936d5bdee4615741bb2a44ddbc95e9f79ca3e2e3f6afd659046645a5f65864cc41faa0297b5cbfb739c0a5311c2f0a611fcbacfe5a0036bfce0c82ee1225331c63380da71d41aa75d10641a10036373768a0c349a8f8d3c52f29f19819832c73fd5629c00a0cccd6ff8bb2fece19fb5f07403c635368ab82a21419e34e2cf8552d6a9cf3fbd049adbdb2406e1b92dd363a201c42196c3e9c2f93ba42635e5c904ac49ad469a27b55066dc1fb1258f6b67aa304c45f047aaf4d46e972e71d5b68e1d47d935feea2349b1aa6cee4ecff2da22c99a1dda4e577818df5c48c3bca87c9e60858ee2d294b3cb6cfa576c6daf4633ab463480e04890408780f1b5933487a1d17f905bfd2abc48cc93ef84f33747dda71948dfe30aaf08f55dcddf5e800e4e95d8c15d2e4e5dffe0fd6c2077afc5de8b187cfa7b64c3c80ad978973196a227e09852aa9ad479b147aca3851f4a0cf2b72aa0ae080e8b42784490be7d958c72a2f0868699b61fa774a991a476c98af44611593b1b991ed2556a6420d78dbeef83bf3b41cae1e1221af61c4e1bc27d3f36fbe14ca00fa90c822e1d6c0055403a68576ac82a72e66fb15860cd77330e8ee4487b3c254e3a3303aa9e0d23b3bf54a9e608c9fac70cc83865d48374264daa422aa332604bb8e22b360fc5ce139b5d682d186a5051c380518b3ecb20439f3e8ed32f30581733397de83f710c5a04ce011db094c83d5f2c18d956e95ad83f6d649542d5ecc489b05f3426d3fa7c93aeb981b5d6d2c888ce29e3fd3f77efab810dab370a980aae1db44f596649f6091d1d640f9bb6415312a2750010c97236b50b795f673b40bf0ba03998e3c94881e2b0a570b62323c13090530def5ef760caa0e25b84ec2afd8401d30e18f13ae934f7dec625368f352825662d55c6e98978bf695f3eacc7c2aa51fc197080e1f5fe1aa7cffcf3fd200e26923280e076df4c6f03e6f8057d65868832f19294b608702ae4e8480a9446f663f08c3ec31328c21bde1c938224e94d676d47a309c6fdf67a81e7a8cd3c26dde90cf03c9832b59d2289c4dc53134bfe2578c1239524efe9ecd56e56e6a97e0f582e0ecedd7404351b470ef83fbd12cdc3474a2b9fe9f5874799942df93575331d4d82f5c6d49f5c48d75c042e4ae0682b72a7b9e8f38d0b069b8d099f4bd61a170cbcc6158f2ab46451e4efe34782db93942b9444511308359bd45c91f8898c9f8fbe8c1b102528fcf88453c0d22bb78d5e326c706d46f5a2623f89d34a29dd816ef485c8b619744d73d94189fa573f029efe5eeb68106a111113fa1226790a57f58138bb8dd4ac28ba56d80b7f409952b751af166ce9823df68a7fae2424d92f19d6675c1eab4e81842004e128679c60c81064cb8103ab82561fe7756347044383bb6266870634f15cce87b87649a90b0679f191d86c1ef48d52ef4e3982fc5785453857a3b2d431671293a421dc82baf73b32829cc8ad1b241008c04b854a3397cabe52ec9437b1ebccf478b218a16a2c1350086232078a6142ac56f1cb32f36a3dc7fd87321cde35cce521d2855303577dc8211a5e2bd215e6ad2d43739ab4e97e866c84be789d7871c1211aa9e9c0c563b809aebedfa9b2ce561c49a1559b8b9daa5c1bee53a0da6dd7948167de2ddad43e7cd1d336d95c0f8f83dd0dfab502aec8d0221e1ce370784f3bd2321943efd84a813c708452997079fbcdb0d1ed60a6afa776368964987b77a9aca926ad3d32c8a24653a22d48a9579316518c028e1dd64d55fac214e295ccaf370d99005df43b445c8620dbc158c285d8846f3c3e8759677025dc21db85576cb3c00a2f4918daee5f14ddb91ab01d28eb1840724635ff45aa5fe48c38b7932daa98ecb87a3bd4854fe30fb9989399319e9001ae5b69ab83bdff54914e3d95c0a1f0f0abb48ed2eced701ef14d8bb38fa0e2de8112255a3c26507972e00d256a3f1036e2ff151d70620b051131a56af7964ec63743ba298ca80a07b706b6fda1fdb1ccc84245859de926f4ef2ee30c236a9c7febe9a1eacea6863888bd4cf3d605b8a18ee196f219e42a54b7b8cd0a48c45fd1a8027cf45aa6656c7cd7ec314b27843e2f1fcd161ded6cd9eca4224ec1d3892a95a2c3fa7ebbbba01606893352eb56532a01ec093f5dc00bd428dca8f22841658e8295afc91808aeda32996442c672d7268ded9ec550f362d2ac5a337c918def2406b075f99aad9561da1e91468f87780882aa01804956e13aab202cf775aedc7073dca25c8b84d56b88204c107a479c08274cfb84f0dbf3e1e33e8ccf429e4876f1ece5769ec1a28603e030d46b229cd6bd44a8f705d36c9d83e9cd70ef8a43ceacbd670a049abcf1de261e1d0f38b9f34a94c38bbeaf9469f9b20cee6d2fa436050a420dd0060529bb1405dea8bea0d668b2c3052cd1594d6e6b793649a06d8b0c670277d85cc7cc2879ee25f1ad1f960cba85a219860f1f4b2e087aec7d1fc9ccc929310b400db3597cb6d029b2b70569e03fcc52f194fd25950c1060e50c55d8c9bd2b5e79a37b4d78187a2442855567cc16ec399c5b484bab9531f2975f38cd3d9415fcda57fa4e2304df25b83a2c56ce52bb4c3cdadd0b31b2a8971c8a072659f8577b0c6bc3cf78cf63050eaf3964af20fee2ab6096c34aa52595e983da8f81b36ca9ccfdce663bab408f4ccd918ecbdb448a7b7bbc3620081cecac95e30bbc8a5356e95fa45517177709dc42be0a8143b7ed135354857758bcad11e6145cf517808b1341e3a78f73aedf5ddb59c4d8f62f7deef852b56ea3a6") 08:15:50 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x10001000008914, &(0x7f0000000180)="0a472d000412620471c0705f239b63ed92d841894d501b5a3c49bc7928578b9234e853480e820895c79921e3d82681728e986cfdd5291faa3dfa5c07f57040fa9cc5266d8e6fe4114f79cd234f735e1e98eb34689ca71ba869167632c3b29891f3e1d0f5b2e0137995d55a34388434") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) [ 2373.114882] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2373.137728] CPU: 1 PID: 21000 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2373.145115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2373.145123] Call Trace: [ 2373.145150] dump_stack+0x244/0x39d [ 2373.145177] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2373.145212] handle_userfault.cold.32+0x47/0x62 [ 2373.145245] ? userfaultfd_ioctl+0x5610/0x5610 [ 2373.145266] ? mark_held_locks+0x130/0x130 [ 2373.145291] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2373.170700] ? futex_wait_setup+0x266/0x3e0 [ 2373.170732] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2373.170755] ? userfaultfd_ctx_put+0x830/0x830 [ 2373.198649] ? futex_wait+0x5a1/0xa50 [ 2373.202475] ? print_usage_bug+0xc0/0xc0 [ 2373.206554] ? print_usage_bug+0xc0/0xc0 [ 2373.210633] ? print_usage_bug+0xc0/0xc0 [ 2373.214707] ? zap_class+0x640/0x640 [ 2373.218435] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2373.223552] ? futex_wake+0x304/0x760 [ 2373.227381] ? find_held_lock+0x36/0x1c0 [ 2373.231624] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2373.236227] ? lock_downgrade+0x900/0x900 [ 2373.240398] ? kasan_check_read+0x11/0x20 [ 2373.244557] ? do_raw_spin_unlock+0xa7/0x330 [ 2373.248979] ? do_raw_spin_trylock+0x270/0x270 [ 2373.253581] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2373.259235] __handle_mm_fault+0x4bbd/0x5be0 [ 2373.263667] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2373.268529] ? zap_class+0x640/0x640 [ 2373.272256] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2373.277201] ? kasan_check_read+0x11/0x20 [ 2373.281370] ? rcu_softirq_qs+0x20/0x20 [ 2373.285376] ? zap_class+0x640/0x640 [ 2373.289102] ? zap_class+0x640/0x640 [ 2373.292843] ? find_held_lock+0x36/0x1c0 [ 2373.296926] ? handle_mm_fault+0x42a/0xc70 [ 2373.296946] ? lock_downgrade+0x900/0x900 [ 2373.296965] ? check_preemption_disabled+0x48/0x280 [ 2373.296984] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2373.297004] ? kasan_check_read+0x11/0x20 [ 2373.305388] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2373.305403] ? rcu_softirq_qs+0x20/0x20 [ 2373.305420] ? trace_hardirqs_off_caller+0x310/0x310 08:15:51 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x7000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:51 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x89060000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2373.305439] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2373.305462] ? check_preemption_disabled+0x48/0x280 [ 2373.344435] handle_mm_fault+0x54f/0xc70 [ 2373.348523] ? __handle_mm_fault+0x5be0/0x5be0 [ 2373.353129] ? find_vma+0x34/0x190 [ 2373.356689] __do_page_fault+0x5e8/0xe60 [ 2373.360764] ? trace_hardirqs_off+0xb8/0x310 [ 2373.365343] do_page_fault+0xf2/0x7e0 [ 2373.369159] ? vmalloc_sync_all+0x30/0x30 [ 2373.373333] ? error_entry+0x70/0xd0 [ 2373.377068] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2373.382097] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2373.387039] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2373.391992] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2373.396857] ? trace_hardirqs_on_caller+0x310/0x310 [ 2373.396875] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2373.396893] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2373.396911] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2373.396929] ? page_fault+0x8/0x30 [ 2373.407396] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2373.407415] ? page_fault+0x8/0x30 [ 2373.407433] page_fault+0x1e/0x30 [ 2373.407446] RIP: 0033:0x4510a0 08:15:51 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0xd000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2373.407463] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2373.407477] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2373.460303] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2373.467590] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2373.474870] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2373.482148] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 08:15:51 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0x3, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB="490000007516ed7189a9f465feffffffffffffff6a26b93b3bf3eea106f00286a5f2137738fa1c5d6e08131a678f4eb46d7705f7d28bf3f6523a2e602cc3fdd962bd402d9eef1c7584e72ebb3a"], &(0x7f0000000100)=0x51) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000200)={r2, 