807]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2431.963825]  ? rcu_softirq_qs+0x20/0x20
[ 2432.029386]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2432.029409]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2432.029428]  ? check_preemption_disabled+0x48/0x280
[ 2432.029454]  handle_mm_fault+0x54f/0xc70
[ 2432.029473]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2432.038763]  ? find_vma+0x34/0x190
[ 2432.038787]  __do_page_fault+0x5e8/0xe60
[ 2432.038803]  ? trace_hardirqs_off+0xb8/0x310
[ 2432.038830]  do_page_fault+0xf2/0x7e0
[ 2432.038848]  ? vmalloc_sync_all+0x30/0x30
[ 2432.078914]  ? error_entry+0x70/0xd0
[ 2432.078934]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2432.078950]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2432.078968]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2432.078984]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2432.079004]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2432.091891]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2432.091911]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2432.091931]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2432.091946]  ? page_fault+0x8/0x30
[ 2432.091965]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2432.091984]  ? page_fault+0x8/0x30
[ 2432.092001]  page_fault+0x1e/0x30
[ 2432.111702] RIP: 0033:0x4510a0
[ 2432.111720] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2432.111729] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2432.111742] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2432.111753] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2432.111762] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2432.111777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
08:16:50 executing program 1:
r0 = syz_open_dev$admmidi(0x0, 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:50 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x2000002})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
time(&(0x7f00000000c0))
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040)=0x6671, 0x1)

08:16:50 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xf0]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2432.111787] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2432.207861] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2432.233556] CPU: 1 PID: 23868 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2432.240945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2432.250322] Call Trace:
[ 2432.252943]  dump_stack+0x244/0x39d
[ 2432.256600]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2432.261856]  handle_userfault.cold.32+0x47/0x62
[ 2432.266582]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2432.271185]  ? mark_held_locks+0x130/0x130
[ 2432.275443]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2432.280492]  ? futex_wait_setup+0x266/0x3e0
[ 2432.284851]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2432.290064]  ? userfaultfd_ctx_put+0x830/0x830
[ 2432.294664]  ? futex_wait+0x5a1/0xa50
08:16:50 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x800e]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:50 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f00000000c0)={0x0, &(0x7f0000000040), 0x6, r2, 0xd})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2432.298490]  ? print_usage_bug+0xc0/0xc0
[ 2432.302567]  ? print_usage_bug+0xc0/0xc0
[ 2432.306652]  ? print_usage_bug+0xc0/0xc0
[ 2432.310736]  ? zap_class+0x640/0x640
[ 2432.314469]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2432.319594]  ? futex_wake+0x304/0x760
[ 2432.323448]  ? find_held_lock+0x36/0x1c0
[ 2432.327534]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2432.332144]  ? lock_downgrade+0x900/0x900
[ 2432.336330]  ? kasan_check_read+0x11/0x20
[ 2432.340516]  ? do_raw_spin_unlock+0xa7/0x330
[ 2432.344939]  ? do_raw_spin_trylock+0x270/0x270
[ 2432.349545]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2432.355204]  __handle_mm_fault+0x4bbd/0x5be0
[ 2432.359645]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2432.364634]  ? zap_class+0x640/0x640
[ 2432.368370]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2432.373316]  ? kasan_check_read+0x11/0x20
[ 2432.377497]  ? rcu_softirq_qs+0x20/0x20
[ 2432.381502]  ? zap_class+0x640/0x640
[ 2432.385236]  ? zap_class+0x640/0x640
[ 2432.388977]  ? find_held_lock+0x36/0x1c0
[ 2432.393064]  ? handle_mm_fault+0x42a/0xc70
[ 2432.397317]  ? lock_downgrade+0x900/0x900
08:16:50 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x14]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2432.401487]  ? check_preemption_disabled+0x48/0x280
[ 2432.406521]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2432.406538]  ? kasan_check_read+0x11/0x20
[ 2432.406554]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2432.406569]  ? rcu_softirq_qs+0x20/0x20
[ 2432.406586]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2432.406607]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2432.435584]  ? check_preemption_disabled+0x48/0x280
[ 2432.435609]  handle_mm_fault+0x54f/0xc70
[ 2432.435630]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2432.435651]  ? find_vma+0x34/0x190
[ 2432.435672]  __do_page_fault+0x5e8/0xe60
[ 2432.435692]  ? trace_hardirqs_off+0xb8/0x310
[ 2432.441333] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2432.444773]  do_page_fault+0xf2/0x7e0
[ 2432.444791]  ? vmalloc_sync_all+0x30/0x30
[ 2432.444808]  ? error_entry+0x70/0xd0
[ 2432.444829]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2432.477551]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2432.477569]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2432.477586]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2432.477606]  ? trace_hardirqs_on_caller+0x310/0x310
08:16:50 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x800e000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2432.502321]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2432.507808]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2432.512846]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2432.517897]  ? page_fault+0x8/0x30
[ 2432.521455]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2432.526315]  ? page_fault+0x8/0x30
[ 2432.529878]  page_fault+0x1e/0x30
[ 2432.533345] RIP: 0033:0x4510a0
[ 2432.536567] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2432.555478] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2432.560854] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2432.568143] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2432.575429] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2432.582714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2432.589995] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2432.597298] CPU: 0 PID: 23899 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2432.604697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2432.614060] Call Trace:
[ 2432.616667]  dump_stack+0x244/0x39d
[ 2432.620315]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2432.625532]  handle_userfault.cold.32+0x47/0x62
[ 2432.630231]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2432.634832]  ? mark_held_locks+0x130/0x130
[ 2432.639090]  ? find_held_lock+0x36/0x1c0
[ 2432.643181]  ? userfaultfd_ctx_put+0x830/0x830
[ 2432.647791]  ? kasan_check_read+0x11/0x20
[ 2432.651955]  ? print_usage_bug+0xc0/0xc0
[ 2432.656027]  ? do_raw_spin_trylock+0x270/0x270
[ 2432.660645]  ? print_usage_bug+0xc0/0xc0
[ 2432.664727]  ? print_usage_bug+0xc0/0xc0
[ 2432.668805]  ? zap_class+0x640/0x640
[ 2432.672537]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2432.677665]  ? futex_wake+0x304/0x760
[ 2432.681507]  ? find_held_lock+0x36/0x1c0
[ 2432.685596]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2432.690198]  ? lock_downgrade+0x900/0x900
[ 2432.694394]  ? kasan_check_read+0x11/0x20
[ 2432.698565]  ? do_raw_spin_unlock+0xa7/0x330
[ 2432.702986]  ? do_raw_spin_trylock+0x270/0x270
[ 2432.707600]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2432.713250]  __handle_mm_fault+0x4bbd/0x5be0
[ 2432.717681]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2432.722542]  ? zap_class+0x640/0x640
[ 2432.722558]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2432.722574]  ? kasan_check_read+0x11/0x20
[ 2432.722590]  ? rcu_softirq_qs+0x20/0x20
[ 2432.722617]  ? zap_class+0x640/0x640
[ 2432.722635]  ? zap_class+0x640/0x640
[ 2432.731316]  ? find_held_lock+0x36/0x1c0
[ 2432.746844]  ? handle_mm_fault+0x42a/0xc70
[ 2432.755126]  ? lock_downgrade+0x900/0x900
[ 2432.755145]  ? check_preemption_disabled+0x48/0x280
[ 2432.755164]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2432.755180]  ? kasan_check_read+0x11/0x20
[ 2432.755196]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2432.755213]  ? rcu_softirq_qs+0x20/0x20
[ 2432.764400]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2432.773458]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2432.773476]  ? check_preemption_disabled+0x48/0x280
[ 2432.773500]  handle_mm_fault+0x54f/0xc70
08:16:50 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x40100)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000240)=""/219)
clock_settime(0x2, &(0x7f0000000040)={0x0, 0x1c9c380})
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000140)={{0x2, 0x1f}, 'port0\x00', 0x80, 0x1000, 0x2, 0x80000001, 0x9, 0x5, 0x5, 0x0, 0x2, 0x9a8})

[ 2432.773524]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2432.782784]  ? find_vma+0x34/0x190
[ 2432.782806]  __do_page_fault+0x5e8/0xe60
[ 2432.782821]  ? trace_hardirqs_off+0xb8/0x310
[ 2432.782847]  do_page_fault+0xf2/0x7e0
[ 2432.793515]  ? vmalloc_sync_all+0x30/0x30
[ 2432.793533]  ? error_entry+0x70/0xd0
[ 2432.793550]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2432.793565]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2432.793583]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2432.793603]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2432.802674]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2432.802691]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2432.802713]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2432.802731]  ? page_fault+0x8/0x30
[ 2432.810895]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2432.874577]  ? page_fault+0x8/0x30
[ 2432.878135]  page_fault+0x1e/0x30
[ 2432.881602] RIP: 0033:0x4510a0
[ 2432.884815] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
08:16:50 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x7a00000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc0505510, &(0x7f0000000080))

08:16:50 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x1000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:50 executing program 1:
r0 = syz_open_dev$admmidi(0x0, 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:50 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0)
write$P9_RREAD(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="7d00000075020072000000548bcfe165a1ab063622394ff111d436648416a8d517f00a2dcb76c47cd202bd4a4f0a884f54313cf3ab3b2d83bb282413dbd3a8fb894f1734c9ab9fbe171150c08a504ae1f474260f43e15b19468f54a7bf13a3302377d57039bc2067f9a15645f38aec74a0c796ef25f9bd5c8fc1718cd6"], 0x7d)
bind$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x6, {0x2, 0x3f, 0x8, 0x4f, 0xfffffffffffffffc, 0x81}, 0x9}, 0xe)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

[ 2432.903733] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2432.909111] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2432.916406] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2432.923687] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2432.930960] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2432.938223] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:50 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:50 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x600]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:50 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x4000, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000080)={<r3=>0x0, 0x5, 0x30, 0x80, 0x508}, &(0x7f00000000c0)=0x18)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000140)={r3, 0x5}, &(0x7f00000001c0)=0x8)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff}, 0x106, 0xb}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f00000002c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000200), 0x3, {0xa, 0x4e21, 0x1, @remote, 0x4}, r4}}, 0x38)
r5 = userfaultfd(0x0)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000040)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2433.079104] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2433.090725] CPU: 1 PID: 23930 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2433.098107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2433.107465] Call Trace:
[ 2433.110071]  dump_stack+0x244/0x39d
[ 2433.113716]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2433.118933]  handle_userfault.cold.32+0x47/0x62
[ 2433.123625]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2433.128217]  ? mark_held_locks+0x130/0x130
[ 2433.132462]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2433.137485]  ? futex_wait_setup+0x266/0x3e0
[ 2433.141826]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2433.147026]  ? userfaultfd_ctx_put+0x830/0x830
[ 2433.151613]  ? futex_wait+0x5a1/0xa50
[ 2433.155424]  ? print_usage_bug+0xc0/0xc0
[ 2433.159492]  ? print_usage_bug+0xc0/0xc0
[ 2433.163567]  ? print_usage_bug+0xc0/0xc0
[ 2433.167634]  ? zap_class+0x640/0x640
[ 2433.171368]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2433.176476]  ? futex_wake+0x304/0x760
[ 2433.180295]  ? find_held_lock+0x36/0x1c0
[ 2433.184385]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2433.188985]  ? lock_downgrade+0x900/0x900
[ 2433.193146]  ? kasan_check_read+0x11/0x20
[ 2433.197299]  ? do_raw_spin_unlock+0xa7/0x330
[ 2433.201710]  ? do_raw_spin_trylock+0x270/0x270
[ 2433.206300]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2433.211940]  __handle_mm_fault+0x4bbd/0x5be0
[ 2433.216376]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2433.221259]  ? zap_class+0x640/0x640
[ 2433.224975]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2433.229908]  ? kasan_check_read+0x11/0x20
[ 2433.234324]  ? rcu_softirq_qs+0x20/0x20
[ 2433.238324]  ? zap_class+0x640/0x640
[ 2433.242059]  ? zap_class+0x640/0x640
[ 2433.245788]  ? find_held_lock+0x36/0x1c0
[ 2433.249885]  ? handle_mm_fault+0x42a/0xc70
[ 2433.254126]  ? lock_downgrade+0x900/0x900
[ 2433.258282]  ? check_preemption_disabled+0x48/0x280
[ 2433.263305]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2433.268239]  ? kasan_check_read+0x11/0x20
[ 2433.272394]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2433.277680]  ? rcu_softirq_qs+0x20/0x20
[ 2433.281658]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2433.286773]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2433.292315]  ? check_preemption_disabled+0x48/0x280
[ 2433.297343]  handle_mm_fault+0x54f/0xc70
[ 2433.301421]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2433.306016]  ? find_vma+0x34/0x190
[ 2433.309566]  __do_page_fault+0x5e8/0xe60
[ 2433.313632]  ? trace_hardirqs_off+0xb8/0x310
[ 2433.318057]  do_page_fault+0xf2/0x7e0
[ 2433.321873]  ? vmalloc_sync_all+0x30/0x30
[ 2433.326057]  ? error_entry+0x70/0xd0
[ 2433.329776]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2433.334800]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2433.339738]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2433.344673]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2433.349521]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2433.354544]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2433.360000]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2433.365533]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2433.370552]  ? page_fault+0x8/0x30
[ 2433.374105]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2433.378956]  ? page_fault+0x8/0x30
[ 2433.382505]  page_fault+0x1e/0x30
[ 2433.385961] RIP: 0033:0x4510a0
[ 2433.389169] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2433.408076] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2433.413445] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2433.420716] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2433.427988] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2433.435257] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2433.442533] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:51 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:51 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xe80]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:51 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x20000000000)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:51 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x4000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc0045878, &(0x7f0000000080))

08:16:51 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x806000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:51 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2433.751484] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2433.766778] CPU: 0 PID: 23962 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2433.774162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2433.783515] Call Trace:
[ 2433.786116]  dump_stack+0x244/0x39d
[ 2433.789761]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2433.794973]  handle_userfault.cold.32+0x47/0x62
[ 2433.799669]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2433.804262]  ? mark_held_locks+0x130/0x130
[ 2433.808506]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2433.813532]  ? futex_wait_setup+0x266/0x3e0
[ 2433.817870]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2433.823067]  ? userfaultfd_ctx_put+0x830/0x830
[ 2433.827654]  ? futex_wait+0x5a1/0xa50
[ 2433.831465]  ? print_usage_bug+0xc0/0xc0
[ 2433.835536]  ? print_usage_bug+0xc0/0xc0
[ 2433.839607]  ? print_usage_bug+0xc0/0xc0
[ 2433.843680]  ? zap_class+0x640/0x640
[ 2433.847417]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2433.852528]  ? futex_wake+0x304/0x760
[ 2433.856346]  ? find_held_lock+0x36/0x1c0
[ 2433.860436]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2433.865026]  ? lock_downgrade+0x900/0x900
[ 2433.869187]  ? kasan_check_read+0x11/0x20
[ 2433.873338]  ? do_raw_spin_unlock+0xa7/0x330
[ 2433.877768]  ? do_raw_spin_trylock+0x270/0x270
[ 2433.882367]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2433.888015]  __handle_mm_fault+0x4bbd/0x5be0
[ 2433.892446]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2433.897303]  ? zap_class+0x640/0x640
[ 2433.901027]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2433.905960]  ? kasan_check_read+0x11/0x20
[ 2433.910116]  ? rcu_softirq_qs+0x20/0x20
[ 2433.914108]  ? zap_class+0x640/0x640
[ 2433.917833]  ? zap_class+0x640/0x640
[ 2433.921558]  ? find_held_lock+0x36/0x1c0
[ 2433.925636]  ? handle_mm_fault+0x42a/0xc70
[ 2433.929882]  ? lock_downgrade+0x900/0x900
[ 2433.934043]  ? check_preemption_disabled+0x48/0x280
[ 2433.939067]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2433.944001]  ? kasan_check_read+0x11/0x20
[ 2433.948157]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2433.953440]  ? rcu_softirq_qs+0x20/0x20
[ 2433.957425]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2433.962538]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2433.968092]  ? check_preemption_disabled+0x48/0x280
[ 2433.973133]  handle_mm_fault+0x54f/0xc70
[ 2433.977203]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2433.981797]  ? find_vma+0x34/0x190
[ 2433.985350]  __do_page_fault+0x5e8/0xe60
[ 2433.989430]  ? trace_hardirqs_off+0xb8/0x310
[ 2433.993852]  do_page_fault+0xf2/0x7e0
[ 2433.997665]  ? vmalloc_sync_all+0x30/0x30
[ 2434.001819]  ? error_entry+0x70/0xd0
[ 2434.005541]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2434.010561]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2434.015503]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2434.020441]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2434.025296]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2434.030332]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2434.035810]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2434.040832]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2434.045855]  ? page_fault+0x8/0x30
[ 2434.049407]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2434.054294]  ? page_fault+0x8/0x30
[ 2434.057852]  page_fault+0x1e/0x30
[ 2434.061324] RIP: 0033:0x4510a0
[ 2434.064530] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2434.083435] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2434.088801] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
08:16:51 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8906]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:51 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

[ 2434.096078] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2434.103386] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2434.110668] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2434.117939] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc4c85512, &(0x7f0000000080))

08:16:52 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0)
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:52 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0xc0800)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:52 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x900, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:52 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x86ddffff00000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:52 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0)
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:52 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f00000000c0)={'team0\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={@mcast2, @mcast1, @mcast1, 0x3f, 0x4, 0x6, 0x0, 0x10001, 0x1200008, r1})
r2 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0xac9b, 0x2000)
getresuid(&(0x7f0000000240)=<r4=>0x0, &(0x7f0000000280), &(0x7f00000002c0))
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, <r5=>0x0}, &(0x7f0000000340)=0xc)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000380)={{{@in=@loopback, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f0000000480)=0xe8)
mount$fuseblk(&(0x7f0000000040)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='fuseblk\x00', 0x8000, &(0x7f00000004c0)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x4}}, {@max_read={'max_read', 0x3d, 0x1}}], [{@uid_gt={'uid>', r6}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@pcr={'pcr', 0x3d, 0x35}}, {@permit_directio='permit_directio'}, {@dont_appraise='dont_appraise'}, {@subj_type={'subj_type', 0x3d, '/dev/snd/controlC#\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/snd/controlC#\x00'}}]}})
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r2, 0x800455d1, &(0x7f0000000080))

08:16:52 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8864]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:52 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0)
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:52 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000ffa000/0x4000)=nil, 0x4000})
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x5452, &(0x7f0000000080))

08:16:52 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x14000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:52 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:52 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f00000000c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0)
r0 = socket(0x11, 0x2, 0x9)
fcntl$setstatus(r0, 0x4, 0x2800)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x9, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000e73000/0x2000)=nil, 0x2000, 0x0, 0x8031, r1, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0)
ioctl$EVIOCGVERSION(r1, 0x80044501, &(0x7f0000000100)=""/161)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000200), 0x10)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00027, 0x0, &(0x7f00000000c0), 0x1, 0x2000000000002)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'})
r3 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r3, 0x800455d1, &(0x7f0000000080))

[ 2434.715602] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2434.715629] CPU: 0 PID: 24025 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2434.727532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2434.736892] Call Trace:
[ 2434.736917]  dump_stack+0x244/0x39d
[ 2434.736940]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2434.736979]  handle_userfault.cold.32+0x47/0x62
[ 2434.737008]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2434.753076]  ? mark_held_locks+0x130/0x130
08:16:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x5451, &(0x7f0000000080))

[ 2434.753095]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2434.753110]  ? futex_wait_setup+0x266/0x3e0
[ 2434.753140]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2434.753159]  ? userfaultfd_ctx_put+0x830/0x830
[ 2434.753177]  ? futex_wait+0x5a1/0xa50
[ 2434.762000]  ? print_usage_bug+0xc0/0xc0
[ 2434.762019]  ? print_usage_bug+0xc0/0xc0
[ 2434.762039]  ? print_usage_bug+0xc0/0xc0
[ 2434.762057]  ? zap_class+0x640/0x640
[ 2434.762075]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2434.762092]  ? futex_wake+0x304/0x760
[ 2434.797151]  ? find_held_lock+0x36/0x1c0
[ 2434.805959]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2434.805977]  ? lock_downgrade+0x900/0x900
[ 2434.806007]  ? kasan_check_read+0x11/0x20
[ 2434.826742]  ? do_raw_spin_unlock+0xa7/0x330
[ 2434.831156]  ? do_raw_spin_trylock+0x270/0x270
[ 2434.835766]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2434.841420]  __handle_mm_fault+0x4bbd/0x5be0
[ 2434.845841]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2434.850693]  ? zap_class+0x640/0x640
[ 2434.854409]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2434.859344]  ? kasan_check_read+0x11/0x20
[ 2434.863517]  ? rcu_softirq_qs+0x20/0x20
[ 2434.867509]  ? zap_class+0x640/0x640
[ 2434.871225]  ? zap_class+0x640/0x640
[ 2434.874951]  ? find_held_lock+0x36/0x1c0
[ 2434.879029]  ? handle_mm_fault+0x42a/0xc70
[ 2434.883270]  ? lock_downgrade+0x900/0x900
[ 2434.887425]  ? check_preemption_disabled+0x48/0x280
[ 2434.892451]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2434.897395]  ? kasan_check_read+0x11/0x20
[ 2434.901548]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2434.906830]  ? rcu_softirq_qs+0x20/0x20
[ 2434.910811]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2434.915921]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2434.921467]  ? check_preemption_disabled+0x48/0x280
[ 2434.926498]  handle_mm_fault+0x54f/0xc70
[ 2434.930573]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2434.935179]  ? find_vma+0x34/0x190
[ 2434.938748]  __do_page_fault+0x5e8/0xe60
[ 2434.942815]  ? trace_hardirqs_off+0xb8/0x310
[ 2434.947249]  do_page_fault+0xf2/0x7e0
[ 2434.951056]  ? vmalloc_sync_all+0x30/0x30
[ 2434.955244]  ? error_entry+0x70/0xd0
[ 2434.958967]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2434.963986]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2434.968930]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2434.973870]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2434.978718]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2434.983737]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2434.989195]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2434.994225]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2434.999251]  ? page_fault+0x8/0x30
[ 2435.002800]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2435.007649]  ? page_fault+0x8/0x30
[ 2435.011193]  page_fault+0x1e/0x30
[ 2435.014651] RIP: 0033:0x4510a0
[ 2435.017848] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2435.036773] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2435.042138] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2435.049412] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2435.056697] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2435.063979] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2435.071252] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:53 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x3, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:53 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:53 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x5000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x4020940d, &(0x7f0000000080))

08:16:53 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x89060000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2435.359767] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2435.372595] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2435.383457] CPU: 1 PID: 24058 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2435.390846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2435.400214] Call Trace:
[ 2435.402832]  dump_stack+0x244/0x39d
[ 2435.406513]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2435.411737]  handle_userfault.cold.32+0x47/0x62
[ 2435.416441]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 2435.421048]  ? trace_hardirqs_on+0xbd/0x310
[ 2435.425410]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2435.430018]  ? mark_held_locks+0x130/0x130
[ 2435.434281]  ? _raw_spin_unlock_irq+0x60/0x80
[ 2435.438796]  ? finish_task_switch+0x1f4/0x910
[ 2435.443309]  ? finish_task_switch+0x1b4/0x910
[ 2435.447839]  ? __switch_to_asm+0x34/0x70
[ 2435.451924]  ? preempt_notifier_register+0x200/0x200
[ 2435.457043]  ? __switch_to_asm+0x34/0x70
[ 2435.461123]  ? __switch_to_asm+0x34/0x70
[ 2435.465206]  ? __switch_to_asm+0x40/0x70
[ 2435.469284]  ? __switch_to_asm+0x34/0x70
[ 2435.473372]  ? __switch_to_asm+0x40/0x70
[ 2435.477453]  ? __switch_to_asm+0x34/0x70
[ 2435.481530]  ? __switch_to_asm+0x40/0x70
[ 2435.485606]  ? __switch_to_asm+0x34/0x70
[ 2435.489691]  ? print_usage_bug+0xc0/0xc0
[ 2435.493764]  ? __switch_to_asm+0x40/0x70
[ 2435.497839]  ? __switch_to_asm+0x34/0x70
[ 2435.501920]  ? __switch_to_asm+0x40/0x70
[ 2435.505999]  ? __schedule+0x8d7/0x21d0
[ 2435.509902]  ? print_usage_bug+0xc0/0xc0
[ 2435.514000]  ? do_raw_spin_trylock+0x270/0x270
[ 2435.518609]  ? __sched_text_start+0x8/0x8
[ 2435.522772]  ? zap_class+0x640/0x640
[ 2435.526509]  ? mark_held_locks+0xc7/0x130
[ 2435.530677]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2435.535452]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 2435.540053]  ? find_held_lock+0x36/0x1c0
[ 2435.544146]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2435.548756]  ? lock_downgrade+0x900/0x900
[ 2435.552932]  ? kasan_check_read+0x11/0x20
[ 2435.557096]  ? do_raw_spin_unlock+0xa7/0x330
[ 2435.561532]  ? do_raw_spin_trylock+0x270/0x270
[ 2435.566136]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2435.571788]  __handle_mm_fault+0x4bbd/0x5be0
[ 2435.576226]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2435.581096]  ? zap_class+0x640/0x640
[ 2435.584832]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2435.589776]  ? kasan_check_read+0x11/0x20
[ 2435.593939]  ? rcu_softirq_qs+0x20/0x20
[ 2435.597937]  ? zap_class+0x640/0x640
[ 2435.601663]  ? zap_class+0x640/0x640
[ 2435.605404]  ? find_held_lock+0x36/0x1c0
[ 2435.609490]  ? handle_mm_fault+0x42a/0xc70
[ 2435.613745]  ? lock_downgrade+0x900/0x900
[ 2435.617912]  ? check_preemption_disabled+0x48/0x280
[ 2435.622956]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2435.627908]  ? kasan_check_read+0x11/0x20
[ 2435.632066]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2435.637354]  ? rcu_softirq_qs+0x20/0x20
[ 2435.641353]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2435.646481]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2435.652068]  ? check_preemption_disabled+0x48/0x280
[ 2435.657103]  handle_mm_fault+0x54f/0xc70
[ 2435.661179]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2435.665782]  ? find_vma+0x34/0x190
[ 2435.669338]  __do_page_fault+0x5e8/0xe60
[ 2435.673432]  ? trace_hardirqs_off+0xb8/0x310
[ 2435.677864]  do_page_fault+0xf2/0x7e0
[ 2435.681682]  ? vmalloc_sync_all+0x30/0x30
[ 2435.685840]  ? error_entry+0x70/0xd0
[ 2435.689575]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2435.694612]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2435.699571]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2435.704522]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2435.709384]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2435.714428]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2435.719902]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2435.724936]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2435.729964]  ? page_fault+0x8/0x30
[ 2435.733519]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2435.738385]  ? page_fault+0x8/0x30
[ 2435.741943]  page_fault+0x1e/0x30
[ 2435.745404] RIP: 0033:0x4510a0
[ 2435.748641] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2435.767553] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2435.772923] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2435.780205] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2435.787485] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2435.794764] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2435.802040] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc1105518, &(0x7f0000000080))