0x6, 0x1, [0x1f]}, &(0x7f0000000240)=0xa) setsockopt$packet_int(r1, 0x107, 0x1f, &(0x7f0000000040), 0x4) getsockopt$inet_mreq(r1, 0x0, 0x0, &(0x7f0000000280)={@multicast1, @empty}, &(0x7f00000002c0)=0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x40, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000003c0)={r3, 0x9c, &(0x7f0000000300)=[@in6={0xa, 0x4e20, 0x8, @remote, 0x2}, @in6={0xa, 0x4e21, 0x100000000, @empty, 0x7}, @in={0x2, 0x4e24, @multicast1}, @in6={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0x16}, 0x400}, @in6={0xa, 0x4e20, 0x2, @empty, 0xc5}, @in6={0xa, 0x4e22, 0x8, @empty, 0xa902}]}, &(0x7f0000000400)=0x10) [ 2373.489431] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2373.506826] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2373.511377] CPU: 1 PID: 21002 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2373.518753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2373.528124] Call Trace: [ 2373.530729] dump_stack+0x244/0x39d [ 2373.534372] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2373.539588] handle_userfault.cold.32+0x47/0x62 [ 2373.544278] ? userfaultfd_ioctl+0x5610/0x5610 [ 2373.548873] ? mark_held_locks+0x130/0x130 [ 2373.553119] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2373.558146] ? futex_wait_setup+0x266/0x3e0 [ 2373.562493] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2373.567689] ? userfaultfd_ctx_put+0x830/0x830 [ 2373.572273] ? futex_wait+0x5a1/0xa50 [ 2373.576091] ? print_usage_bug+0xc0/0xc0 [ 2373.580157] ? print_usage_bug+0xc0/0xc0 [ 2373.584228] ? print_usage_bug+0xc0/0xc0 [ 2373.588294] ? zap_class+0x640/0x640 [ 2373.592025] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2373.597132] ? futex_wake+0x304/0x760 [ 2373.600947] ? find_held_lock+0x36/0x1c0 [ 2373.605026] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2373.609618] ? lock_downgrade+0x900/0x900 [ 2373.613778] ? kasan_check_read+0x11/0x20 [ 2373.617932] ? do_raw_spin_unlock+0xa7/0x330 [ 2373.622355] ? do_raw_spin_trylock+0x270/0x270 [ 2373.626945] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2373.632584] __handle_mm_fault+0x4bbd/0x5be0 [ 2373.637010] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2373.641862] ? zap_class+0x640/0x640 [ 2373.645577] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2373.650513] ? kasan_check_read+0x11/0x20 [ 2373.654670] ? rcu_softirq_qs+0x20/0x20 [ 2373.658660] ? zap_class+0x640/0x640 [ 2373.662382] ? zap_class+0x640/0x640 [ 2373.666107] ? find_held_lock+0x36/0x1c0 [ 2373.670184] ? handle_mm_fault+0x42a/0xc70 [ 2373.674433] ? lock_downgrade+0x900/0x900 [ 2373.678591] ? check_preemption_disabled+0x48/0x280 [ 2373.683615] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2373.688550] ? kasan_check_read+0x11/0x20 [ 2373.692701] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2373.697981] ? rcu_softirq_qs+0x20/0x20 [ 2373.701965] ? trace_hardirqs_off_caller+0x310/0x310 [ 2373.707078] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2373.712625] ? check_preemption_disabled+0x48/0x280 [ 2373.717658] handle_mm_fault+0x54f/0xc70 [ 2373.721732] ? __handle_mm_fault+0x5be0/0x5be0 [ 2373.726342] ? find_vma+0x34/0x190 [ 2373.729888] __do_page_fault+0x5e8/0xe60 [ 2373.733949] ? trace_hardirqs_off+0xb8/0x310 [ 2373.738374] do_page_fault+0xf2/0x7e0 [ 2373.742185] ? vmalloc_sync_all+0x30/0x30 [ 2373.746345] ? error_entry+0x70/0xd0 [ 2373.750070] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2373.755088] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2373.760021] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2373.764958] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2373.769803] ? trace_hardirqs_on_caller+0x310/0x310 [ 2373.774827] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2373.780288] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2373.785330] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2373.790361] ? page_fault+0x8/0x30 [ 2373.793908] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2373.798762] ? page_fault+0x8/0x30 [ 2373.802308] page_fault+0x1e/0x30 [ 2373.805782] RIP: 0033:0x4510a0 [ 2373.808980] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2373.827881] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2373.833245] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2373.840515] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2373.847786] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2373.855057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2373.862340] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:15:51 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4c00000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:51 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 08:15:51 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)="2f6465762f696e7075742f6576656e742302", 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:51 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = semget$private(0x0, 0x3, 0x203) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x11) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000610}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x50, r4, 0x714, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x3c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4a9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80000001}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) semctl$IPC_INFO(r2, 0x5, 0x3, &(0x7f0000000040)=""/43) 08:15:51 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x14, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f00000000c0)) 08:15:51 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0xe80, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:51 executing program 1: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xfc, 0x114, 0xffffffffffff5707, {"580496662dc4629e54fc6d1f50bab964a2fc4ec58a27c8d26165230449ab07262f46a2736252f13757cdf9f2fa1cdae3492904692bfd5e0a5262494cdb359bbbf5975b9f4c75e1ae43232b6f34447bcad7b1668f28e798cf5a0b137dce5a509c35682021389df7919b85a7b32c801377a7de098f9efc17d72b4f34f182c36869f1a4c009beccd174e30ec0a5dbadd07d632122f01ff9fdc35d1a150c0ae41f4e2256df984224514e85bb0822c419ecf2a07fa5514c0647f3f909517e105995bbda2265e486e48c6a0c4f1978d41431ee99a0b154089cb6d2e9494a4cc371ffe18113160c74b36ebb69bb6963debb7e23f66c1c0b0be2e8fa2f4f95"}}, {0x0, "c0f44b44a235f6eaa56f918d3f79b162f9e0cd808cebeb96bc4a09a36e1da5ccabeda816749189af17777275e1acdd1df2c456648c76ae969a45d189cb1c7a4a737f2fd6957d0ba53662a8255f7d9f12b44d70deda680d9055bd42f8b982155a81cd8f023565ecc933740a588cc6a522194f4f67a8e2634767be5ee29f9683f79be2f4c6da682a3d01821d480cadf655dec28af41f60f402d020308f05d8d0275b8f750b10d93c8dafc9a1be2844c22dc30e0157d818d937d7eab6af72337dcf8094"}}, &(0x7f0000000500), 0x1d8, 0x0, 0x1}, 0x20) fsetxattr$security_ima(r0, &(0x7f0000000580)='security.ima\x00', &(0x7f00000005c0)=@md5={0x1, "454479ce8cbc894d8c6f767e8ec306b7"}, 0x11, 0x2) r1 = socket$l2tp(0x18, 0x1, 0x1) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x6, 0x101400) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000000080)={0xfffffffffffffff7, 0x0, 0x5b, 0x17424fa2, 0x0}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x19, &(0x7f0000000200)={r3, 0xde3}, 0x8) r4 = perf_event_open(&(0x7f0000014f88)={0x101, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) flock(r4, 0x8) r5 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x2, 0x210000) sendto$inet(r5, &(0x7f0000000140)="ff218b2ebb33f812545e1a22c90f8180e2a58eacb7199d90d0a4fbca29ac20b82ae108b5c2fa9f95c56560ec7774adbc7ae1bd9fe425f47586826ceb3dc90f1f2bb0e8f546e060f2ea00517dfd73f6a26a5dd46d17b335d020b363", 0x5b, 0x20040000, &(0x7f00000001c0)={0x2, 0x4e24, @local}, 0x10) sendmsg$kcm(r2, &(0x7f0000000800)={&(0x7f0000000600)=@sco={0x1f, {0x7, 0xff, 0x81, 0x4, 0x0, 0x6}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000680)="299485f47653bd57602a578d4560b02214f594c97d3f9f91da1298cb2a4831bf7db9277b28d74c8856c72e42205e0668cf1816ed52b20589d2d99e528484e38da842ec1d4ba8afa575744095d1f3f3123f65d9d3cf13e66f8b51fbef139106d56f7b900f50293f7e960a1b44b6389e162bdb91919fd27e2c1ecb4493279c0cd4809158892bf199b82250bfad6ae47f6353ba750c14a226", 0x97}], 0x1, &(0x7f0000000740)=ANY=[@ANYBLOB="b8190000a6aa00001201000006000000121c7e60436a78fa51762f69853b56255ffee3f83babb9cf02c65d98b81994d6c9def69977eb64d9271216eeb29b7d2f283a40f4e1afe5f6d75e869c1b854ba325798644b633c106815931b19a4a69c0adc4fa39ae2e513fc7e0dd79ada3129a3b61c51267b60d77e863eddce5e7420d5a08a74156f8117f5f2afc32996b5f41583a7d2020a5f01e0c7e98039a7be61d0537a7fa42f572d33a25085936b86506d9ae46fd4a000000"], 0xb8}, 0x1) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000240)=""/108, &(0x7f00000002c0)=0x6c) close(r4) [ 2374.106688] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2374.115770] CPU: 1 PID: 21054 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2374.123152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2374.132517] Call