[ 2435.809347] CPU: 0 PID: 24020 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2435.816751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2435.826210] Call Trace:
[ 2435.828814]  dump_stack+0x244/0x39d
[ 2435.832464]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2435.837683]  handle_userfault.cold.32+0x47/0x62
[ 2435.842400]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2435.847008]  ? mark_held_locks+0x130/0x130
[ 2435.847026]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2435.847041]  ? futex_wait_setup+0x266/0x3e0
[ 2435.847075]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2435.856327]  ? userfaultfd_ctx_put+0x830/0x830
[ 2435.856342]  ? futex_wait+0x5a1/0xa50
[ 2435.856381]  ? print_usage_bug+0xc0/0xc0
[ 2435.856400]  ? print_usage_bug+0xc0/0xc0
[ 2435.856419]  ? print_usage_bug+0xc0/0xc0
[ 2435.856438]  ? zap_class+0x640/0x640
[ 2435.890212]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2435.895339]  ? futex_wake+0x304/0x760
[ 2435.899183]  ? find_held_lock+0x36/0x1c0
[ 2435.903275]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2435.907872]  ? lock_downgrade+0x900/0x900
[ 2435.912043]  ? kasan_check_read+0x11/0x20
[ 2435.916208]  ? do_raw_spin_unlock+0xa7/0x330
[ 2435.920654]  ? do_raw_spin_trylock+0x270/0x270
[ 2435.925254]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2435.930904]  __handle_mm_fault+0x4bbd/0x5be0
[ 2435.935341]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2435.940218]  ? zap_class+0x640/0x640
[ 2435.943942]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2435.948887]  ? kasan_check_read+0x11/0x20
[ 2435.953055]  ? rcu_softirq_qs+0x20/0x20
[ 2435.957059]  ? zap_class+0x640/0x640
[ 2435.960786]  ? zap_class+0x640/0x640
[ 2435.964520]  ? find_held_lock+0x36/0x1c0
[ 2435.968606]  ? handle_mm_fault+0x42a/0xc70
[ 2435.972864]  ? lock_downgrade+0x900/0x900
[ 2435.977030]  ? check_preemption_disabled+0x48/0x280
[ 2435.982062]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2435.987004]  ? kasan_check_read+0x11/0x20
[ 2435.991166]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2435.996461]  ? rcu_softirq_qs+0x20/0x20
[ 2436.000466]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2436.005588]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2436.011147]  ? check_preemption_disabled+0x48/0x280
[ 2436.016187]  handle_mm_fault+0x54f/0xc70
[ 2436.020283]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2436.024884]  ? find_vma+0x34/0x190
[ 2436.028444]  __do_page_fault+0x5e8/0xe60
[ 2436.032518]  ? trace_hardirqs_off+0xb8/0x310
[ 2436.036947]  do_page_fault+0xf2/0x7e0
[ 2436.040763]  ? vmalloc_sync_all+0x30/0x30
[ 2436.044928]  ? error_entry+0x70/0xd0
[ 2436.048656]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2436.053694]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2436.058642]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2436.063584]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2436.068450]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2436.073483]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2436.078949]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2436.083980]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2436.089022]  ? page_fault+0x8/0x30
[ 2436.092584]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2436.097448]  ? page_fault+0x8/0x30
[ 2436.101003]  page_fault+0x1e/0x30
[ 2436.104467] RIP: 0033:0x4510a0
[ 2436.107675] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2436.126586] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2436.131958] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2436.139237] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2436.139252] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2436.153802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2436.161084] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:54 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:54 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x40405514, &(0x7f0000000080))

08:16:54 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x4788]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:54 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x48400, 0x0)
syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f00000000c0)={0x51, 0xffff, 0x8, {0x8, 0xfffffffffffffffb}, {0x7, 0x101}, @period={0x59, 0x2, 0x101, 0x6, 0x8001, {0xffffffff, 0x1000, 0x9, 0x3}, 0x4, &(0x7f0000000040)=[0x7, 0xfbf7, 0x1, 0x100]}})

08:16:54 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x0, 0x2000)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f00000001c0)={0x1, 0x1, 0x800, 0x7255e1fc, 0x0, 0x100000000, 0x5}, 0xc)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x800000)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_int(r2, 0x0, 0x7, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x210001, 0x0)
write$P9_RLERRORu(r3, &(0x7f0000000140)={0x20, 0x7, 0x2, {{0x13, '/dev/snd/controlC#\x00'}, 0x100000000}}, 0x20)

08:16:54 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0xffffff7f00000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:54 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8906000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:54 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2436.424639] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2436.436540] CPU: 1 PID: 24092 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2436.443926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2436.453291] Call Trace:
[ 2436.455905]  dump_stack+0x244/0x39d
[ 2436.459560]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2436.464787]  handle_userfault.cold.32+0x47/0x62
[ 2436.469487]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2436.474091]  ? mark_held_locks+0x130/0x130
[ 2436.478342]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2436.483388]  ? futex_wait_setup+0x266/0x3e0
[ 2436.483419]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2436.483439]  ? userfaultfd_ctx_put+0x830/0x830
[ 2436.483454]  ? futex_wait+0x5a1/0xa50
[ 2436.483474]  ? print_usage_bug+0xc0/0xc0
[ 2436.493002]  ? print_usage_bug+0xc0/0xc0
[ 2436.493022]  ? print_usage_bug+0xc0/0xc0
[ 2436.493039]  ? zap_class+0x640/0x640
[ 2436.493057]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
08:16:54 executing program 1:
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:54 executing program 1:
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2436.493079]  ? futex_wake+0x304/0x760
[ 2436.526231]  ? find_held_lock+0x36/0x1c0
[ 2436.530325]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2436.534937]  ? lock_downgrade+0x900/0x900
[ 2436.539115]  ? kasan_check_read+0x11/0x20
[ 2436.543279]  ? do_raw_spin_unlock+0xa7/0x330
[ 2436.547707]  ? do_raw_spin_trylock+0x270/0x270
[ 2436.552308]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2436.557961]  __handle_mm_fault+0x4bbd/0x5be0
[ 2436.562407]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2436.567273]  ? zap_class+0x640/0x640
08:16:54 executing program 1:
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2436.571004]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2436.575952]  ? kasan_check_read+0x11/0x20
[ 2436.580118]  ? rcu_softirq_qs+0x20/0x20
[ 2436.584120]  ? zap_class+0x640/0x640
[ 2436.587853]  ? zap_class+0x640/0x640
[ 2436.591593]  ? find_held_lock+0x36/0x1c0
[ 2436.595680]  ? handle_mm_fault+0x42a/0xc70
[ 2436.599934]  ? lock_downgrade+0x900/0x900
[ 2436.604107]  ? check_preemption_disabled+0x48/0x280
[ 2436.609168]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2436.614121]  ? kasan_check_read+0x11/0x20
[ 2436.614138]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2436.614157]  ? rcu_softirq_qs+0x20/0x20
[ 2436.614174]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2436.614195]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2436.623648]  ? check_preemption_disabled+0x48/0x280
[ 2436.623673]  handle_mm_fault+0x54f/0xc70
[ 2436.623692]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2436.651979]  ? find_vma+0x34/0x190
[ 2436.655548]  __do_page_fault+0x5e8/0xe60
[ 2436.659632]  ? trace_hardirqs_off+0xb8/0x310
[ 2436.664068]  do_page_fault+0xf2/0x7e0
[ 2436.667898]  ? vmalloc_sync_all+0x30/0x30
[ 2436.672065]  ? error_entry+0x70/0xd0
08:16:54 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2436.675798]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2436.680829]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2436.685782]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2436.690728]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2436.690748]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2436.700613]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2436.700632]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2436.700656]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2436.716121]  ? page_fault+0x8/0x30
[ 2436.719686]  ? trace_hardirqs_off_thunk+0x1a/0x1c
08:16:54 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2436.724546]  ? page_fault+0x8/0x30
[ 2436.728107]  page_fault+0x1e/0x30
[ 2436.731574] RIP: 0033:0x4510a0
[ 2436.734780] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2436.753697] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2436.759070] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2436.766352] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
08:16:54 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc008551c, &(0x7f0000000080))

08:16:54 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2436.773648] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2436.780932] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2436.788219] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2436.870000] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2436.875498] CPU: 0 PID: 24093 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2436.882889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2436.892247] Call Trace:
[ 2436.894861]  dump_stack+0x244/0x39d
[ 2436.898518]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2436.903738]  handle_userfault.cold.32+0x47/0x62
[ 2436.908442]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2436.913054]  ? mark_held_locks+0x130/0x130
[ 2436.917307]  ? find_held_lock+0x36/0x1c0
[ 2436.917339]  ? userfaultfd_ctx_put+0x830/0x830
[ 2436.917380]  ? kasan_check_read+0x11/0x20
[ 2436.926015]  ? print_usage_bug+0xc0/0xc0
[ 2436.926031]  ? do_raw_spin_trylock+0x270/0x270
[ 2436.926049]  ? print_usage_bug+0xc0/0xc0
[ 2436.926073]  ? print_usage_bug+0xc0/0xc0
[ 2436.946984]  ? zap_class+0x640/0x640
[ 2436.950723]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2436.955835]  ? futex_wake+0x304/0x760
[ 2436.955866]  ? find_held_lock+0x36/0x1c0
[ 2436.955892]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2436.955912]  ? lock_downgrade+0x900/0x900
[ 2436.963780]  ? kasan_check_read+0x11/0x20
[ 2436.963796]  ? do_raw_spin_unlock+0xa7/0x330
[ 2436.963812]  ? do_raw_spin_trylock+0x270/0x270
[ 2436.963830]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2436.963861]  __handle_mm_fault+0x4bbd/0x5be0
[ 2436.981132]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2436.991323]  ? zap_class+0x640/0x640
[ 2436.991339]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2436.991354]  ? kasan_check_read+0x11/0x20
[ 2436.991386]  ? rcu_softirq_qs+0x20/0x20
[ 2437.017429]  ? zap_class+0x640/0x640
[ 2437.021162]  ? zap_class+0x640/0x640
[ 2437.024892]  ? find_held_lock+0x36/0x1c0
[ 2437.028968]  ? handle_mm_fault+0x42a/0xc70
[ 2437.033209]  ? lock_downgrade+0x900/0x900
[ 2437.037381]  ? check_preemption_disabled+0x48/0x280
[ 2437.042433]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2437.047378]  ? kasan_check_read+0x11/0x20
[ 2437.051517]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2437.056792]  ? rcu_softirq_qs+0x20/0x20
[ 2437.060757]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2437.065854]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2437.071396]  ? check_preemption_disabled+0x48/0x280
[ 2437.076410]  handle_mm_fault+0x54f/0xc70
[ 2437.080465]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2437.085039]  ? find_vma+0x34/0x190
[ 2437.088578]  __do_page_fault+0x5e8/0xe60
[ 2437.092631]  ? trace_hardirqs_off+0xb8/0x310
[ 2437.097036]  do_page_fault+0xf2/0x7e0
[ 2437.100828]  ? vmalloc_sync_all+0x30/0x30
[ 2437.104965]  ? error_entry+0x70/0xd0
[ 2437.108668]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2437.113700]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2437.118630]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2437.123550]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2437.128407]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2437.133424]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2437.138865]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2437.143907]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2437.148928]  ? page_fault+0x8/0x30
[ 2437.152481]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2437.157314]  ? page_fault+0x8/0x30
[ 2437.160843]  page_fault+0x1e/0x30
[ 2437.164303] RIP: 0033:0x4510a0
[ 2437.167487] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2437.186391] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2437.191743] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2437.199008] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2437.206278] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2437.213551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2437.220817] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:55 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000140)={0x1000, 0x8, 0x4, 0xbc1, 0x7, [{0x8000, 0x8, 0x80000000, 0x0, 0x0, 0x2001}, {0xffff, 0xd6, 0x100000000}, {0x7, 0x1ff, 0x27e2, 0x0, 0x0, 0x201}, {0x9, 0xffffffffffff6ef3, 0x6, 0x0, 0x0, 0x80}, {0x60f, 0x0, 0x8, 0x0, 0x0, 0x80}, {0x42, 0x9, 0x1, 0x0, 0x0, 0x4}, {0x500, 0xffffffff, 0x8000, 0x0, 0x0, 0x4}]})
r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2)
inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0xae358593e6ae211)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:55 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000040)={0x0, @aes256, 0x3, "914a3f2d12886117"})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc00455d0, &(0x7f0000000080))

08:16:55 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0)

08:16:55 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x900000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:55 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xf0ffff]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:55 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0)

08:16:55 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0)

[ 2437.449879] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2437.459989] CPU: 1 PID: 24136 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2437.467392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2437.476796] Call Trace:
[ 2437.478086] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2437.479431]  dump_stack+0x244/0x39d
[ 2437.487554]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2437.492771]  handle_userfault.cold.32+0x47/0x62
[ 2437.497466]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2437.502068]  ? mark_held_locks+0x130/0x130
[ 2437.506320]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2437.511381]  ? futex_wait_setup+0x266/0x3e0
[ 2437.515744]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2437.520961]  ? userfaultfd_ctx_put+0x830/0x830
[ 2437.525571]  ? futex_wait+0x5a1/0xa50
[ 2437.529411]  ? print_usage_bug+0xc0/0xc0
[ 2437.533491]  ? print_usage_bug+0xc0/0xc0
[ 2437.537571]  ? print_usage_bug+0xc0/0xc0
[ 2437.537594]  ? zap_class+0x640/0x640
[ 2437.545389]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
08:16:55 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}})

[ 2437.550511]  ? futex_wake+0x304/0x760
[ 2437.554341]  ? find_held_lock+0x36/0x1c0
[ 2437.558436]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2437.563038]  ? lock_downgrade+0x900/0x900
[ 2437.567219]  ? kasan_check_read+0x11/0x20
[ 2437.571385]  ? do_raw_spin_unlock+0xa7/0x330
[ 2437.575810]  ? do_raw_spin_trylock+0x270/0x270
[ 2437.580408]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2437.586057]  __handle_mm_fault+0x4bbd/0x5be0
[ 2437.590493]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2437.595356]  ? zap_class+0x640/0x640
[ 2437.599091]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2437.604033]  ? kasan_check_read+0x11/0x20
[ 2437.608192]  ? rcu_softirq_qs+0x20/0x20
[ 2437.612193]  ? zap_class+0x640/0x640
[ 2437.615926]  ? zap_class+0x640/0x640
[ 2437.619658]  ? find_held_lock+0x36/0x1c0
[ 2437.623742]  ? handle_mm_fault+0x42a/0xc70
[ 2437.628001]  ? lock_downgrade+0x900/0x900
[ 2437.632169]  ? check_preemption_disabled+0x48/0x280
[ 2437.637215]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2437.642158]  ? kasan_check_read+0x11/0x20
08:16:55 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}})

[ 2437.642175]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2437.642190]  ? rcu_softirq_qs+0x20/0x20
[ 2437.642207]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2437.642229]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2437.660727]  ? check_preemption_disabled+0x48/0x280
[ 2437.660758]  handle_mm_fault+0x54f/0xc70
[ 2437.675475]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2437.680087]  ? find_vma+0x34/0x190
[ 2437.683662]  __do_page_fault+0x5e8/0xe60
[ 2437.687746]  ? trace_hardirqs_off+0xb8/0x310
[ 2437.692183]  do_page_fault+0xf2/0x7e0
[ 2437.696000]  ? vmalloc_sync_all+0x30/0x30
[ 2437.700173]  ? error_entry+0x70/0xd0
[ 2437.703914]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2437.708954]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2437.708972]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2437.708988]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2437.709008]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2437.728737]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2437.734206]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2437.739243]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2437.744268]  ? page_fault+0x8/0x30
08:16:55 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}})

[ 2437.744288]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2437.744305]  ? page_fault+0x8/0x30
[ 2437.756224]  page_fault+0x1e/0x30
[ 2437.759691] RIP: 0033:0x4510a0
[ 2437.762905] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2437.781829] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2437.787204] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2437.794484] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2437.801762] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2437.809046] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2437.816321] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2437.824849] CPU: 0 PID: 24139 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2437.832246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2437.841610] Call Trace:
[ 2437.844220]  dump_stack+0x244/0x39d
[ 2437.847868]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2437.853091]  handle_userfault.cold.32+0x47/0x62
[ 2437.857788]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2437.862403]  ? mark_held_locks+0x130/0x130
[ 2437.866653]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2437.871679]  ? futex_wait_setup+0x266/0x3e0
[ 2437.876034]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2437.881254]  ? userfaultfd_ctx_put+0x830/0x830
[ 2437.885849]  ? futex_wait+0x5a1/0xa50
[ 2437.889667]  ? print_usage_bug+0xc0/0xc0
[ 2437.893748]  ? print_usage_bug+0xc0/0xc0
[ 2437.893767]  ? print_usage_bug+0xc0/0xc0
08:16:55 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x80350000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2437.893785]  ? zap_class+0x640/0x640
[ 2437.893802]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2437.893817]  ? futex_wake+0x304/0x760
[ 2437.893843]  ? find_held_lock+0x36/0x1c0
[ 2437.905686]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2437.905706]  ? lock_downgrade+0x900/0x900
[ 2437.905731]  ? kasan_check_read+0x11/0x20
[ 2437.905750]  ? do_raw_spin_unlock+0xa7/0x330
[ 2437.914644]  ? do_raw_spin_trylock+0x270/0x270
[ 2437.914664]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2437.914691]  __handle_mm_fault+0x4bbd/0x5be0
[ 2437.914718]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2437.914737]  ? zap_class+0x640/0x640
[ 2437.914752]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2437.914771]  ? kasan_check_read+0x11/0x20
[ 2437.964195]  ? rcu_softirq_qs+0x20/0x20
[ 2437.972327]  ? zap_class+0x640/0x640
[ 2437.972342]  ? zap_class+0x640/0x640
[ 2437.972379]  ? find_held_lock+0x36/0x1c0
[ 2437.972406]  ? handle_mm_fault+0x42a/0xc70
[ 2437.988099]  ? lock_downgrade+0x900/0x900
[ 2437.992272]  ? check_preemption_disabled+0x48/0x280
[ 2437.997308]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2438.002250]  ? kasan_check_read+0x11/0x20
[ 2438.006417]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2438.011707]  ? rcu_softirq_qs+0x20/0x20
[ 2438.015700]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2438.020839]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2438.026403]  ? check_preemption_disabled+0x48/0x280
[ 2438.026429]  handle_mm_fault+0x54f/0xc70
[ 2438.026448]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2438.026471]  ? find_vma+0x34/0x190
[ 2438.043676]  __do_page_fault+0x5e8/0xe60
[ 2438.047755]  ? trace_hardirqs_off+0xb8/0x310
[ 2438.052196]  do_page_fault+0xf2/0x7e0
[ 2438.056017]  ? vmalloc_sync_all+0x30/0x30
[ 2438.060187]  ? error_entry+0x70/0xd0
[ 2438.063920]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2438.068959]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2438.073908]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2438.078857]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2438.083721]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2438.088758]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2438.094227]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2438.099266]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2438.104304]  ? page_fault+0x8/0x30
[ 2438.107850]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2438.112687]  ? page_fault+0x8/0x30
[ 2438.116216]  page_fault+0x1e/0x30
[ 2438.119656] RIP: 0033:0x4510a0
[ 2438.122837] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2438.141725] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
08:16:56 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = accept$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000040)=0x1c)
open(&(0x7f0000000180)='./file0\x00', 0x10000, 0x4)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r2, 0x29, 0x45, &(0x7f00000000c0)={'icmp\x00'}, &(0x7f0000000140)=0x1e)
ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080))
mmap(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x1000004, 0x10, r0, 0x0)

08:16:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc008551b, &(0x7f0000000080))

08:16:56 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc0505510, &(0x7f0000000080))

08:16:56 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x2000000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:56 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000014c0)=0xf800000000000000, 0x4)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000040)=0x7)
r2 = userfaultfd(0xfffffffffffffffd)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200)={0x0, <r3=>0x0}, &(0x7f0000000240)=0xc)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000280)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@local}, 0x0, @in=@dev}}, &(0x7f0000000380)=0xe8)
mount$9p_tcp(&(0x7f00000000c0)='127.0.0.1\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x8001, &(0x7f00000003c0)={'trans=tcp,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@privport='privport'}, {@access_uid={'access', 0x3d, r3}}], [{@fowner_lt={'fowner<', r4}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@obj_user={'obj_user'}}]}})
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
write$UHID_INPUT(r0, &(0x7f0000000480)={0x8, "5c635d9e798f92433d50c3aacb9ab44bf51bc855087644db584f31db82be57166addd3a25124e15e9872a87c70b71b4876042e885f0a0be6b3daff3b195a6725fda68250b3e4d250dd457201399f0e52373b92385972ecd901dab67f767028dab659ae7294c187ff228c7e636483b27bd92109e8d3c6fe9bb49c89c733e4e4081559d8729105c310aa2e9e4358e6d3b4b27508b94f825a115c58400ba27704f536acbb07365a9dca1b91e7f21b99a0bf264efd7082daa9f147b66da80d0cdac131336eaf92027bf23d3d808b149e1f72ad3c231ddecd77460b5a5c3430e0a8cc21776fa1f8cd92f8a74245e376cf5dd5cb3996aff182c3f858c22135bcf9c83eb08bf17eab8c2cfe2cc52b5b8288614bbba7b47939733d07d5fc3eb2e506d606fe981b82dc469f5b0367a3c3ff0c6a361cc13b0d7062b8dcd4cc5b0a0baa65428e664d9b7f2092356c53c4497ec8c5e25c061282b655b511314a354bed914fe8960c19d0d25e15382f0809c0d9f58bf66623f6c5581093d29b933fd1dd116ba440dec77d32c212a43d6083ad300561e722d94fb34e2a1b1541f0c2eb2a852c8e34cd51c955c53361139d8b7a983468980f6f028c988099cadca3f3fef1078e544711c361586363ed51d7d83902360776c5a482cd166056cc3eba1c7ec76b14966294406828669b75664aa4a3886591cc3f0ebac8ad28d64f36241113e2b4a1ce52c0210af614ca11e017b6e2b0e96df18dd2cbe4cb089b659b856cf4bd966520d965889ba9a57c908e5d3b1ca5c8b6776ff054f49e9294f07d9a363a69e83cb3e7de4114bec38c9d8f7157ca88fad410d2839a8a9b2d2f77188f8b00cf47812145b9a48c124999f362f5f500e5a1dc44035f622147173a6d8861e48b7e310bf6d33ac648e9396e2b454410af88f859e1a96e6627883ea8c57f3d9c9d07982b5f8da4290298217bf95ab4f1fb8a38d764c9c606ab3b419f353cc91c01ebc10f1ef1bee2974e207fbc565b075782a482677651f9972756ff188ada9f0c1ee63f1dd09d1613d3d97100fbddfe75659b20c70b6a4d90eb8377f7cea755461a8c5ac779fb16f0224af3f2e11d172dad8274c71d4f31a3e59f0612c84dc0c3ee8bab9f25fb825de746fbd8a31b118192dd09135dfd82676921eb87ebeb926bfc4e94d8eedf914dc2318a3c32c37dad0ac7be08ed7e8d339781bbe55fb1a614c35038849bc3024517c82c5c3c43eb0e8930923dc8fa32deff4f506ef0a0a7da07bba8dbdc1fe13f67e6723dd52b24e498e96728b70f4736aaa11642f8a04f1c5aed3ae848f60ae6471a73151844861a65cc7a8765a027e0584e33ac448f00df8cda216e71e397d80a507ace3e458af6f777b77541e8833aa7e1f31b50962ce469ed49c3463dce2c5939fb3c780e87cf127fce61f61f51653eefeeb2f0bdc828fa922a54945d34a3561fe48a955922ee7a82256a377b88ae71bc15cf96d41b09343bd6bbd8e0b08907498d57eaa087c3f9f6027043a8c998be3d133993c09ad8eda7736ba79e65aacd049752d28f8e1ad18d1bd4e7a9a73f769981c06144d76062ab9610c80e88834762929bfc169457fd3142c55767a8cd4eb22dc7e1a938a9a4ee516ca35196dc837be0dfcc2bbc4da3be3318cb311480d1fcd6f0d80b668dccd59c4e06f92305f9373fa5b4506ad7162efe0d6ce280a51377928ca4a4445562e7eec0410a2c392af24195a23a90e580691e24cdd304deef44be022f23d10927036d8baf07306c74160d38606046b5dcc3cff232ac64576a02fe7b7915ab8f683dde5c062022ea87b9e94967e2b95361d2f6f41b9a096fe5f5552154b25b0eaf89a016281912d6cff1786c2a9d2c9eadb7a34d0cd277d7df0661183289aca5aa3914d30e5abc9d712f3e0e169135ff740e6e7fd6f52e502d44fc65f927d5a8a62c5594cffd99ca8a698b62dd787184e2d673b360fab26e234e745ae9bdd983e3a9d068c1d9c48f14498ad1e3f32aca86ad02ae6925b8fffe6f03cbcb5e97b99b389722f75d7ed6b15c3909b356b870548bdd89cc932cbb87b51c9f575b642e284fb39ad16f28976d3fd3cfd090b2cd86f425b7bb74e82b897a613235491497a12944fa44af136cc56182932e54086af28e2b259af63eda0e8a5906d8af7ca0a317ac17e83c93ac71de1716bfff30115be3c444fc2d017b38ba662dd867c1462d824067d7b27313c05fc49367dfa8528566fee2ffab54bab8c20cc8025781968bf67ae98adbffd110db43da26ba59be25789a0bf25fc0fa8d60e22fccdfb930919e6302dd0a98857012cf91bf1c154f2acc968c1057ac0b87a0382137f981a6c0b9924b931083bab7b0a65efb7080d37ae61914108b7182cd28831e917dcb1871fa19a94dced0850495c1d55a59786946b70d7ecb9f9df46f321d9a4d8bb61b1ceb9ba6985517741d1a5019b5ecb3625f6a150b017a3c764a9b07b578083a56bcd860c80852506ca7695a2d5ef296b856d441102c582fe5689b525a9f95e1d53f8fdd321ebefc38114d300d56438793cfa12519f969e1a623046bbcba035492f849a3064e28662b6d7a4f0867694d42b04ca70e3bdb9162587e62f4b739e9cf56f3f2adea2f18c8d0c5fa6d29480c5e595be8ac96ef336ad40f56bcefd149c1fc04d4a12b154a47b476a9491285331b0287927e9de67a7e7bc53424441a2ac5d9cbe2bfa5222e7bfcff0c63be63982f5e63069f1e0be863c018c8d8e7a8162a0c8eb9276fcc29e3b20c3699afc67c3f26df7aef9e7b1ffec901fabbfd30021f959c4cdc7c656a275efb95fb13bf1098f18f9efba04bc43ac2917539d68e6f960b2fd2d7e4c50a51c0d46ceaa8a3d2c104be86c9eec0524edbaa35258bf5ab32f1edf6386eab2fe041a2a506b0580536601c19aac54a7983ed2eec8869bb71afe3833cf78821014fe6f6d33b4d6cd1db871e005f7a3754efa6cead85527c01ee6cf547ecbd4e4856c4da129148bfa3db5e81188ca42809265329ccd31da5e8af750673d1e9299ba548ec2515bc1fe2a5a4c048d0ce2c9083011aa482b1d4cb619e42ef693110fa3ade3f599b03ec6daf2bd7ade26bf9dde63d09c80ebb40f92425d84d917a1dddf83e04f3ef9340673ca2a799ac872fc6b644943c037869f70ede89e258fa37018f109992b9d713802ceb2b285c342970f1c7971cccf59565d05283db320c23057beb68f070aa5662e97d2444e2625648d87a43f2fd6774bb44bc1d67d498be4556e49d80907f045ef2e9fe6cc2d70ba09e135f3df29167732121fbc3b1ffdcbe979e3d47a1741c1dd019f88e3d71c5984bebedab4c4487c38db3e7e708b1caa4fb5901fc0b78e83457c3ad057344ec33b1f11635b1262994e26a3bb3374ba1601b7384372317a439b8519b1f6c3acbcfbea9b4a8e01811b2dbee48c797f93558fefe51230bebfe177cad45502a45c27253b9413311d4ecbcc3a31e85971183c2adac3876f156c79e537f0e85e381ae87b10894c0e3c0dd0263407748c5c1d1767a2deede4e88ac84f99670087f3f74b67c5545bdd7d401d859f8ceebce7f62a46cf0d3fadb308dc4c3345922f93df486c694b341d818c1816e78364cb3ae8c3afae4b0dca2c4e4b3e224360c064fb8bc0f57de597dc08123f38f36dbe9274133fe9aa85a50b1a20064b1bff763fcc317812913771d30e4b32900eccf72037c16582057d754ef1748c74b3ab1d5c9031980a68f268701241b2645bae6741e74cd7453961de60a2c60f5ff84e57982c5254d49600ca1de88531c3b8d92a78e3b1ab6b57deff54de9ec39faefa741cf4d25fecdabd77587eded8371f4310e788e18372ecbd27bd078c81a45bcaa2ac01baa16d7780b94973f77145af2df6f0c1c53d09e2da97d03a382a624894817f152557895d1708f23540d233c85da399039af94bbaee1c0c341b10431a5b056c85c49e275b8e2b51c2ab1ea9c81ea9d161bedc4ca87a3d5197ffd241511e3d3e275437f8f20b4550bbbf2926b068f073e5148cda8ea98319140ae0f1fb79210129732fb95b6754fe6177252e88cf20387023f02e91983217492ce314e45ce32c94c54909b13553fc8aa5b04e5b30e4a930f5afd1d261fa68b5f160524b17cbe7fbf12e1d49089ae4d7d4e82f0c235e556405cc38b910281bdfc596c14c9cb046d268606a361c9347d10779f21e1f8590c73487fffc9b64f5ebc44b131766876faab3f0a4e637df9a5655a3356f8f3f5cb21361e9a0f9c2238d0f8c9af795f193adcdbfc84460ec28eb57f71eeeb21414c495053c9b9dd5c8e3ad0ba698daf20fc038d69d5efc0b6ad7f055522b63dc1da8a0af51aecaa397dba7d31f822646c4b9ecdf5598b6a63b21be33d9b5ed6a4a559f0706d6d6f3c0190b588037486ce7cf4cd9d1265c16c336a9aa6dd0b861172b60323cf9092a5ddabdba7ab0a852ff70ec8d3b62bf29ce2f50046689af87dbe0447394178b51a247c8c7f3bf2ba5d02501eb2dc77a4e027af53a63bff9aa4ffb3bdad8a2ee13b504de2ff42e72532a96dc285d602af326671255a59e43ccf80847fa75d7bb5b84bc5d8c3d9d3b7c15d25f4ee0e2651b77379e2896b17ea87eac82092a16b4a8726065a59b73c7275baf06e807ea7b07aab8bec33574121ee5555929179743c5bac7aee7961952cf18e71481dfea02f64497bbe41af9a9b27ae153abb35a86b902e759a4a11cde0fedc84a0e16e26804179f5cfd724d89171889e6e6b2302086d0734c107c7e375c8f7fad18642ddfd92910fb3f10eddae16072b89894cf32685aee56fcb4c8e624e6dbc9979dcb146aecf8f96782996a79c4be4d2935b59000b1ce01a16584b6edbf30183d659f6cdc1d5170ef886caf9f9ae4a1dc79d74a83520d6be735ecd0fac3b32ae5363ff7ec853c3a0ca8b34ebad35e86fab9f5a2424c434a3739f2717051bd4141abab3bb7d63a6cabd77e71d4bd0b72312152dccdc178a7f073be8d56a46fdaaf4232b19970574884b1bed22c8b617b3f91280286e7705f801fc22468e15dc5b36f342a8b96c2319105b59ef3865d7f047e7b5f08d218d2defb8171196d3ed1f881eb2a211f688a8f14304c3ab1f13a23bf00a49b81171bf7e5184f1cc4d649bf3b231c5962386a6b0f3e824c112474d9b3f1f3a8bcc62c91c7fbdfeaa1a94955e790caad305b33a9181894f3cd978b1b46586eac4694dc08e9b8d02f33a18da2c1ec5bdb227ff1db5752ff01334e372f044c933cf518ba0116d0c9875ee7ce8302c5fe1dca0ba7c9c7fe4df82633f567de4f6a55c732e6b4cd41164e2bbfebc26d792f6061ac57a0b0d98a5d50a620d56926fcddffaf02605af32451f9bef6aff89b90df48c6b30ba07d68cd51d03aa342305666ae5e774ca33411fcc36789d89fcc1b28ee09c6051e639f2c6129483b9b1a8fbf37f44e7f2e3121b4c5e59c5fe6d386c630704179807a39efc5ff380c1f3683ac81751e25f2eb67a7e9b8d9321e2a185f544fea416c073724721e0f51467ee8d711012ff07461fd9b3335a654c3b6e8483078aa478b71ae4acbf5450ca07e49dd848a0fe4b5f62872cc17a591fdbe5c764ba3825e4672dff8b91a984fd2e2733c4e7e807e599eaf7e70d0569b4ce415bc4de057daeef1b23a0a17705342452e48fc10f86c92ae1334d3efdb8322e2ba574eb09a794e27cadafc78e91177fd79d12e734dcd2567c7398d78d39674c6030a3f608e9acd0a82bf46ab8b6077432ef2eca4bdf8e881782c808cc570e33a2cdb92e86b1fffe1eee55", 0x1000}, 0x1006)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:16:56 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2438.147076] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2438.154334] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2438.161621] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2438.168884] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2438.176143] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:56 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x3f00000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2438.339664] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2438.347991] CPU: 0 PID: 24172 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2438.355391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2438.364757] Call Trace:
[ 2438.367380]  dump_stack+0x244/0x39d
[ 2438.371034]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2438.376257]  handle_userfault.cold.32+0x47/0x62
[ 2438.376293]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2438.376317]  ? mark_held_locks+0x130/0x130
[ 2438.385566]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2438.385581]  ? futex_wait_setup+0x266/0x3e0
[ 2438.385611]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2438.385628]  ? userfaultfd_ctx_put+0x830/0x830
[ 2438.385640]  ? futex_wait+0x5a1/0xa50
[ 2438.385664]  ? print_usage_bug+0xc0/0xc0
[ 2438.416832]  ? print_usage_bug+0xc0/0xc0
[ 2438.420922]  ? print_usage_bug+0xc0/0xc0
[ 2438.425002]  ? zap_class+0x640/0x640
[ 2438.425021]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2438.425037]  ? futex_wake+0x304/0x760
08:16:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x5450, &(0x7f0000000080))