Trace: [ 2374.135137] dump_stack+0x244/0x39d [ 2374.138789] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2374.144017] handle_userfault.cold.32+0x47/0x62 [ 2374.148724] ? userfaultfd_ioctl+0x5610/0x5610 08:15:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x202, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000400)="637075616363742e737461740081f77c4e9b7b584bbfbfa74a8237ef2f0800000009b4eb2d07648600698a3b70ed2eebfb006fe4b56163020700000000000044323c20d51bd5aa613545078f52d43cc2d21aea3e6a664fb47bb53efb57cc0db0b4fa337c186c46dd49f512401fac9a8834d29e3ff46a763574c71173cee57b878f943f71a367911c202f40428a4a2596744f104a829c25001a53e35da2fa91d89e41", 0x0, 0x0) ioctl$EVIOCSCLOCKID(r2, 0x400445a0, &(0x7f0000000280)=0x5073) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x800455d1, &(0x7f0000000080)) r3 = fcntl$getown(r0, 0x9) ptrace$setregset(0x4205, r3, 0x7, &(0x7f0000000040)={&(0x7f00000000c0)="941e95dedf27e38f395a2955936d3c4bf9e51db58444a91e3ea0b782c33abcefea84b58e30010ebf0613cc6ed219e17cb85165cebc62da05788a97f67ba717dcc6deddf6daf8627a1e88088d55ab94cfd90acf35bb1cf7d601164b53d0e6595c2c0abdce5656c3f475566a41e25e509c5c803af575fb05fcb366bacbe6f57da16f5cfea5d3d9e72f158dc0df5879eaa8e6d4bfaea21eedc93e71250752e70d5ee9c5449d41ba7520a8b2c20a86c85d08c8ba04700424fcdb6f0806fcabf5436f7f9ac8dda97d6c46fdb79fbc89889c817d6b13da27422701bff8fee1c893d85c71129e29df340dc6f9ede8e7e133170a39fa7b", 0xf3}) setrlimit(0xf, &(0x7f0000000000)={0x5, 0x68}) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f00000002c0)={0x2, 0xbc}) r4 = dup(r0) accept$packet(r4, &(0x7f00000001c0), &(0x7f0000000200)=0x14) syz_open_dev$sndctrl(&(0x7f0000000300)='/dev/snd/controlC#\x00', 0x7, 0x400000) [ 2374.153342] ? mark_held_locks+0x130/0x130 [ 2374.157605] ? find_held_lock+0x36/0x1c0 [ 2374.161693] ? userfaultfd_ctx_put+0x830/0x830 [ 2374.166296] ? kasan_check_read+0x11/0x20 [ 2374.170473] ? print_usage_bug+0xc0/0xc0 [ 2374.174544] ? do_raw_spin_trylock+0x270/0x270 [ 2374.179143] ? print_usage_bug+0xc0/0xc0 [ 2374.183222] ? print_usage_bug+0xc0/0xc0 [ 2374.187302] ? zap_class+0x640/0x640 [ 2374.191043] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2374.196156] ? futex_wake+0x304/0x760 [ 2374.199989] ? find_held_lock+0x36/0x1c0 [ 2374.204072] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2374.204091] ? lock_downgrade+0x900/0x900 [ 2374.204117] ? kasan_check_read+0x11/0x20 [ 2374.217019] ? do_raw_spin_unlock+0xa7/0x330 [ 2374.217034] ? do_raw_spin_trylock+0x270/0x270 [ 2374.217059] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2374.231683] __handle_mm_fault+0x4bbd/0x5be0 [ 2374.236120] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2374.240989] ? zap_class+0x640/0x640 [ 2374.244713] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2374.249658] ? kasan_check_read+0x11/0x20 08:15:52 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) fcntl$getown(r0, 0x9) [ 2374.253822] ? rcu_softirq_qs+0x20/0x20 [ 2374.257829] ? zap_class+0x640/0x640 [ 2374.261565] ? zap_class+0x640/0x640 [ 2374.265302] ? find_held_lock+0x36/0x1c0 [ 2374.269401] ? handle_mm_fault+0x42a/0xc70 [ 2374.273650] ? lock_downgrade+0x900/0x900 [ 2374.277822] ? check_preemption_disabled+0x48/0x280 [ 2374.282872] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2374.287814] ? kasan_check_read+0x11/0x20 [ 2374.291986] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2374.297315] ? rcu_softirq_qs+0x20/0x20 [ 2374.301316] ? trace_hardirqs_off_caller+0x310/0x310 [ 2374.306448] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2374.311999] ? check_preemption_disabled+0x48/0x280 [ 2374.312024] handle_mm_fault+0x54f/0xc70 [ 2374.312044] ? __handle_mm_fault+0x5be0/0x5be0 [ 2374.312065] ? find_vma+0x34/0x190 [ 2374.312086] __do_page_fault+0x5e8/0xe60 [ 2374.321153] ? trace_hardirqs_off+0xb8/0x310 [ 2374.321180] do_page_fault+0xf2/0x7e0 [ 2374.321198] ? vmalloc_sync_all+0x30/0x30 [ 2374.345705] ? error_entry+0x70/0xd0 [ 2374.349439] ? trace_hardirqs_off_caller+0xbb/0x310 08:15:52 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x8035000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2374.354467] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2374.359409] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2374.364364] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2374.369224] ? trace_hardirqs_on_caller+0x310/0x310 [ 2374.374254] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2374.379721] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2374.384758] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2374.389794] ? page_fault+0x8/0x30 [ 2374.393364] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2374.393384] ? page_fault+0x8/0x30 [ 2374.393400] page_fault+0x1e/0x30 [ 2374.393414] RIP: 0033:0x4510a0 [ 2374.393430] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2374.393439] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2374.393452] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2374.393462] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2374.393471] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2374.393481] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2374.393490] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2374.472005] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2374.476550] CPU: 0 PID: 21058 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2374.483922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2374.493291] Call Trace: [ 2374.495921] dump_stack+0x244/0x39d [ 2374.499576] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2374.504796] handle_userfault.cold.32+0x47/0x62 [ 2374.509498] ? userfaultfd_ioctl+0x5610/0x5610 [ 2374.514096] ? mark_held_locks+0x130/0x130 [ 2374.518360] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2374.523390] ? futex_wait_setup+0x266/0x3e0 [ 2374.527740] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2374.532953] ? userfaultfd_ctx_put+0x830/0x830 [ 2374.537557] ? futex_wait+0x5a1/0xa50 [ 2374.541386] ? print_usage_bug+0xc0/0xc0 [ 2374.545467] ? print_usage_bug+0xc0/0xc0 [ 2374.549546] ? print_usage_bug+0xc0/0xc0 [ 2374.549565] ? zap_class+0x640/0x640 [ 2374.549584] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2374.549599] ? futex_wake+0x304/0x760 [ 2374.549629] ? find_held_lock+0x36/0x1c0 [ 2374.566308] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2374.574955] ? lock_downgrade+0x900/0x900 [ 2374.579125] ? kasan_check_read+0x11/0x20 [ 2374.579141] ? do_raw_spin_unlock+0xa7/0x330 [ 2374.579157] ? do_raw_spin_trylock+0x270/0x270 [ 2374.579176] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2374.579201] __handle_mm_fault+0x4bbd/0x5be0 [ 2374.597967] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2374.597989] ? zap_class+0x640/0x640 [ 2374.598004] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2374.598025] ? kasan_check_read+0x11/0x20 [ 2374.620049] ? rcu_softirq_qs+0x20/0x20 [ 2374.624053] ? zap_class+0x640/0x640 [ 2374.627782] ? zap_class+0x640/0x640 [ 2374.631514] ? find_held_lock+0x36/0x1c0 [ 2374.635599] ? handle_mm_fault+0x42a/0xc70 [ 2374.639846] ? lock_downgrade+0x900/0x900 [ 2374.644015] ? check_preemption_disabled+0x48/0x280 [ 2374.649050] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2374.653991] ? kasan_check_read+0x11/0x20 [ 2374.654010] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2374.663421] ? rcu_softirq_qs+0x20/0x20 [ 2374.663438] ? trace_hardirqs_off_caller+0x310/0x310 [ 2374.663457] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2374.663478] ? check_preemption_disabled+0x48/0x280 [ 2374.683087] handle_mm_fault+0x54f/0xc70 [ 2374.687168] ? __handle_mm_fault+0x5be0/0x5be0 [ 2374.691772] ? find_vma+0x34/0x190 [ 2374.695357] __do_page_fault+0x5e8/0xe60 [ 2374.699433] ? trace_hardirqs_off+0xb8/0x310 [ 2374.703887] do_page_fault+0xf2/0x7e0 [ 2374.707705] ? vmalloc_sync_all+0x30/0x30 [ 2374.711872] ? error_entry+0x70/0xd0 [ 2374.715668] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2374.720731] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2374.725687] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2374.730635] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2374.735501] ? trace_hardirqs_on_caller+0x310/0x310 [ 2374.740542] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2374.746010] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2374.751043] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2374.756075] ? page_fault+0x8/0x30 08:15:52 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x8906000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:52 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x400000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:52 