[ 2438.425067]  ? find_held_lock+0x36/0x1c0
[ 2438.425093]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2438.437695]  ? lock_downgrade+0x900/0x900
[ 2438.437722]  ? kasan_check_read+0x11/0x20
[ 2438.437737]  ? do_raw_spin_unlock+0xa7/0x330
[ 2438.437756]  ? do_raw_spin_trylock+0x270/0x270
[ 2438.463690]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2438.469345]  __handle_mm_fault+0x4bbd/0x5be0
[ 2438.473792]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2438.478654]  ? zap_class+0x640/0x640
[ 2438.482386]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2438.482404]  ? kasan_check_read+0x11/0x20
[ 2438.482421]  ? rcu_softirq_qs+0x20/0x20
[ 2438.482454]  ? zap_class+0x640/0x640
[ 2438.499228]  ? zap_class+0x640/0x640
[ 2438.502967]  ? find_held_lock+0x36/0x1c0
[ 2438.507055]  ? handle_mm_fault+0x42a/0xc70
[ 2438.511309]  ? lock_downgrade+0x900/0x900
[ 2438.515487]  ? check_preemption_disabled+0x48/0x280
[ 2438.520521]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2438.525467]  ? kasan_check_read+0x11/0x20
[ 2438.529629]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2438.534917]  ? rcu_softirq_qs+0x20/0x20
[ 2438.538900]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2438.544018]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2438.549566]  ? check_preemption_disabled+0x48/0x280
[ 2438.554611]  handle_mm_fault+0x54f/0xc70
[ 2438.558744]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2438.563349]  ? find_vma+0x34/0x190
[ 2438.566926]  __do_page_fault+0x5e8/0xe60
[ 2438.571093]  ? trace_hardirqs_off+0xb8/0x310
[ 2438.575546]  do_page_fault+0xf2/0x7e0
[ 2438.579382]  ? vmalloc_sync_all+0x30/0x30
[ 2438.583546]  ? error_entry+0x70/0xd0
08:16:56 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x600000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2438.587279]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2438.592313]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2438.597259]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2438.602204]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2438.607072]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2438.612108]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2438.617578]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2438.622612]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2438.627643]  ? page_fault+0x8/0x30
[ 2438.631200]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2438.636058]  ? page_fault+0x8/0x30
[ 2438.639615]  page_fault+0x1e/0x30
[ 2438.643094] RIP: 0033:0x4510a0
[ 2438.646300] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2438.665211] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2438.670589] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2438.677874] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
08:16:56 executing program 1 (fault-call:4 fault-nth:0):
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2438.685149] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2438.685160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2438.685169] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:16:56 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x4000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:56 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0xffffffffffffffff)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:16:57 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x48, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:16:57 executing program 0:
r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r2 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x1})
ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000001c0)={{0x7002, 0x6000, 0x4, 0x9, 0x100000000, 0x20, 0xfffffffffffffffc, 0x3, 0x8, 0x101, 0x1000, 0x5}, {0x3000, 0x5000, 0xd, 0xffff, 0x1000, 0xe4e, 0x4, 0x1, 0x6, 0x0, 0x0, 0x6}, {0x3004, 0x4, 0xb, 0xd8, 0x4, 0x100000001, 0x79c, 0xfff, 0x9, 0x0, 0x1, 0x40000000000}, {0x3000, 0x0, 0xd, 0x9, 0x35, 0x9, 0xfffffffffffffeb0, 0x4, 0x1, 0xffff, 0x0, 0x7}, {0x0, 0x2000, 0xf, 0x0, 0x8, 0x5, 0x1, 0x1, 0x1, 0x3, 0x3d39, 0x3}, {0x2002, 0x0, 0x1b, 0x4, 0x5, 0x6, 0xccd, 0x8, 0x1, 0x0, 0xa37}, {0xf004, 0x6, 0x1f, 0xab52, 0x8, 0x4, 0x101, 0x6, 0x6, 0x81, 0x5, 0x3}, {0x4, 0x2, 0xa, 0x5, 0x5, 0x5, 0x9, 0x33, 0x4, 0x5, 0xffffffffffffff01, 0x9a1}, {0x107001, 0x10000}, {0x7004, 0x11000}, 0x20000001, 0x0, 0x107006, 0x100, 0xd, 0x5800, 0x6000, [0xf218, 0x7, 0x2]})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000300)={<r4=>0x0, 0x1000, "bda44dcc5d72aa5b09e41a39673bcce4a234b8b19e7040daf606ca688539032b4f499af27e8bb77b4e5e0e12c01894bf8cdfd8f6afac82429e1077fb36f9bc7a27a3faad1520d71bc97eeb63c39842ce9813cdb5faf88ba4f61472e6fb0405e1a90814fe9c092d27b0a3c708356470f47d88587207601b8397237881e6423c693ab1a1595223fe5ef958686e612d2e83cddd95684bff4613b840e8035ef94e8fd2548bb56bb7aaa8b0f7371a3ef668f5c7db5c3428cb4076648b5cb379c895de4a9156ba0f94e3d2519a72a7db6af29566885e3100131d6a122c2ab433f55427414bd3610bd8438e278778d683dc9a75dc4c35145141d42c2031c492de19417bb94aabb8f5413f5ec2ccefd8154328ca3f98cb4d099b01c8f428b763aa10ba0e92db80d9005fbff26b1526c344f3bcf8bf89773be19ccccaa45c113afa6556a069df57bf1d601752820a2e2ca569d240e17c3dea4770afbdf6f54bff806acf0a60eb16f4f3771591127296297e4c271466179919a8c5d6af27de69d7b4510542cc34fa65574bb2db7b62c422b6bac7d454eacb8430ccb37648d4f9849b476e32a8894264d19595262d60b2c868f2a12ba72bdf606836d885be0092bcadc4f74758a581ccbe691240e13f323b3a98d821e2ca0f0001f725e341730b73392709db6d7788d0de19fda0a60c5bc76119f4a0e6cd90e2e9b61d4d0004903868f963a7ab273105b3c052e66bc6e69d769eabbae2649795028570f46181deb810facc749eab85da8122abe66300e0633a542085b170b8c20239cdde4c2728b175d668b31f43f17128b04996f55033cc323a19c74de0ebff2cf6118041b0cc008873d990e42f489a5cf1ccb8a2102eb23b4c4f713f199cb46434520b98dddb1b638277775d000917a45f41250d35f02af048119121a52ba912d98d50ecf25dfa1b7334ef774f97e1a407e87df53437bd1cde150745753f3d5d5d3a8b3ba046aecc6dd44a34bc297c69965e88288609c8211db874cfb118892cdaecaa6459c1197e760213d38324622400551e3caae16ca067abd7b803dfd3d0252db5e18e10b9c0b0a8c7f47283fb9a945ece45371ecf2ed1ee2a82085c59d1f337b672c8795f650b7cf54b391ea729e657c28ed328b923029033fcfcdd85ed9f8dbe128db413598e7b61d085d1c39b46c7f465c5fdab8d0f4b45ff545842b2fcdc69c7b9e311e674b6d312f998e1416b54d34d3089e243b13e1828b07c52355dbac0e15a74d8c2f55be14dbff29d142427bd20bfa01f0e1f7a3600d53ceab4702ae5821e70eb9046e87a717964490a2a2c0f5a1a1f0363eeb3166bb43ade5154c5de724034b828ebe876f25c6933b472ee4cfdd1cac5faf4823a61cdd5d24140458567925dbd19265f84a9c9176fd5dfb6680c287b78d4464a57fd9f08542ed7779ef2352e7cb30f9a5360fb67b168654b5b15935678ac61db4ff2d3d2eb3272191dced8f4cb93261847d004d41ac3e43418f6a404b3f83e2d5ec05b3a209e4ec999359a4662e12cdefdaa85cdbb9feb4033ca6e55162d4d2f612e6067bb7ab994c7f8f6fe66a5f0b7f66c315a0b0205e24830ad5759af912e9937a98e9b66b160b6542ce99adc1025ddc4ae8bfe74e1441dc1c1bdae2ce27b0d520682f5d6e10274e4497016f577d3997af146649afe062036b5eaa326aa0e365a5d78913f1bab6dc0271ba8773c7e9845b34f96d01e0d68efa0f37005785d288f8f11ce67067e8629d8ec2d47716be03b6ae47931826653bb58bd4d062ab88129d5732a49632fa35a6a2397eb0835c1a69580ac5c16556cd32af24b5ac917e0c99f38c50ea3f087fb5c4122e680ac0f0b1b4f3b8290fb42a4d7a015e94b9be7f8e88e01f5af8f9971b7be8229fa5101e2e4bd5f21f46c05431607e7ca8d0396018a599de1cca121c1da2715c6d51523d3b15c024fd987d9ff16c52d37941b3affc88b2cff3abc5411a90dbc652c877ad25651b881bd74ef897de50c9c6d4422d9a134799e019f57ab76d5163da8444c9224c91e3c9dd56839e2f5fe2541bcd2eed234f9617768ceda1ac7d118dc7d2030f33eb9fc93eff89e4a0a5f59b554a749c20584f48adfeec26379b6666059abe8822c25f28fc49f46caf7fb4dc2a86bb6775598ea5c68e8712b444d94efa52afa8e1e7d5475728abd7a6d86859f1fa075e074d10122f5c7ad07e21b3743400a3c32d3ed38fdefee58c5223b1768bb0ddce1ed917cc71663d50195ba3c49d044b10f5863e0ab189bc1ed2f92c874524fa0ea38ec3698935f3a7293bbf764e06491693bc1022d28b7b51853d377a22408f7a69d8e7568f656b1f3e2595350dbec3ed3e34e113452b2f9155c06fb938b47d60d76f0074a57a989d0dfc7397b6aefa7a75dd364de346ac5008c02646d0a72adfadf43d7d065cd5e38489aefdd38290449de37ff44c0987b317376624775b5cabf8ea46b5c49432487e4e76f7f921855d4c17a6638a8a0b08012a699e16dacb16a780306f403a8e8b6e0ed73205b235dfddcef96f07c9f9e5ccf6af7a3250087731f5d99ffe233b1d922e4c304386554c57744f00e8ae468a178e793946bd0994e013bf4b68419c644f36aad8249f778c15a1f13e21ad1bb924f9be5f5cbfa1a2539a2c60f4e7205e4841a9afe35f9e4209795038c0566892dbeed840e44a904ca2e4a65f3b42314f63a395424b1302447e21f1f71ab9b2e5208cca4ee38d3d4cdd4d8fea0cdc46ab79886004c946e2b936c97e4744f9bc091b8a9543d116b7901443ea006fff645ec1653d77a90de240afc2e1d5faa64e42465802f0a1737f18f75dd71bb99d14188edd9a3e9c1480b1c770f62df4bd3c10a948154b4a26cba8a4e5f7c058f54168597504edd2e00d07a89b4a1dc5c3d8bddb4062e30f34af691f63e67febe56b9652de74675c356f3c52d1cf188f7807dbc387c9918ab81285a496ccfcffd4d47e257de48ed3f5352c674f3cab855cae3be40412c55eeff6fcd59457c7ccb8cfdffe0e48b8a1fc68838a28d1739990ced726b09baba9eabda59f299b8f853b36e6c48f531c51881dcd7b8664754e10ce9363252a110318e1212d85ee735d4809cc30c45167533e9e32d31b484163b8eb1994961fa539c34596480a33078d3890d534caf0e35a1a3d4b5c2476cc8bdb40e98c08ef5fc828884c298719714b55c57c77db8d10af6560ad4dd8711c46e92e79e8ee96c2e319756820c7f59b989d5a3a0d2cefcbea34a13175db23db1705554a387fcbd5850dbfab0be608506a9bb75d478a3e36659f793d4c8f58228963a872cdc902ebc2a8e15816a99783bcc1b0861a3a8fb2c310156e9d5b0a47770adcd5a88f0c0b699f0becac97be8cd613e80c3acb36188784cfc4bbdf036f91b69e9cc6ad787b08aa639a7963c8dfa6d4be50f562f0ef21ff370519de2a742dcbc54e753db899d95b2d0dd12ad1dcb6da851dca1e0d4eb07a94f6d31ec4002069012ec5ff23ae16f4d0e1dcff8c3d388417335b4e45f304c8154f1fa832f36df5db7cb41d0be52dfa66e0300273a20ecd1ab49d115b2a72da7cf66e2b8e342afe3af609322a709decb23deaddb27de88d84a80258f36009d5d2bc21af1f3a85449665b4a260b0d2a1c4b5855feb83da7b5416bf75f764e3675e5f7dedbc0306b8edfda54a7aefa9d4b8709b23ab11bf9d8c275067f7aef0535aa8d90cd79c40e8e259de2f75c9e99eb8ba44951b534cb863264aad7ceeeb66a6b477f6a57440aed1c35c9dae455d26edef38924eff44fd4ce16b3b14d4b077d6c67c488c5847bea071e8bf048ba74474ebabe6cb1a490249eabc59cc8c9f1e87844d0dc6672955067921ece35c3eb7676a9b2ae680b8e0490f2d0ea7c59a7f786b1abe7315ddf76b3df3f6e9ffedb26da468ab27b83ea4dc9ffc07296d7d4bb7e2769477c1b2dd608de9b7325e3363fb9a7c4caedb7c24ba7bca5aa97daf2c2f9549332f2626d3a7294e11fe2d235f6c2ab664b69c732629cb20b585cadb1ffd20e9fc2c776f2b64e02f9ec5cf9d6bb377e6976ef758cc3555d9326b2a451a8206590c3fe1faee177515e72aeac875bb8b70de986029ab22ff86bdeb6ffe8ad03e95787022689202aba60672f1ecab11a2aa8047101007fc195d8ad413d4d6643a7e90c4c852fd701aba7e16d77da1cffd6003dc391a0844caac6871d79bbcb31236a62e421525d7e269c865261bab0b241bfb8aac8b1161413467f56ae0fe8c2339ae8a7837577d0faca579b0700e19f1cee38e29fa8c5850a0e4e61bef24c77772932f5583f3e351ddb4a102b8aa49890d48613eac47fb2aabe705f2d8d86aceb9305ccf447d53807aedf8b062801dfc84d57057aa3e170267941502e5389e7bc2e95814824e92ede83caab3b532002d236d9e3b4489eff1f18ac9489a0a5211a374cb99f593c23e97f3b2f91707486cd41b7a287f8f8629ce194734b09b21ed2a80092db4b000e791e77ece01c330559e710c4a9dbcb8c211ad7b56693b0a8f9066835dc8fe05a163c86a8de88d46ff5e19b27465ef24d072a21d173ad84aa8fa37901d220c6212ea12226b66547707a742097b0a885c228fd6a7509cc25f732ac16fdb4b5cd4bdeed2ad5291deddb4c5889ddf758448e83ab17a2a2856c4864a4b3bd5d89afe311fa5608d506400735e4dbd7857dddeafab9a314011302e8696d3bf9a93b2b11d178f4334aa4042f5e99fc115bf8d7c708f22b3933feaeb38ab07fb4e5f157c0b09518402c542ed0716faa196c96ede9ef5119a17ff7d1476c1ab2f5108a517c9b933d90cac95a4de6e424037bea00f8c993171622536ac91aff331a10c26a8c43bcc467a841cc5e841d12c8c43ee8b31ad27b259ee0ee42a51baf87b76029ce860e76d08b22cb2f116ff6dec2a0e53dee3cef2bf986a839ffb9e0bad528d643ac7ad9ce59ce653cb7782a7c9c854fbe8d0d57210e646830c701764621d0d33f22902d883fbbe64fa0371d17fe337662248c2f67228f6095c558a50f0cce59ef3665188f7cbf844349a168455de2d559aa9917d0c3a037637198c8fc29e3fb0487810c05ceb1c644a8221703abbf4f3e5750cea243326638ca47407f86d2c8d192608d3239149ecba1c2921e5caa7661cefef6d63278cca5f9a3640358abcb0ac43a61452b238f621cf22d9cb9903dfb3b0bf26b1d507645e1ecb0184b502308a6a91f1e3e233232167104aebef1329006850cf2ba3228898d1a9f5becae6cc637e47db778bee2c1787ffe63cf555f49e632a200713144e5665e289537fec4cebd296b809c6d0d767ab75b67b3ce8a722540ed24d70ced38e4b80b06c79d93c8dd05fa383d4269c118d8c62022ec5df45afa46941cf064df55096cf9a7de8e8d9faa340df0f6ff55766080ec6dfe1c611a58368c3d016914e6c3a33a65240304fbccbfce350b11b1d8923078a5aea52401f1f616d1f3a9f9f0be20cbb9790b2e2c8226f7bf310db390532438d8ca614c7daa0330b8a55c0270547ff0a70c8e885c2506ccdd7280028ad57aea803695c6c4684e62582e0cf9d057ecd6d7e4a10e732f3e3c0f2280d4deddfd0b1123182bfad1e2521cedd7bde39526e99f15b1e3261ec53947e8029af837340bf1da985c175086fdae4a054edb2b740fed21d2fadd24c36dc9cb7e2ac98b61a48038f68d62d43f8ed406372875add16b2a1d5bce2fe9a89566a36a7255f780d044af50ae9b582a98182c840eddc75f7e814cbbe303d0cbd1b6e71f764f4ce82e998c1c7cc98fd62d949830"}, &(0x7f0000000040)=0x1008)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000000c0)=ANY=[@ANYRES32=r4, @ANYBLOB="1b000000561443420000f3268f5ba23e218d113f3fbfb4e2911252eece329e"], &(0x7f0000000140)=0x23)
getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000001340)={'filter\x00', 0x1f, "2c5d5bdaa53510729ba20eabb66abece259fb66709c918fd9b48da23d99817"}, &(0x7f0000000000)=0x43)
ioctl(r2, 0x1000008912, &(0x7f0000001400)="0a5c2d023c156285718470d1a3cd7c1f1d48d06d1c141f73b41be75b97962722f95f42d2816e765a4a1c1f5d84dedaf5ab8b88041b66bbb9788075b3839416777fe11df5f8b1148efc3d5d3b8cb6bde55c967895b2213ead224108c72e9f2b1c8fe1bd3f115f177aa3adf5a3419c3682f27eb207394d997a5c905c5dae61533cdc63c88f2cf78df4526d")

08:16:57 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc1105517, &(0x7f0000000080))

08:16:57 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xffffa888]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:57 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0x4020940d, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:57 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xd00000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2439.557054] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2439.562643] CPU: 0 PID: 24210 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2439.570045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2439.579408] Call Trace:
[ 2439.582019]  dump_stack+0x244/0x39d
[ 2439.585677]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2439.590904]  handle_userfault.cold.32+0x47/0x62
[ 2439.595609]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2439.600229]  ? mark_held_locks+0x130/0x130
[ 2439.604488]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2439.609522]  ? futex_wait_setup+0x266/0x3e0
[ 2439.613881]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2439.613902]  ? userfaultfd_ctx_put+0x830/0x830
[ 2439.613923]  ? futex_wait+0x5a1/0xa50
[ 2439.623700]  ? print_usage_bug+0xc0/0xc0
[ 2439.623717]  ? print_usage_bug+0xc0/0xc0
[ 2439.623736]  ? print_usage_bug+0xc0/0xc0
[ 2439.623754]  ? zap_class+0x640/0x640
[ 2439.623772]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2439.623789]  ? futex_wake+0x304/0x760
[ 2439.652401]  ? find_held_lock+0x36/0x1c0
[ 2439.656495]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2439.661101]  ? lock_downgrade+0x900/0x900
[ 2439.665272]  ? kasan_check_read+0x11/0x20
[ 2439.669450]  ? do_raw_spin_unlock+0xa7/0x330
[ 2439.673873]  ? do_raw_spin_trylock+0x270/0x270
[ 2439.678478]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2439.684145]  __handle_mm_fault+0x4bbd/0x5be0
[ 2439.688580]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2439.693446]  ? zap_class+0x640/0x640
[ 2439.697174]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2439.702117]  ? kasan_check_read+0x11/0x20
08:16:57 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x4800000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:16:57 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc018aa3f, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2439.706277]  ? rcu_softirq_qs+0x20/0x20
[ 2439.710275]  ? zap_class+0x640/0x640
[ 2439.714001]  ? zap_class+0x640/0x640
[ 2439.717739]  ? find_held_lock+0x36/0x1c0
[ 2439.721844]  ? handle_mm_fault+0x42a/0xc70
[ 2439.726116]  ? lock_downgrade+0x900/0x900
[ 2439.730284]  ? check_preemption_disabled+0x48/0x280
[ 2439.735320]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2439.740279]  ? kasan_check_read+0x11/0x20
[ 2439.744448]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2439.749739]  ? rcu_softirq_qs+0x20/0x20
[ 2439.753726]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2439.758853]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2439.764421]  ? check_preemption_disabled+0x48/0x280
[ 2439.767442] IPVS: ftp: loaded support on port[0] = 21
[ 2439.769456]  handle_mm_fault+0x54f/0xc70
[ 2439.778705]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2439.783314]  ? find_vma+0x34/0x190
[ 2439.786878]  __do_page_fault+0x5e8/0xe60
[ 2439.790953]  ? trace_hardirqs_off+0xb8/0x310
[ 2439.790980]  do_page_fault+0xf2/0x7e0
[ 2439.790997]  ? vmalloc_sync_all+0x30/0x30
[ 2439.791017]  ? error_entry+0x70/0xd0
[ 2439.799220]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2439.799236]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2439.799254]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2439.799274]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2439.807137]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2439.807154]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2439.807171]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2439.807193]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2439.822073]  ? page_fault+0x8/0x30
[ 2439.822096]  ? trace_hardirqs_off_thunk+0x1a/0x1c
08:16:57 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0x5450, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:16:57 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