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_script(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f6365632300205c202f6465762f6365632300202576626f786e657430303a2e7b7472757374656473656c696e75786b657972696e670a1514e30c03497ae0c5c78b2ba8a1818e964c58dbf832467db7734d5683cae887889c8f4b9b3e5843e7600c7de68f2e58c7e9ee921b85886ea7da91ea2e286be60cb6371f52bc62327a996f34cf7cd08736045db0760938e867683086f3a74dce59028fe425ff6f9327643864912b4c4555a730704c69c0d9a21a52e36c36303bdba5dd8e8731fbd28b3f0553166aa2d483d65a89eea636023e118c152688e41e4f960f7be805f3384a8035de9781864e0000000000000000000000000000"], 0x104) select(0x40, &(0x7f0000000240)={0x8, 0x5, 0x3f, 0x6, 0x40, 0x0, 0x40, 0x1}, &(0x7f0000000280)={0x0, 0x0, 0x200, 0x3, 0x0, 0x40, 0x2, 0x9}, &(0x7f00000002c0)={0x8, 0x3, 0x4, 0x8, 0xa5, 0x7, 0x8000, 0x9}, &(0x7f0000000300)={0x0, 0x2710}) openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x440100, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f00000000c0)) close(r2) dup3(0xffffffffffffff9c, r1, 0x80000) ioctl$KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000340)={0x3, 0x0, [{}, {}, {}]}) 08:15:52 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f00000002c0)) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40) close(r1) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={0xffffffffffffff9c, 0x10, &(0x7f0000000180)={&(0x7f00000000c0)=""/140, 0x8c, 0x0}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=r2, 0x4) [ 2374.759630] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2374.764485] ? page_fault+0x8/0x30 [ 2374.768036] page_fault+0x1e/0x30 [ 2374.771496] RIP: 0033:0x4510a0 [ 2374.774704] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2374.782624] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2374.793624] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 08:15:52 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:52 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) write$binfmt_aout(r0, &(0x7f0000000140)={{0x10f, 0xfe13, 0x80, 0x398, 0x3cd, 0x9, 0x67, 0x2}, "5acd0c644882d39d294e8b5f6ff7488d931da57c5d7de2c86ee4042d8e2a07cee76751e970b8fc44a6acc9775bac17a77595fd9b3d7c815aad2c55970ac71624803a181fb5122d0297fec5b013fa9d42fc787f772499b7ebe909b385f7fa4771c81e28773c2f0eb5d075202d3ee5c4f5ad2aac49fb46d7f26fc250bbf374d1580aa612d9935dbd1c85b48efaeb2d0a1efec4ae5bcfdb5e1f434c91364afba468fb263a94deaa58c37a76caaf5953b1", [[], [], [], [], [], [], [], [], [], []]}, 0xacf) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x5, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = dup(r0) ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:15:52 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x300000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:52 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=0x0) syz_open_procfs(r1, &(0x7f0000000100)='net/if_inet6\x00') ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = dup2(r0, r2) setsockopt$inet_tcp_TLS_RX(r3, 0x6, 0x2, &(0x7f0000000040), 0x4) connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10) r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) 08:15:52 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0xfffffffffffffe57, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa862, 0x401}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) [ 2374.793637] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2374.793647] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2374.793657] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2374.793666] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2374.793676] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2374.941138] CPU: 0 PID: 21096 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2374.948543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2374.957903] Call Trace: [ 2374.960513] dump_stack+0x244/0x39d [ 2374.964181] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2374.969406] handle_userfault.cold.32+0x47/0x62 [ 2374.974101] ? userfaultfd_ioctl+0x5610/0x5610 [ 2374.978701] ? mark_held_locks+0x130/0x130 [ 2374.982949] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2374.987985] ? futex_wait_setup+0x266/0x3e0 [ 2374.992353] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2374.997560] ? userfaultfd_ctx_put+0x830/0x830 [ 2375.002154] ? futex_wait+0x5a1/0xa50 [ 2375.005974] ? print_usage_bug+0xc0/0xc0 [ 2375.010061] ? print_usage_bug+0xc0/0xc0 [ 2375.014146] ? print_usage_bug+0xc0/0xc0 [ 2375.018225] ? zap_class+0x640/0x640 [ 2375.021958] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2375.027074] ? futex_wake+0x304/0x760 [ 2375.030932] ? find_held_lock+0x36/0x1c0 [ 2375.035019] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2375.039616] ? lock_downgrade+0x900/0x900 [ 2375.043789] ? kasan_check_read+0x11/0x20 [ 2375.047958] ? do_raw_spin_unlock+0xa7/0x330 [ 2375.052386] ? do_raw_spin_trylock+0x270/0x270 [ 2375.056988] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2375.062642] __handle_mm_fault+0x4bbd/0x5be0 [ 2375.067116] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2375.071984] ? zap_class+0x640/0x640 [ 2375.071998] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2375.072014] ? kasan_check_read+0x11/0x20 [ 2375.072031] ? rcu_softirq_qs+0x20/0x20 [ 2375.088822] ? zap_class+0x640/0x640 [ 2375.092552] ? zap_class+0x640/0x640 [ 2375.096287] ? find_held_lock+0x36/0x1c0 [ 2375.100392] ? handle_mm_fault+0x42a/0xc70 [ 2375.104642] ? lock_downgrade+0x900/0x900 [ 2375.108805] ? check_preemption_disabled+0x48/0x280 [ 2375.113838] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2375.118787] ? kasan_check_read+0x11/0x20 [ 2375.122950] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2375.128239] ? rcu_softirq_qs+0x20/0x20 [ 2375.132231] ? trace_hardirqs_off_caller+0x310/0x310 [ 2375.137367] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2375.142923] ? check_preemption_disabled+0x48/0x280 [ 2375.147967] handle_mm_fault+0x54f/0xc70 [ 2375.152050] ? __handle_mm_fault+0x5be0/0x5be0 [ 2375.156650] ? find_vma+0x34/0x190 [ 2375.160209] __do_page_fault+0x5e8/0xe60 [ 2375.164281] ? trace_hardirqs_off+0xb8/0x310 [ 2375.168715] do_page_fault+0xf2/0x7e0 [ 2375.172531] ? vmalloc_sync_all+0x30/0x30 [ 2375.176694] ? error_entry+0x70/0xd0 [ 2375.180424] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2375.185455] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2375.190414] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2375.195370] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2375.200232] ? trace_hardirqs_on_caller+0x310/0x310 [ 2375.205261] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2375.210724] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2375.215760] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2375.220790] ? page_fault+0x8/0x30 [ 2375.224362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2375.229225] ? page_fault+0x8/0x30 [ 2375.233219] page_fault+0x1e/0x30 [ 2375.233232] RIP: 0033:0x4510a0 08:15:52 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x88a8ffff, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:52 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0xf000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:52 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x8, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:15:52 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x5c00, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2375.233249] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2375.233262] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2375.259612] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2375.259623] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2375.259632] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2375.259641] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2375.259657] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2375.303989] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2375.316864] CPU: 0 PID: 21116 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2375.324250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2375.333609] Call Trace: [ 2375.333636] dump_stack+0x244/0x39d 08:15:53 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x900000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:53 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x800000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:53 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KVM_GET_XSAVE(r1, 0x9000aea4, &(0x7f0000000140)) r2 = msgget$private(0x0, 0x0) msgrcv(r2, &(0x7f0000000000), 0x8, 0x3, 0x2000) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f0000000540)={0x0, {0x1, 0x101}}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) fstat(r0, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000e40)='./file0\x00', &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000f00)=0x0, &(0x7f0000000f40), &(0x7f0000000f80)) syz_mount_image$ext4(&(0x7f0000000580)='ext2\x00', &(0x7f00000005c0)='./file0\x00', 0xfbb4, 