[ 2439.822112]  ? page_fault+0x8/0x30
[ 2439.822127]  page_fault+0x1e/0x30
[ 2439.822140] RIP: 0033:0x4510a0
[ 2439.822156] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2439.822164] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2439.822177] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2439.822186] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
08:16:57 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xb00000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2439.822201] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2439.832070] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2439.832081] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2439.889256] IPVS: ftp: loaded support on port[0] = 21
[ 2439.981664] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2439.986786] CPU: 0 PID: 24228 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2439.994173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2440.003536] Call Trace:
[ 2440.006153]  dump_stack+0x244/0x39d
[ 2440.009807]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2440.015038]  handle_userfault.cold.32+0x47/0x62
[ 2440.019739]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2440.019763]  ? mark_held_locks+0x130/0x130
[ 2440.028595]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2440.033628]  ? futex_wait_setup+0x266/0x3e0
[ 2440.037985]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2440.043190]  ? userfaultfd_ctx_put+0x830/0x830
[ 2440.043206]  ? futex_wait+0x5a1/0xa50
[ 2440.043229]  ? print_usage_bug+0xc0/0xc0
[ 2440.043246]  ? print_usage_bug+0xc0/0xc0
[ 2440.043265]  ? print_usage_bug+0xc0/0xc0
[ 2440.043285]  ? zap_class+0x640/0x640
[ 2440.055720]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2440.067533]  ? futex_wake+0x304/0x760
[ 2440.076444]  ? find_held_lock+0x36/0x1c0
[ 2440.080527]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2440.085122]  ? lock_downgrade+0x900/0x900
[ 2440.085145]  ? kasan_check_read+0x11/0x20
[ 2440.085159]  ? do_raw_spin_unlock+0xa7/0x330
[ 2440.085173]  ? do_raw_spin_trylock+0x270/0x270
[ 2440.085191]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2440.085216]  __handle_mm_fault+0x4bbd/0x5be0
[ 2440.085238]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2440.085255]  ? zap_class+0x640/0x640
[ 2440.085267]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2440.085281]  ? kasan_check_read+0x11/0x20
[ 2440.085299]  ? rcu_softirq_qs+0x20/0x20
[ 2440.093614]  ? zap_class+0x640/0x640
[ 2440.102581]  ? zap_class+0x640/0x640
[ 2440.102603]  ? find_held_lock+0x36/0x1c0
[ 2440.102629]  ? handle_mm_fault+0x42a/0xc70
[ 2440.102645]  ? lock_downgrade+0x900/0x900
[ 2440.102663]  ? check_preemption_disabled+0x48/0x280
[ 2440.102685]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2440.112712]  ? kasan_check_read+0x11/0x20
[ 2440.112729]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2440.112744]  ? rcu_softirq_qs+0x20/0x20
[ 2440.112759]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2440.112777]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2440.112796]  ? check_preemption_disabled+0x48/0x280
[ 2440.112819]  handle_mm_fault+0x54f/0xc70
[ 2440.121410]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2440.130481]  ? find_vma+0x34/0x190
[ 2440.138180]  __do_page_fault+0x5e8/0xe60
[ 2440.145940]  ? trace_hardirqs_off+0xb8/0x310
[ 2440.154306]  do_page_fault+0xf2/0x7e0
[ 2440.154324]  ? vmalloc_sync_all+0x30/0x30
[ 2440.154341]  ? error_entry+0x70/0xd0
[ 2440.154356]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2440.154386]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2440.154402]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2440.154418]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2440.154437]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2440.168536]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2440.177782]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2440.188417]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2440.197481]  ? page_fault+0x8/0x30
[ 2440.205598]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2440.214051]  ? page_fault+0x8/0x30
[ 2440.214068]  page_fault+0x1e/0x30
[ 2440.214081] RIP: 0033:0x4510a0
[ 2440.214098] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2440.214113] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2440.222054] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2440.222064] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2440.222073] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2440.222083] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2440.222092] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2440.522810] device bridge_slave_1 left promiscuous mode
[ 2440.528394] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2440.541331] device bridge_slave_0 left promiscuous mode
[ 2440.546993] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2440.572247] team0 (unregistering): Port device team_slave_1 removed
[ 2440.581886] team0 (unregistering): Port device team_slave_0 removed
[ 2440.591292] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 2440.605285] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 2440.631087] bond0 (unregistering): Released all slaves
[ 2441.550204] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2441.559660] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2441.567258] device bridge_slave_0 entered promiscuous mode
[ 2441.576638] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2441.583161] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2441.590492] device bridge_slave_0 entered promiscuous mode
[ 2441.662906] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2441.669357] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2441.676860] device bridge_slave_1 entered promiscuous mode
[ 2441.685896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2441.701911] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2441.712351] device bridge_slave_1 entered promiscuous mode
[ 2441.723260] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 2441.779841] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 2441.790902] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 2441.830842] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 2442.013049] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 2442.034701] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 2442.081456] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 2442.120689] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 2442.400831] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 2442.408431] team0: Port device team_slave_0 added
[ 2442.418197] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 2442.427198] team0: Port device team_slave_0 added
[ 2442.465548] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 2442.472899] team0: Port device team_slave_1 added
[ 2442.480821] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 2442.488663] team0: Port device team_slave_1 added
[ 2442.519266] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 2442.539858] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 2442.567793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 2442.594567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 2442.616797] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 2442.624021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2442.635238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 2442.645474] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 2442.653495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 2442.665111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 2442.681612] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 2442.690108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 2442.698517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 2442.719896] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 2442.727563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 2442.743544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 2442.872647] device bridge_slave_1 left promiscuous mode
[ 2442.878192] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2442.886202] device bridge_slave_0 left promiscuous mode
[ 2442.891712] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2442.926682] team0 (unregistering): Port device team_slave_1 removed
[ 2442.936447] team0 (unregistering): Port device team_slave_0 removed
[ 2442.947526] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 2442.959385] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 2442.989479] bond0 (unregistering): Released all slaves
[ 2443.529902] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2443.536357] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2443.543086] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2443.549470] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2443.557078] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 2443.565668] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2443.572095] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2443.578762] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2443.585218] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2443.593658] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 2443.712119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 2443.720336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 2445.677641] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2445.725559] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2445.848781] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 2445.874001] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 2446.004222] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 2446.010432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 2446.026354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2446.037549] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 2446.043862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 2446.059193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 2446.181104] 8021q: adding VLAN 0 to HW filter on device team0
[ 2446.210854] 8021q: adding VLAN 0 to HW filter on device team0
08:17:05 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xfffffffe]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:17:05 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000000)={0x9, 0x2, 0x8, 0x200, 'syz0\x00'})

08:17:05 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0x40049409, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:17:05 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x4c00000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:17:05 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
accept$packet(r0, &(0x7f0000000040)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000000c0)=0x14)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@empty}, 0x0, @in6}}, &(0x7f0000000140)=0xe8)
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@ipv4={[], [], @broadcast}, 0x4e22, 0x2, 0x4e23, 0xf596, 0xa, 0x20, 0x0, 0x8f, r3, r4}, {0x1ff, 0x6cc, 0x80000001, 0x2, 0x0, 0x7, 0x7, 0x10000}, {0x100000001, 0x1, 0x1000, 0xffffffff}, 0xffffffff, 0x0, 0x2, 0x0, 0x3, 0x1}, {{@in=@multicast1, 0x4d3, 0x3c}, 0x2, @in6, 0x0, 0x3, 0x0, 0x0, 0x3, 0x5, 0x7}}, 0xe8)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:17:05 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc0045878, &(0x7f0000000080))

08:17:05 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa04, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2447.289674] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2447.301354] CPU: 1 PID: 24767 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2447.308755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2447.314307] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2447.318113] Call Trace:
[ 2447.318142]  dump_stack+0x244/0x39d
[ 2447.318169]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2447.328868]  handle_userfault.cold.32+0x47/0x62
[ 2447.328904]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2447.343333]  ? mark_held_locks+0x130/0x130
[ 2447.347616]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2447.352650]  ? futex_wait_setup+0x266/0x3e0
[ 2447.357004]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2447.362215]  ? userfaultfd_ctx_put+0x830/0x830
[ 2447.367299]  ? futex_wait+0x5a1/0xa50
[ 2447.367323]  ? print_usage_bug+0xc0/0xc0
[ 2447.367342]  ? print_usage_bug+0xc0/0xc0
[ 2447.367361]  ? print_usage_bug+0xc0/0xc0
[ 2447.383396]  ? zap_class+0x640/0x640
[ 2447.387135]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2447.392257]  ? futex_wake+0x304/0x760
[ 2447.396100]  ? find_held_lock+0x36/0x1c0
[ 2447.400189]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2447.404784]  ? lock_downgrade+0x900/0x900
[ 2447.408956]  ? kasan_check_read+0x11/0x20
[ 2447.413128]  ? do_raw_spin_unlock+0xa7/0x330
[ 2447.417546]  ? do_raw_spin_trylock+0x270/0x270
[ 2447.422141]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2447.422169]  __handle_mm_fault+0x4bbd/0x5be0
[ 2447.422195]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2447.422213]  ? zap_class+0x640/0x640
[ 2447.440766]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2447.440783]  ? kasan_check_read+0x11/0x20
[ 2447.440800]  ? rcu_softirq_qs+0x20/0x20
[ 2447.440826]  ? zap_class+0x640/0x640
[ 2447.457574]  ? zap_class+0x640/0x640
[ 2447.461310]  ? find_held_lock+0x36/0x1c0
[ 2447.465404]  ? handle_mm_fault+0x42a/0xc70
[ 2447.469662]  ? lock_downgrade+0x900/0x900
[ 2447.473827]  ? check_preemption_disabled+0x48/0x280
[ 2447.478858]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2447.483819]  ? kasan_check_read+0x11/0x20
[ 2447.483835]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2447.483850]  ? rcu_softirq_qs+0x20/0x20
[ 2447.483866]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2447.483896]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2447.507926]  ? check_preemption_disabled+0x48/0x280
[ 2447.512969]  handle_mm_fault+0x54f/0xc70
[ 2447.517055]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2447.521659]  ? find_vma+0x34/0x190
[ 2447.525235]  __do_page_fault+0x5e8/0xe60
[ 2447.529309]  ? trace_hardirqs_off+0xb8/0x310
[ 2447.533747]  do_page_fault+0xf2/0x7e0
[ 2447.537565]  ? vmalloc_sync_all+0x30/0x30
[ 2447.541726]  ? error_entry+0x70/0xd0
[ 2447.545451]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2447.550479]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2447.555425]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2447.560379]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2447.565239]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2447.570275]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2447.575741]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2447.580774]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2447.585802]  ? page_fault+0x8/0x30
[ 2447.589357]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2447.594226]  ? page_fault+0x8/0x30
[ 2447.597776]  page_fault+0x1e/0x30
[ 2447.601248] RIP: 0033:0x4510a0
[ 2447.604456] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2447.623374] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2447.628745] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
08:17:05 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc020660b, &(0x7f0000000080))

[ 2447.636024] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2447.643301] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2447.650581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2447.657871] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2447.665213] CPU: 0 PID: 24772 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2447.672602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2447.681959] Call Trace:
[ 2447.684565]  dump_stack+0x244/0x39d
08:17:05 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0x2, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:17:05 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x4]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2447.688217]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2447.693436]  handle_userfault.cold.32+0x47/0x62
[ 2447.698138]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2447.702740]  ? mark_held_locks+0x130/0x130
[ 2447.706994]  ? find_held_lock+0x36/0x1c0
[ 2447.711104]  ? userfaultfd_ctx_put+0x830/0x830
[ 2447.715724]  ? kasan_check_read+0x11/0x20
[ 2447.719891]  ? print_usage_bug+0xc0/0xc0
[ 2447.723964]  ? do_raw_spin_trylock+0x270/0x270
[ 2447.728565]  ? print_usage_bug+0xc0/0xc0
[ 2447.732648]  ? print_usage_bug+0xc0/0xc0
[ 2447.736735]  ? zap_class+0x640/0x640
[ 2447.740467]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2447.740484]  ? futex_wake+0x304/0x760
[ 2447.749414]  ? find_held_lock+0x36/0x1c0
[ 2447.753514]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2447.758118]  ? lock_downgrade+0x900/0x900
[ 2447.762292]  ? kasan_check_read+0x11/0x20
[ 2447.766455]  ? do_raw_spin_unlock+0xa7/0x330
[ 2447.766472]  ? do_raw_spin_trylock+0x270/0x270
[ 2447.766492]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2447.766519]  __handle_mm_fault+0x4bbd/0x5be0
[ 2447.766544]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2447.790429]  ? zap_class+0x640/0x640
[ 2447.794158]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2447.799105]  ? kasan_check_read+0x11/0x20
[ 2447.803274]  ? rcu_softirq_qs+0x20/0x20
[ 2447.807277]  ? zap_class+0x640/0x640
[ 2447.811006]  ? zap_class+0x640/0x640
[ 2447.814740]  ? find_held_lock+0x36/0x1c0
[ 2447.818819]  ? handle_mm_fault+0x42a/0xc70
[ 2447.818838]  ? lock_downgrade+0x900/0x900
[ 2447.818857]  ? check_preemption_disabled+0x48/0x280
[ 2447.818875]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2447.818890]  ? kasan_check_read+0x11/0x20
[ 2447.818910]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2447.846691]  ? rcu_softirq_qs+0x20/0x20
[ 2447.850690]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2447.855813]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2447.861390]  ? check_preemption_disabled+0x48/0x280
[ 2447.866431]  handle_mm_fault+0x54f/0xc70
[ 2447.870511]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2447.875114]  ? find_vma+0x34/0x190
[ 2447.878675]  __do_page_fault+0x5e8/0xe60
[ 2447.882754]  ? trace_hardirqs_off+0xb8/0x310
[ 2447.887191]  do_page_fault+0xf2/0x7e0
08:17:05 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8035000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2447.891014]  ? vmalloc_sync_all+0x30/0x30
[ 2447.895184]  ? error_entry+0x70/0xd0
[ 2447.898913]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2447.903954]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2447.908896]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2447.913844]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2447.918707]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2447.918725]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2447.918743]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2447.918768]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2447.939258]  ? page_fault+0x8/0x30
[ 2447.942815]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2447.942834]  ? page_fault+0x8/0x30
[ 2447.942850]  page_fault+0x1e/0x30
[ 2447.942863] RIP: 0033:0x4510a0
[ 2447.942878] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2447.942886] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2447.942905] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
08:17:05 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0x5452, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

[ 2447.976817] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2447.976827] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2447.976837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2447.976847] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
08:17:05 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x600000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:17:05 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x3, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x6, 0x4000)

08:17:05 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x1ff, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x800455d1, &(0x7f0000000080))
r0 = fcntl$getown(0xffffffffffffffff, 0x9)
wait4(r0, &(0x7f0000000000), 0x8, &(0x7f0000000100))

08:17:05 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc1105511, &(0x7f0000000080))

08:17:06 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc0045878, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:17:06 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x3000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2448.234611] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2448.239175] CPU: 1 PID: 24815 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371
[ 2448.239188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2448.239194] Call Trace:
[ 2448.239222]  dump_stack+0x244/0x39d
[ 2448.239248]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2448.267385]  handle_userfault.cold.32+0x47/0x62
[ 2448.272088]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2448.276691]  ? mark_held_locks+0x130/0x130
[ 2448.280945]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2448.285974]  ? futex_wait_setup+0x266/0x3e0
[ 2448.290323]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2448.295539]  ? userfaultfd_ctx_put+0x830/0x830
[ 2448.300136]  ? futex_wait+0x5a1/0xa50
[ 2448.303971]  ? print_usage_bug+0xc0/0xc0
[ 2448.308052]  ? print_usage_bug+0xc0/0xc0
[ 2448.312144]  ? print_usage_bug+0xc0/0xc0
[ 2448.316260]  ? zap_class+0x640/0x640
[ 2448.320002]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2448.325119]  ? futex_wake+0x304/0x760
[ 2448.328972]  ? find_held_lock+0x36/0x1c0
[ 2448.333063]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2448.337677]  ? lock_downgrade+0x900/0x900
[ 2448.337704]  ? kasan_check_read+0x11/0x20
[ 2448.337719]  ? do_raw_spin_unlock+0xa7/0x330
[ 2448.337738]  ? do_raw_spin_trylock+0x270/0x270
[ 2448.355038]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2448.355068]  __handle_mm_fault+0x4bbd/0x5be0
[ 2448.355101]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2448.369961]  ? zap_class+0x640/0x640
[ 2448.373688]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2448.378639]  ? kasan_check_read+0x11/0x20
08:17:06 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8847000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

08:17:06 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0x40049409, &(0x7f0000000080))

[ 2448.382796]  ? rcu_softirq_qs+0x20/0x20
[ 2448.382825]  ? zap_class+0x640/0x640
[ 2448.382840]  ? zap_class+0x640/0x640
[ 2448.382861]  ? find_held_lock+0x36/0x1c0
[ 2448.390556]  ? handle_mm_fault+0x42a/0xc70
[ 2448.390582]  ? lock_downgrade+0x900/0x900
[ 2448.390601]  ? check_preemption_disabled+0x48/0x280
[ 2448.390619]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2448.406795]  ? kasan_check_read+0x11/0x20
[ 2448.406815]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2448.426178]  ? rcu_softirq_qs+0x20/0x20
[ 2448.430184]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2448.435303]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2448.435323]  ? check_preemption_disabled+0x48/0x280
[ 2448.435347]  handle_mm_fault+0x54f/0xc70
[ 2448.435377]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2448.445938]  ? find_vma+0x34/0x190
[ 2448.445961]  __do_page_fault+0x5e8/0xe60
[ 2448.445981]  ? trace_hardirqs_off+0xb8/0x310
[ 2448.466642]  do_page_fault+0xf2/0x7e0
[ 2448.470466]  ? vmalloc_sync_all+0x30/0x30
[ 2448.474638]  ? error_entry+0x70/0xd0
[ 2448.478380]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2448.483427]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2448.488391]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2448.493353]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2448.498221]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2448.503251]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2448.508718]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2448.513755]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2448.518789]  ? page_fault+0x8/0x30
[ 2448.522356]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2448.527222]  ? page_fault+0x8/0x30
[ 2448.527239]  page_fault+0x1e/0x30
[ 2448.527253] RIP: 0033:0x4510a0
[ 2448.527269] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2448.527284] RSP: 002b:00007f75238677a8 EFLAGS: 00010202
[ 2448.537462] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2448.537472] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850
[ 2448.537482] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
08:17:06 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000140)={'raw\x00', 0x2, [{}, {}]}, 0x48)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:17:06 executing program 1:
r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0x8010aa01, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})

08:17:06 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xfffffffffffff000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2448.537491] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4
[ 2448.537501] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2448.596605] FAULT_FLAG_ALLOW_RETRY missing 70
[ 2448.617558] CPU: 1 PID: 24821 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371
[ 2448.624945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2448.634311] Call Trace:
[ 2448.636925]  dump_stack+0x244/0x39d
[ 2448.640586]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2448.645805]  handle_userfault.cold.32+0x47/0x62
[ 2448.650525]  ? userfaultfd_ioctl+0x5610/0x5610
[ 2448.655129]  ? mark_held_locks+0x130/0x130
[ 2448.659389]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2448.664423]  ? futex_wait_setup+0x266/0x3e0
[ 2448.668772]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2448.673979]  ? userfaultfd_ctx_put+0x830/0x830
[ 2448.678582]  ? futex_wait+0x5a1/0xa50
[ 2448.682414]  ? print_usage_bug+0xc0/0xc0
[ 2448.686490]  ? print_usage_bug+0xc0/0xc0
[ 2448.686509]  ? print_usage_bug+0xc0/0xc0
[ 2448.686527]  ? zap_class+0x640/0x640
[ 2448.686549]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2448.698392]  ? futex_wake+0x304/0x760
[ 2448.698423]  ? find_held_lock+0x36/0x1c0
[ 2448.698449]  ? __handle_mm_fault+0x4bb0/0x5be0
[ 2448.716000]  ? lock_downgrade+0x900/0x900
[ 2448.720179]  ? kasan_check_read+0x11/0x20
[ 2448.724345]  ? do_raw_spin_unlock+0xa7/0x330
[ 2448.728775]  ? do_raw_spin_trylock+0x270/0x270
[ 2448.733383]  ? fault_dirty_shared_page.isra.87+0x320/0x320
[ 2448.739031]  __handle_mm_fault+0x4bbd/0x5be0
[ 2448.739057]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2448.739077]  ? zap_class+0x640/0x640
[ 2448.748314]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2448.748330]  ? kasan_check_read+0x11/0x20
[ 2448.748348]  ? rcu_softirq_qs+0x20/0x20
[ 2448.748383]  ? zap_class+0x640/0x640
[ 2448.768841]  ? zap_class+0x640/0x640
[ 2448.772600]  ? find_held_lock+0x36/0x1c0
[ 2448.776687]  ? handle_mm_fault+0x42a/0xc70
[ 2448.780931]  ? lock_downgrade+0x900/0x900
[ 2448.785093]  ? check_preemption_disabled+0x48/0x280
[ 2448.790128]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2448.795077]  ? kasan_check_read+0x11/0x20
[ 2448.799241]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2448.804539]  ? rcu_softirq_qs+0x20/0x20
[ 2448.808527]  ? trace_hardirqs_off_caller+0x310/0x310
[ 2448.811137] WARNING: CPU: 0 PID: 24855 at fs/userfaultfd.c:1569 userfaultfd_ioctl+0x3d30/0x5610
[ 2448.813648]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2448.822471] Kernel panic - not syncing: panic_on_warn set ...
[ 2448.828012]  ? check_preemption_disabled+0x48/0x280
[ 2448.838915]  handle_mm_fault+0x54f/0xc70
[ 2448.842992]  ? __handle_mm_fault+0x5be0/0x5be0
[ 2448.847600]  ? find_vma+0x34/0x190
[ 2448.851154]  __do_page_fault+0x5e8/0xe60
[ 2448.855226]  ? trace_hardirqs_off+0xb8/0x310
[ 2448.859660]  do_page_fault+0xf2/0x7e0
[ 2448.863476]  ? vmalloc_sync_all+0x30/0x30
[ 2448.867636]  ? error_entry+0x70/0xd0
[ 2448.871359]  ? trace_hardirqs_off_caller+0xbb/0x310
[ 2448.876395]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2448.881332]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2448.886278]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2448.891130]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2448.896152]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2448.901612]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2448.906657]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2448.911677]  ? page_fault+0x8/0x30
[ 2448.915230]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2448.920087]  ? page_fault+0x8/0x30
[ 2448.923635]  page_fault+0x1e/0x30
[ 2448.927097] RIP: 0033:0x4510a0
[ 2448.930301] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d
[ 2448.949210] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202
[ 2448.954584] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e
[ 2448.961857] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850
[ 2448.969142] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000
[ 2448.976429] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4
[ 2448.983705] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff
[ 2448.991015] CPU: 0 PID: 24855 Comm: syz-executor1 Not tainted 4.20.0-rc6+ #371
[ 2448.997708] kobject: 'loop5' (00000000a2eaaf9e): kobject_uevent_env
[ 2448.998402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2449.014150] Call Trace:
[ 2449.016753]  dump_stack+0x244/0x39d
[ 2449.020443]  ? dump_stack_print_info.cold.1+0x20/0x20
[ 2449.025663]  panic+0x2ad/0x55c
[ 2449.028874]  ? add_taint.cold.5+0x16/0x16
[ 2449.033056]  ? __warn.cold.8+0x5/0x45
[ 2449.036879]  ? userfaultfd_ioctl+0x3d30/0x5610
[ 2449.038306] kobject: 'loop5' (00000000a2eaaf9e): fill_kobj_path: path = '/devices/virtual/block/loop5'
[ 2449.041486]  __warn.cold.8+0x20/0x45
[ 2449.041501]  ? rcu_softirq_qs+0x20/0x20
[ 2449.041524]  ? userfaultfd_ioctl+0x3d30/0x5610
[ 2449.041543]  report_bug+0x254/0x2d0
[ 2449.066870]  do_error_trap+0x11b/0x200
[ 2449.070796]  do_invalid_op+0x36/0x40
[ 2449.070874] kobject: 'loop4' (000000001a401bbc): kobject_uevent_env
[ 2449.074521]  ? userfaultfd_ioctl+0x3d30/0x5610
[ 2449.074552]  invalid_op+0x14/0x20
[ 2449.074566] RIP: 0010:userfaultfd_ioctl+0x3d30/0x5610
[ 2449.074588] Code: 85 c0 f6 ff ff 48 c1 e8 03 42 80 3c 30 00 0f 84 a3 fa ff ff 48 8b bd c0 f6 ff ff e8 aa 64 db ff e9 92 fa ff ff e8 80 ff 97 ff <0f> 0b e9 cd f7 ff ff e8 74 ff 97 ff 48 8b 95 f0 f6 ff ff b9 01 00
[ 2449.074596] RSP: 0018:ffff8881d8857270 EFLAGS: 00010212
[ 2449.074609] RAX: 0000000000040000 RBX: 00000000080020d0 RCX: ffffc9000e736000
[ 2449.074618] RDX: 00000000000000a8 RSI: ffffffff81e784f0 RDI: 0000000000000007
[ 2449.074633] RBP: ffff8881d8857c00 R08: ffff888184ece000 R09: 0000000000000008
[ 2449.082907] kobject: 'loop4' (000000001a401bbc): fill_kobj_path: path = '/devices/virtual/block/loop4'
[ 2449.085630] R10: 0000000000000682 R11: ffff888184ece000 R12: 0000000020013000
[ 2449.089618] kobject: 'loop3' (00000000b6f03f70): kobject_uevent_env
[ 2449.094266] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8881d8fd9a50
[ 2449.094296]  ? userfaultfd_ioctl+0x3d30/0x5610
[ 2449.094320]  ? __lock_acquire+0x62f/0x4c20
[ 2449.094348]  ? userfaultfd_read+0x2c0/0x2c0
08:17:07 executing program 3:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x500000000000000, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)

08:17:07 executing program 0:
openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0)
r0 = socket$l2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000014000/0x1000)=nil, 0x1000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000})
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")

08:17:07 executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x14b000)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x40000, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xc8, r2, 0xa10, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x9c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x290}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000)
sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000000340)={&(0x7f0000000100), 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x16c, r2, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xd0, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}, @TIPC_NLA_MEDIA={0x1c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x830}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x800}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x57b}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_NODE={0x20, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x40800}, 0x48040)
ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x80045500, &(0x7f0000000000))
ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080))

08:17:07 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(r1, 0xc0405519, &(0x7f0000000080))

[ 2449.113910] kobject: 'loop3' (00000000b6f03f70): fill_kobj_path: path = '/devices/virtual/block/loop3'
[ 2449.118633]  ? perf_trace_sched_process_exec+0x860/0x860
[ 2449.118652]  ? do_raw_spin_unlock+0xa7/0x330
[ 2449.203285]  ? do_raw_spin_trylock+0x270/0x270
[ 2449.207904]  ? lock_acquire+0x1ed/0x520
[ 2449.211903]  ? __might_sleep+0x95/0x190
[ 2449.215899]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2449.221452]  ? refill_pi_state_cache.part.8+0x310/0x310
[ 2449.226827]  ? zap_class+0x640/0x640
[ 2449.230560]  ? print_usage_bug+0xc0/0xc0
[ 2449.235092]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2449.240658]  ? get_futex_value_locked+0xcb/0xf0
[ 2449.245349]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2449.250413]  ? futex_wait_setup+0x266/0x3e0
[ 2449.252118] kobject: 'kvm' (000000008264ae58): kobject_uevent_env
[ 2449.254759]  ? __lock_acquire+0x62f/0x4c20
[ 2449.254783]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2449.254798]  ? futex_wait+0x5ec/0xa50
[ 2449.254822]  ? mark_held_locks+0x130/0x130
[ 2449.269385] kobject: 'kvm' (000000008264ae58): fill_kobj_path: path = '/devices/virtual/misc/kvm'
[ 2449.270423]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 2449.270448]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[ 2449.270463]  ? futex_wake+0x304/0x760
[ 2449.270489]  ? __lock_acquire+0x62f/0x4c20
[ 2449.305880]  ? mark_held_locks+0x130/0x130
[ 2449.310133]  ? zap_class+0x640/0x640
[ 2449.313879]  ? do_futex+0x249/0x26d0
[ 2449.317620]  ? find_held_lock+0x36/0x1c0
[ 2449.321699]  ? find_held_lock+0x36/0x1c0
[ 2449.325787]  ? __fget+0x4aa/0x740
[ 2449.329254]  ? lock_downgrade+0x900/0x900
[ 2449.333431]  ? check_preemption_disabled+0x48/0x280
08:17:07 executing program 2:
syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xf0ffffffffffff]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0)

[ 2449.338468]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 2449.343425]  ? kasan_check_read+0x11/0x20
[ 2449.347597]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2449.352896]  ? rcu_softirq_qs+0x20/0x20
[ 2449.356898]  ? __fget+0x4d1/0x740
[ 2449.360391]  ? ksys_dup3+0x680/0x680
[ 2449.364304]  ? __might_fault+0x12b/0x1e0
[ 2449.368403]  ? lock_downgrade+0x900/0x900
[ 2449.372573]  ? lock_release+0xa00/0xa00
[ 2449.376573]  ? userfaultfd_read+0x2c0/0x2c0
[ 2449.380525] kobject: 'loop2' (00000000c50425b8): kobject_uevent_env
[ 2449.380910]  do_vfs_ioctl+0x1de/0x1790
[ 2449.380926]  ? do_vfs_ioctl+0x1de/0x1790
[ 2449.380948]  ? ioctl_preallocate+0x300/0x300
[ 2449.380966]  ? __fget_light+0x2e9/0x430
[ 2449.380982]  ? fget_raw+0x20/0x20
[ 2449.381001]  ? _copy_to_user+0xc8/0x110
[ 2449.399638] kobject: 'loop2' (00000000c50425b8): fill_kobj_path: path = '/devices/virtual/block/loop2'
[ 2449.399794]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2449.424779] kobject: 'kvm' (000000008264ae58): kobject_uevent_env
[ 2449.426148]  ? put_timespec64+0x10f/0x1b0
[ 2449.426168]  ? nsecs_to_jiffies+0x30/0x30
[ 2449.426188]  ? do_syscall_64+0x9a/0x820
[ 2449.426204]  ? do_syscall_64+0x9a/0x820
[ 2449.426222]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 2449.426244]  ? security_file_ioctl+0x94/0xc0
[ 2449.443700] kobject: 'kvm' (000000008264ae58): fill_kobj_path: path = '/devices/virtual/misc/kvm'
[ 2449.444728]  ksys_ioctl+0xa9/0xd0
[ 2449.444750]  __x64_sys_ioctl+0x73/0xb0
[ 2449.444769]  do_syscall_64+0x1b9/0x820
[ 2449.444786]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 2449.444805]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 2449.444825]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2449.493168]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2449.498201]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2449.503233]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 2449.508266]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2449.513130]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2449.517710] kobject: 'loop4' (000000001a401bbc): kobject_uevent_env
[ 2449.518339] RIP: 0033:0x457679
[ 2449.525755] kobject: 'kvm' (000000008264ae58): kobject_uevent_env
[ 2449.527937] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2449.527946] RSP: 002b:00007f613f0c6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2449.527962] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457679
[ 2449.527972] RDX: 0000000020019000 RSI: 000000008010aa01 RDI: 0000000000000003
[ 2449.527981] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 2449.527990] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f613f0c76d4
[ 2449.528003] R13: 00000000004c16fe R14: 00000000004d3298 R15: 00000000ffffffff
[ 2449.540015] kobject: 'loop4' (000000001a401bbc): fill_kobj_path: path = '/devices/virtual/block/loop4'
[ 2449.562269] Kernel Offset: disabled
[ 2449.611654] Rebooting in 86400 seconds..