0xa, &(0x7f0000000cc0)=[{&(0x7f0000000600)="21a5bb7c1058fd538565925c23140bc5d624e1df18c98c0dbfe9c80049080938f3c781446c083c6e39c1becc33b5ebc9048be1ea55cd4c8bbac250f65851c35d9737501663f2bd15284ff637335998450a2d1a4f5b5b4ee88719bce39f3ff0e71a6b1c99e35c669d70b5ab93ecb190ab7679d38dd6d533cac461dded14949bc456ecca", 0x83, 0x7}, {&(0x7f00000006c0)="932750ecdda8e647373f8ff12ba17a3a82c82b445380f53e622bf63337446753312e1f87b38e8649db5fa4c8e671eda92f1c1239cabd0b29b21c5736a3fc1af4ba5abe8dbb7e24579bd78b60", 0x4c, 0x2}, {&(0x7f0000000740)="d47f687329d5ca3a224f026eb71b551a200da8dc5f2aaa605602ae2323a1d75ab13810e4cd701c47c277f8c3dca0603ed3cb227d5e0f6ad6dd65619b0739308571a06b35cd6c6f73366e096b3dcc90", 0x4f, 0x7}, {&(0x7f00000007c0)="4f2bd45926dff2be0272e07e6225b0a38860ebcbe7c93744aaa484a65b685f4d75979e0bdcca3a7df8ce311f495804ca5c4cd4dbc60d21d1a8cca8f275de14b28e620285ddd99fc3616361d1bde95c3dc83b00817dc60a39cf5cd6e456b7cabe22178dbef742e40ab0ad057ad8941352563e549f86715699a10b78d689caf0e2ca271d6dcb2311abf5a9965162e7dafb70c1fd3e19f5ac1f70111b11df0fc7bc97fbbefe26d36c99f31aa55b125f526ae4887bc9e402a868883747bf055b37e74dcea66d9124f34b2ae2beb0077886", 0xcf, 0x5}, {&(0x7f00000008c0)="77c798a481df4570b5298cbcbc152833afe584211545ad3df6c78733fd32f3f810a9e3e8836a8e00eacb454fc2119bca1edf6508cc5f28dd04fcd30c959fd941cedba49126da1c16432fd51a149a5ed2ba2f7b434d08c80023db5dcd94f190425d96a00ddaf7f56d3ae4e325d8e19ab0d5211ab0d5e1e63d5f581f979f70be9f986bf7174e2ad548cb469396888c3c40160191211f347c8e07e12115d4a2e646381b3e09464b8405af63adb18c3c27a02d3938e1fc5ff0f5e68ac6278dbade81cfa597a63941c8dbbb68d145f5c7027bd29a3404ade067cbd9d4a343186c85", 0xdf, 0x40}, {&(0x7f00000009c0)="9792f9d6b41d431f857194cd8bc7b544bd63de8005ebd4e455226ab1964c365154e5b10039c4841f0f93dad16e3eeb6f23d180c360b82f1ded0aa311dd946905d8cd52e70f548a214abbf8b768ecddb7d6b406689fc47f53e5", 0x59}, {&(0x7f0000000a40)="af5c290f44c2fd", 0x7, 0x10000}, {&(0x7f0000000a80)="607697920d5e3b731a6d4e0f6f85270f8eb13b32f68d977c8d1c12ae452dc3daa9571a93e14cd77c668f48bd0ca7040caf84f3f1c550b15d9bded895b14f86eb53a77f616f557384c0a515c87b9cdbdb7c78c020b16d21c431ea6f288fa489d00baf828d53494872d506e1d4713e05a775edc8ac6b947e453008f978f72a241983a3d1c7728e0d", 0x87, 0x89}, {&(0x7f0000000b40)="fceb30010faf697e1741ef59d1e256acedd04d753b8e9ab9277d0ca31591a627888bfbeed10ee6904acc0003f834114cc4a7af3e52b9303f80a5f6e34d4db22bbacc3fc1878c9cb6e124486ceff3bc6fbd56ceb0f357328ad2f340776e47149e2382acd530e8739e1055b8361eedc2943f02afc085243ac57b49b7350fa77313131d32adbb400e21f73c", 0x8a, 0x3}, {&(0x7f0000000c00)="c2af6d26ee9e415f76a07c3c46178f1ff81a2b2fab6bb7e26f5ca7e5e9ac01dfbc1a93ca071e8c012c04b2b1c893b5c06ebc1ac0420fa2ff04f21e907bc0b6394a0db2b1f4cab7653fc4671efcde6eb331886428031f698c86dcc2bbae9e5dc70c8c396b0a2cea3d4757234e3ff66bad1a2b5e03b3a40e45c4163e65929f13ac11c0d2e856e885bc21883aded691b9599f5d899ddbbcd3", 0x97, 0x10000}], 0x100000, &(0x7f0000000fc0)={[{@nouid32='nouid32'}, {@debug='debug'}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@quota='quota'}, {@noauto_da_alloc='noauto_da_alloc'}, {@resuid={'resuid', 0x3d, r3}}, {@jqfmt_vfsv0='jqfmt=vfsv0'}], [{@euid_lt={'euid<', r4}}, {@seclabel='seclabel'}, {@euid_lt={'euid<', r5}}]}) ioctl$sock_inet_SIOCGIFPFLAGS(r1, 0x8935, &(0x7f00000000c0)={'bcsh0\x00', 0x3}) [ 2375.333669] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2375.339885] handle_userfault.cold.32+0x47/0x62 [ 2375.349733] ? userfaultfd_ioctl+0x5610/0x5610 [ 2375.354352] ? mark_held_locks+0x130/0x130 [ 2375.358647] ? find_held_lock+0x36/0x1c0 [ 2375.362906] ? userfaultfd_ctx_put+0x830/0x830 [ 2375.367515] ? kasan_check_read+0x11/0x20 [ 2375.371702] ? print_usage_bug+0xc0/0xc0 [ 2375.375782] ? do_raw_spin_trylock+0x270/0x270 [ 2375.380376] ? print_usage_bug+0xc0/0xc0 [ 2375.384455] ? print_usage_bug+0xc0/0xc0 [ 2375.388534] ? zap_class+0x640/0x640 [ 2375.392268] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2375.397390] ? futex_wake+0x304/0x760 [ 2375.401220] ? find_held_lock+0x36/0x1c0 [ 2375.405305] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2375.409918] ? lock_downgrade+0x900/0x900 [ 2375.414087] ? kasan_check_read+0x11/0x20 [ 2375.418256] ? do_raw_spin_unlock+0xa7/0x330 [ 2375.422680] ? do_raw_spin_trylock+0x270/0x270 [ 2375.427288] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2375.432956] __handle_mm_fault+0x4bbd/0x5be0 [ 2375.437387] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2375.437408] ? zap_class+0x640/0x640 [ 2375.437423] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2375.437438] ? kasan_check_read+0x11/0x20 [ 2375.437456] ? rcu_softirq_qs+0x20/0x20 [ 2375.446034] ? zap_class+0x640/0x640 [ 2375.446050] ? zap_class+0x640/0x640 [ 2375.446072] ? find_held_lock+0x36/0x1c0 [ 2375.446097] ? handle_mm_fault+0x42a/0xc70 [ 2375.474873] ? lock_downgrade+0x900/0x900 [ 2375.475678] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2375.479054] ? check_preemption_disabled+0x48/0x280 [ 2375.479075] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2375.479090] ? kasan_check_read+0x11/0x20 [ 2375.479125] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2375.502987] ? rcu_softirq_qs+0x20/0x20 [ 2375.506984] ? trace_hardirqs_off_caller+0x310/0x310 [ 2375.512103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2375.517653] ? check_preemption_disabled+0x48/0x280 [ 2375.522690] handle_mm_fault+0x54f/0xc70 [ 2375.526764] ? __handle_mm_fault+0x5be0/0x5be0 [ 2375.531388] ? find_vma+0x34/0x190 [ 2375.534947] __do_page_fault+0x5e8/0xe60 [ 2375.539020] ? trace_hardirqs_off+0xb8/0x310 [ 2375.543454] do_page_fault+0xf2/0x7e0 [ 2375.547271] ? vmalloc_sync_all+0x30/0x30 [ 2375.551429] ? error_entry+0x70/0xd0 [ 2375.555156] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2375.560186] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2375.565127] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2375.570071] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2375.574928] ? trace_hardirqs_on_caller+0x310/0x310 [ 2375.579967] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2375.585427] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2375.590462] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2375.595486] ? page_fault+0x8/0x30 [ 2375.599051] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2375.603914] ? page_fault+0x8/0x30 [ 2375.607469] page_fault+0x1e/0x30 [ 2375.610926] RIP: 0033:0x4510a0 [ 2375.614133] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2375.633043] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2375.638415] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2375.645695] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2375.652974] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2375.660247] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2375.667526] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2375.674838] CPU: 1 PID: 21144 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2375.682227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2375.691591] Call Trace: [ 2375.694196] dump_stack+0x244/0x39d [ 2375.694219] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2375.694246] handle_userfault.cold.32+0x47/0x62 [ 2375.703063] ? userfaultfd_ioctl+0x5610/0x5610 [ 2375.703082] ? mark_held_locks+0x130/0x130 [ 2375.703103] ? find_held_lock+0x36/0x1c0 [ 2375.703130] ? userfaultfd_ctx_put+0x830/0x830 [ 2375.725232] ? kasan_check_read+0x11/0x20 [ 2375.729393] ? print_usage_bug+0xc0/0xc0 [ 2375.733446] ? do_raw_spin_trylock+0x270/0x270 [ 2375.738018] ? print_usage_bug+0xc0/0xc0 [ 2375.742071] ? print_usage_bug+0xc0/0xc0 [ 2375.746133] ? zap_class+0x640/0x640 [ 2375.749850] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2375.754943] ? futex_wake+0x304/0x760 [ 2375.758740] ? find_held_lock+0x36/0x1c0 [ 2375.762799] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2375.767414] ? lock_downgrade+0x900/0x900 [ 2375.771584] ? kasan_check_read+0x11/0x20 [ 2375.775721] ? do_raw_spin_unlock+0xa7/0x330 [ 2375.780155] ? do_raw_spin_trylock+0x270/0x270 [ 2375.784727] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2375.790354] __handle_mm_fault+0x4bbd/0x5be0 [ 2375.794762] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2375.799593] ? zap_class+0x640/0x640 [ 2375.803295] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2375.808221] ? kasan_check_read+0x11/0x20 [ 2375.812360] ? rcu_softirq_qs+0x20/0x20 [ 2375.816339] ? zap_class+0x640/0x640 [ 2375.820055] ? zap_class+0x640/0x640 [ 2375.823771] ? find_held_lock+0x36/0x1c0 [ 2375.827845] ? handle_mm_fault+0x42a/0xc70 [ 2375.832088] ? lock_downgrade+0x900/0x900 [ 2375.836247] ? check_preemption_disabled+0x48/0x280 [ 2375.841268] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2375.846199] ? kasan_check_read+0x11/0x20 [ 2375.850353] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2375.855621] ? rcu_softirq_qs+0x20/0x20 [ 2375.859589] ? trace_hardirqs_off_caller+0x310/0x310 [ 2375.864685] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2375.870210] ? check_preemption_disabled+0x48/0x280 [ 2375.875219] handle_mm_fault+0x54f/0xc70 [ 2375.879283] ? __handle_mm_fault+0x5be0/0x5be0 [ 2375.883882] ? find_vma+0x34/0x190 [ 2375.887418] __do_page_fault+0x5e8/0xe60 [ 2375.891469] ? trace_hardirqs_off+0xb8/0x310 [ 2375.895871] do_page_fault+0xf2/0x7e0 [ 2375.899665] ? vmalloc_sync_all+0x30/0x30 [ 2375.903802] ? error_entry+0x70/0xd0 [ 2375.907505] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2375.912508] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2375.917451] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2375.922386] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2375.927218] ? trace_hardirqs_on_caller+0x310/0x310 [ 2375.932222] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2375.937672] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2375.942678] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2375.947701] ? page_fault+0x8/0x30 [ 2375.951242] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2375.956106] ? page_fault+0x8/0x30 [ 2375.959639] page_fault+0x1e/0x30 [ 2375.963081] RIP: 0033:0x4510a0 [ 2375.966265] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2375.985155] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 08:15:53 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#H', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:53 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x400000, 0x0) 08:15:53 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x80, 0x0, 0x2000000000000, 0x0, 0x0, 0x4, 0x40000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 08:15:53 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x400000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:53 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x5000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2375.990503] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2375.997759] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2376.005015] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2376.012275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2376.019532] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:15:53 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x7, &(0x7f0000000180)="cfbb022f0bb9f2903a2abf03fee500") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:15:53 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x43050000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:54 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={r0}) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x4e20, @rand_addr=0x9}, @in={0x2, 0x4e24, @local}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e20, @empty}], 0x40) 08:15:54 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0xa000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:54 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:15:54 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x189000, 0x0) setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000080)=0xe7, 0x2) fcntl$setsig(r0, 0xa, 0x26) close(r1) 08:15:54 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) io_setup(0x100000000, &(0x7f0000000000)=0x0) io_pgetevents(r1, 0x6, 0x7, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000040), &(0x7f0000000240)={&(0x7f00000000c0)={0x4}, 0x8}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:15:54 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:54 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x81000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:54 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6800000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:54 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x6e, 0x400000) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000080)={0x7, 0x0, 0x3, 0x8, 0x0}, &(0x7f00000000c0)=0x10) getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000140)={'nat\x00'}, &(0x7f00000001c0)=0x54) ioctl$KVM_PPC_GET_PVINFO(r2, 0x4080aea1, &(0x7f00000003c0)=""/218) setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000100)={r3, 0x100000001, 0x7fffffff, 0x100, 0xbe, 0xffffffff}, 0x14) ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205649, &(0x7f0000000540)={0x9d0000, 0x625, 0x1, [], &(0x7f0000000500)={0xbf093f, 0xba8d, [], @p_u8=&(0x7f00000004c0)=0xa2}}) close(r1) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000280)={{{@in=@loopback, @in=@broadcast}}, {{}, 0x0, @in=@broadcast}}, &(0x7f0000000380)=0xe8) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/attr/current\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000240)=0xce9, 0x4) 08:15:54 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1, 0x0) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000080)={0x3, 0xffffffffffffff9c}) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {&(0x7f0000000100)={0xffffffffffffffff}, 0x2, {0xa, 0x4e22, 0x6, @ipv4={[], [], @remote}, 0x2}}}, 0x38) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f00000000c0), r3}}, 0x18) close(r2) 08:15:54 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x4000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:54 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:54 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x80, 0x0) ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000180)) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000280)={0x2, 0x20, [{0x95, 0x0, 0x1}, {0x8, 0x0, 0xff}]}) close(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10000, 0x80) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000080)={0x0, 0x80000, 0xffffffffffffff9c}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r5 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x0, 0x204000) ioctl$BLKRESETZONE(r5, 0x40101283, &(0x7f0000000100)={0x4, 0x1ff}) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f00000001c0)='./file0\x00', r8, r9) lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000940)={{}, {}, [{}], {}, [{0x8, 0x2, r9}, {0x8, 0x2, r9}, {0x8, 0x0, r9}, {0x8, 0x2, r9}, {0x8, 0x4, r9}], {0x10, 0x2}, {0x20, 0x1}}, 0x54, 0x1) chdir(&(0x7f0000000540)='./file0\x00') symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f00000007c0)='./file0\x00') r10 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x101001, 0x0) perf_event_open(&(0x7f0000000380)={0x3, 0x70, 0xffffffffffffffe0, 0x1, 0x7ff, 0x29bc61e, 0x0, 0x6481c43d, 0xa000, 0x2, 0x0, 0x8, 0x401, 0xb35, 0xfff, 0x100000001, 0xffffffff, 0x8, 0xfffffffffffffff9, 0x6, 0x9, 0x9, 0x8a, 0x2, 0xd73a, 0x382, 0x39cf, 0x0, 0x8001, 0x1, 0x10001, 0x7, 0x7fff, 0x400, 0x4, 0x1, 0xff, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x61}, 0x8100, 0x1, 0xbd, 0x7, 0x2, 0x6, 0x8000}, r7, 0x0, r10, 0xb) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f00000008c0), 0xffffffffffffffff) lstat(&(0x7f0000000600)='./file0/file0\x00', &(0x7f0000000680)) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r10, 0x84, 0x12, &(0x7f0000000240), &(0x7f0000000440)=0x4) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r3, 0x80000, r4}) 08:15:54 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x7a00000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:54 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x500, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:54 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_CROPCAP(r1, 0xc02c563a, &(0x7f0000000040)={0xb, {0x1, 0x1, 0x10001}, {0x400, 0x7fff, 0x9, 0x2}, {0x6, 0x3ff}}) 08:15:54 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:54 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x8, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:54 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x2000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:54 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x4200, 0x0) write$vnet(r1, &(0x7f0000000240)={0x1, {&(0x7f0000000080)=""/163, 0xa3, &(0x7f0000000200)=""/54, 0x3, 0x2}}, 0xfffffffffffffda1) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) 08:15:54 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x700000000000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2376.894765] handle_userfault: 8 callbacks suppressed [ 2376.894774] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2376.897238] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2376.900623] CPU: 0 PID: 21254 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2376.916305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2376.925678] Call Trace: [ 2376.928286] dump_stack+0x244/0x39d [ 2376.931949] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2376.931978] handle_userfault.cold.32+0x47/0x62 [ 2376.932005] ? userfaultfd_ioctl+0x5610/0x5610 [ 2376.941848] ? mark_held_locks+0x130/0x130 [ 2376.941866] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2376.941887] ? futex_wait_setup+0x266/0x3e0 [ 2376.965840] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2376.971054] ? userfaultfd_ctx_put+0x830/0x830 [ 2376.975659] ? futex_wait+0x5a1/0xa50 [ 2376.979488] ? print_usage_bug+0xc0/0xc0 [ 2376.983566] ? print_usage_bug+0xc0/0xc0 [ 2376.987640] ? print_usage_bug+0xc0/0xc0 [ 2376.991715] ? zap_class+0x640/0x640 [ 2376.995443] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2377.000553] ? futex_wake+0x304/0x760 [ 2377.004385] ? find_held_lock+0x36/0x1c0 [ 2377.008473] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2377.013067] ? lock_downgrade+0x900/0x900 [ 2377.017300] ? kasan_check_read+0x11/0x20 [ 2377.021569] ? do_raw_spin_unlock+0xa7/0x330 [ 2377.025990] ? do_raw_spin_trylock+0x270/0x270 [ 2377.030585] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2377.036231] __handle_mm_fault+0x4bbd/0x5be0 [ 2377.040659] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2377.045513] ? zap_class+0x640/0x640 [ 2377.049232] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2377.054171] ? kasan_check_read+0x11/0x20 [ 2377.058353] ? rcu_softirq_qs+0x20/0x20 [ 2377.062367] ? zap_class+0x640/0x640 [ 2377.066091] ? zap_class+0x640/0x640 [ 2377.069821] ? find_held_lock+0x36/0x1c0 [ 2377.073905] ? handle_mm_fault+0x42a/0xc70 [ 2377.078152] ? lock_downgrade+0x900/0x900 [ 2377.082311] ? check_preemption_disabled+0x48/0x280 [ 2377.087363] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2377.092311] ? kasan_check_read+0x11/0x20 [ 2377.096480] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2377.101784] ? rcu_softirq_qs+0x20/0x20 [ 2377.105772] ? trace_hardirqs_off_caller+0x310/0x310 [ 2377.110890] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2377.116441] ? check_preemption_disabled+0x48/0x280 [ 2377.121479] handle_mm_fault+0x54f/0xc70 [ 2377.125556] ? __handle_mm_fault+0x5be0/0x5be0 [ 2377.130154] ? find_vma+0x34/0x190 [ 2377.133710] __do_page_fault+0x5e8/0xe60 [ 2377.137780] ? trace_hardirqs_off+0xb8/0x310 [ 2377.142205] do_page_fault+0xf2/0x7e0 [ 2377.146016] ? vmalloc_sync_all+0x30/0x30 [ 2377.150180] ? error_entry+0x70/0xd0 [ 2377.153907] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2377.158929] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2377.163870] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2377.168806] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2377.173656] ? trace_hardirqs_on_caller+0x310/0x310 [ 2377.178679] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2377.184137] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2377.189162] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2377.194187] ? page_fault+0x8/0x30 [ 2377.197739] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2377.202595] ? page_fault+0x8/0x30 [ 2377.206148] page_fault+0x1e/0x30 [ 2377.209610] RIP: 0033:0x4510a0 [ 2377.212811] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2377.232180] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2377.237547] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2377.244819] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2377.252096] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2377.259374] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2377.266648] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2377.273949] CPU: 1 PID: 21255 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2377.281339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2377.290699] Call Trace: [ 2377.293309] dump_stack+0x244/0x39d [ 2377.296969] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2377.302192] handle_userfault.cold.32+0x47/0x62 [ 2377.306894] ? userfaultfd_ioctl+0x5610/0x5610 [ 2377.311494] ? mark_held_locks+0x130/0x130 [ 2377.315747] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2377.320791] ? futex_wait_setup+0x266/0x3e0 [ 2377.325137] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2377.325158] ? userfaultfd_ctx_put+0x830/0x830 [ 2377.325173] ? futex_wait+0x5a1/0xa50 [ 2377.325196] ? print_usage_bug+0xc0/0xc0 [ 2377.334963] ? print_usage_bug+0xc0/0xc0 [ 2377.334984] ? print_usage_bug+0xc0/0xc0 [ 2377.335002] ? zap_class+0x640/0x640 [ 2377.335020] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2377.335036] ? futex_wake+0x304/0x760 [ 2377.335064] ? find_held_lock+0x36/0x1c0 [ 2377.335092] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2377.335111] ? lock_downgrade+0x900/0x900 [ 2377.351082] ? kasan_check_read+0x11/0x20 [ 2377.359882] ? do_raw_spin_unlock+0xa7/0x330 [ 2377.359899] ? do_raw_spin_trylock+0x270/0x270 [ 2377.359919] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2377.359950] __handle_mm_fault+0x4bbd/0x5be0 [ 2377.391977] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2377.395424] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2377.395446] ? zap_class+0x640/0x640 [ 2377.395460] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2377.395481] ? kasan_check_read+0x11/0x20 [ 2377.421996] ? rcu_softirq_qs+0x20/0x20 [ 2377.425992] ? zap_class+0x640/0x640 [ 2377.429713] ? zap_class+0x640/0x640 [ 2377.433457] ? find_held_lock+0x36/0x1c0 [ 2377.437539] ? handle_mm_fault+0x42a/0xc70 [ 2377.441785] ? lock_downgrade+0x900/0x900 [ 2377.445953] ? check_preemption_disabled+0x48/0x280 [ 2377.450986] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2377.455929] ? kasan_check_read+0x11/0x20 [ 2377.460092] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2377.465386] ? rcu_softirq_qs+0x20/0x20 [ 2377.469371] ? trace_hardirqs_off_caller+0x310/0x310 [ 2377.474486] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2377.480034] ? check_preemption_disabled+0x48/0x280 [ 2377.485071] handle_mm_fault+0x54f/0xc70 [ 2377.489148] ? __handle_mm_fault+0x5be0/0x5be0 [ 2377.493757] ? find_vma+0x34/0x190 [ 2377.497312] __do_page_fault+0x5e8/0xe60 [ 2377.501393] ? trace_hardirqs_off+0xb8/0x310 [ 2377.505821] do_page_fault+0xf2/0x7e0 [ 2377.509641] ? vmalloc_sync_all+0x30/0x30 [ 2377.513800] ? error_entry+0x70/0xd0 [ 2377.517548] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2377.522574] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2377.527514] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2377.532452] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2377.537306] ? trace_hardirqs_on_caller+0x310/0x310 [ 2377.542352] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2377.547815] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2377.552863] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2377.557892] ? page_fault+0x8/0x30 [ 2377.561449] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2377.566305] ? page_fault+0x8/0x30 [ 2377.569879] page_fault+0x1e/0x30 [ 2377.573349] RIP: 0033:0x4510a0 [ 2377.576559] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2377.595476] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2377.600863] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2377.608138] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2377.615420] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2377.622699] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2377.629981] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2377.637286] CPU: 0 PID: 21264 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2377.644694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2377.654053] Call Trace: [ 2377.656654] dump_stack+0x244/0x39d [ 2377.660301] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2377.665524] handle_userfault.cold.32+0x47/0x62 [ 2377.670188] ? userfaultfd_ioctl+0x5610/0x5610 [ 2377.674758] ? mark_held_locks+0x130/0x130 [ 2377.678981] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2377.684016] ? futex_wait_setup+0x266/0x3e0 [ 2377.688341] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2377.693524] ? userfaultfd_ctx_put+0x830/0x830 [ 2377.698089] ? futex_wait+0x5a1/0xa50 [ 2377.701894] ? print_usage_bug+0xc0/0xc0 [ 2377.705941] ? print_usage_bug+0xc0/0xc0 [ 2377.709993] ? print_usage_bug+0xc0/0xc0 [ 2377.714043] ? zap_class+0x640/0x640 [ 2377.717746] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2377.722839] ? futex_wake+0x304/0x760 [ 2377.726664] ? find_held_lock+0x36/0x1c0 [ 2377.730720] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2377.735290] ? lock_downgrade+0x900/0x900 [ 2377.739432] ? kasan_check_read+0x11/0x20 [ 2377.743568] ? do_raw_spin_unlock+0xa7/0x330 [ 2377.747965] ? do_raw_spin_trylock+0x270/0x270 [ 2377.752540] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2377.758158] __handle_mm_fault+0x4bbd/0x5be0 [ 2377.762559] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2377.767388] ? zap_class+0x640/0x640 [ 2377.771085] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2377.776000] ? kasan_check_read+0x11/0x20 [ 2377.780136] ? rcu_softirq_qs+0x20/0x20 [ 2377.784104] ? zap_class+0x640/0x640 [ 2377.787805] ? zap_class+0x640/0x640 [ 2377.791506] ? find_held_lock+0x36/0x1c0 [ 2377.795558] ? handle_mm_fault+0x42a/0xc70 [ 2377.799779] ? lock_downgrade+0x900/0x900 [ 2377.803917] ? check_preemption_disabled+0x48/0x280 [ 2377.808918] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2377.813836] ? kasan_check_read+0x11/0x20 [ 2377.817988] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2377.823253] ? rcu_softirq_qs+0x20/0x20 [ 2377.827233] ? trace_hardirqs_off_caller+0x310/0x310 [ 2377.832339] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2377.837868] ? check_preemption_disabled+0x48/0x280 [ 2377.843060] handle_mm_fault+0x54f/0xc70 [ 2377.847110] ? __handle_mm_fault+0x5be0/0x5be0 [ 2377.851694] ? find_vma+0x34/0x190 [ 2377.855225] __do_page_fault+0x5e8/0xe60 [ 2377.859352] ? trace_hardirqs_off+0xb8/0x310 [ 2377.863757] do_page_fault+0xf2/0x7e0 [ 2377.867546] ? vmalloc_sync_all+0x30/0x30 [ 2377.871680] ? error_entry+0x70/0xd0 [ 2377.875381] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2377.880384] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2377.885301] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2377.890225] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2377.895069] ? trace_hardirqs_on_caller+0x310/0x310 [ 2377.900072] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2377.905509] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2377.910513] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 2377.917165] ? __switch_to_asm+0x40/0x70 [ 2377.921216] ? page_fault+0x8/0x30 [ 2377.924747] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2377.929576] ? page_fault+0x8/0x30 [ 2377.933103] page_fault+0x1e/0x30 [ 2377.936540] RIP: 0033:0x4510a0 [ 2377.939722] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2377.958621] RSP: 002b:00007efdea14d7a8 EFLAGS: 00010202 [ 2377.963969] RAX: 00007efdea14d850 RBX: 0000000000000003 RCX: 000000000000000e [ 2377.971223] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea14d850 [ 2377.978475] RBP: 000000000072bfa0 R08: 00000000000003ff R09: 0000000000000000 [ 2377.985729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea14e6d4 [ 2377.992986] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:15:55 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:15:55 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x1, 0x0) getsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000040), &(0x7f00000000c0)=0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:15:55 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x5c000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:55 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x80440) name_to_handle_at(r0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="9b00000033a50000a8e2240fc77a072cfb22e6fb62c90deef74ef2840f1809185cd3ba07e4bc315cf543d501e39a8211ef77e73668ccb83c8e7831cabda55f464aebe8976a432435e4ae377e144118d421054489d83802fcf99f37eabae530bd086a48456fc55a7dc8c62c37fcec759b6226df8d7cfb9126ea173728fd5edf84ecf80f71a82c83419d0deb99b36ce62c98f6000000000000000000"], &(0x7f0000000180), 0x400) ioctl$KDGETLED(r0, 0x4b31, &(0x7f00000001c0)) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:15:55 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)="2f6465762f696e7075742f6576656e742306", 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:55 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6c000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:55 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x4000000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:55 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x2000000000009, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x4e21, @remote}], 0x10) close(r1) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x1, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x4, 0xffffffff}) [ 2378.154344] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2378.156680] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2378.158910] CPU: 0 PID: 21285 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2378.158921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2378.158934] Call Trace: [ 2378.182734] dump_stack+0x244/0x39d [ 2378.186382] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2378.191600] handle_userfault.cold.32+0x47/0x62 [ 2378.196295] ? userfaultfd_ioctl+0x5610/0x5610 [ 2378.200911] ? mark_held_locks+0x130/0x130 [ 2378.205163] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2378.210192] ? futex_wait_setup+0x266/0x3e0 [ 2378.214542] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2378.219751] ? userfaultfd_ctx_put+0x830/0x830 [ 2378.224367] ? futex_wait+0x5a1/0xa50 [ 2378.228193] ? print_usage_bug+0xc0/0xc0 [ 2378.232268] ? print_usage_bug+0xc0/0xc0 [ 2378.236367] ? print_usage_bug+0xc0/0xc0 [ 2378.240445] ? zap_class+0x640/0x640 [ 2378.244171] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2378.249283] ? futex_wake+0x304/0x760 [ 2378.253106] ? find_held_lock+0x36/0x1c0 [ 2378.257195] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2378.261790] ? lock_downgrade+0x900/0x900 [ 2378.265963] ? kasan_check_read+0x11/0x20 [ 2378.270131] ? do_raw_spin_unlock+0xa7/0x330 [ 2378.274557] ? do_raw_spin_trylock+0x270/0x270 [ 2378.279156] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2378.284801] __handle_mm_fault+0x4bbd/0x5be0 [ 2378.289231] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2378.294092] ? zap_class+0x640/0x640 [ 2378.297819] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2378.302758] ? kasan_check_read+0x11/0x20 [ 2378.306919] ? rcu_softirq_qs+0x20/0x20 [ 2378.310915] ? zap_class+0x640/0x640 [ 2378.314646] ? zap_class+0x640/0x640 [ 2378.318387] ? find_held_lock+0x36/0x1c0 [ 2378.322471] ? handle_mm_fault+0x42a/0xc70 [ 2378.326725] ? lock_downgrade+0x900/0x900 [ 2378.330886] ? check_preemption_disabled+0x48/0x280 [ 2378.335922] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2378.340868] ? kasan_check_read+0x11/0x20 [ 2378.345024] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2378.350319] ? rcu_softirq_qs+0x20/0x20 [ 2378.354332] ? trace_hardirqs_off_caller+0x310/0x310 [ 2378.359463] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2378.365013] ? check_preemption_disabled+0x48/0x280 [ 2378.370046] handle_mm_fault+0x54f/0xc70 [ 2378.374125] ? __handle_mm_fault+0x5be0/0x5be0 [ 2378.378723] ? find_vma+0x34/0x190 [ 2378.382277] __do_page_fault+0x5e8/0xe60 [ 2378.386362] ? trace_hardirqs_off+0xb8/0x310 [ 2378.390796] do_page_fault+0xf2/0x7e0 [ 2378.394615] ? vmalloc_sync_all+0x30/0x30 [ 2378.398773] ? error_entry+0x70/0xd0 [ 2378.402499] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2378.407533] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2378.412473] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2378.417411] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2378.422270] ? trace_hardirqs_on_caller+0x310/0x310 [ 2378.427303] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2378.432786] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2378.437818] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2378.442847] ? page_fault+0x8/0x30 [ 2378.446403] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2378.451262] ? page_fault+0x8/0x30 [ 2378.454818] page_fault+0x1e/0x30 [ 2378.458278] RIP: 0033:0x4510a0 [ 2378.461488] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2378.480400] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2378.485769] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2378.493045] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2378.500340] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2378.507622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2378.514901] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2378.522239] CPU: 1 PID: 21287 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2378.529630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2378.529641] Call Trace: [ 2378.541591] dump_stack+0x244/0x39d [ 2378.545240] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2378.550458] handle_userfault.cold.32+0x47/0x62 [ 2378.555152] ? userfaultfd_ioctl+0x5610/0x5610 [ 2378.559757] ? mark_held_locks+0x130/0x130 [ 2378.564005] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2378.564021] ? futex_wait_setup+0x266/0x3e0 [ 2378.564049] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2378.564068] ? userfaultfd_ctx_put+0x830/0x830 [ 2378.573404] ? futex_wait+0x5a1/0xa50 [ 2378.573426] ? print_usage_bug+0xc0/0xc0 [ 2378.573443] ? print_usage_bug+0xc0/0xc0 [ 2378.573463] ? print_usage_bug+0xc0/0xc0 [ 2378.599193] ? zap_class+0x640/0x640 08:15:56 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:15:56 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.selinux\x00', &(0x7f00000000c0)='u:object_r:app_data_file:s0:c512,c768\x00', 0x26, 0x2) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:15:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000040)='y\x00', 0x2, 0x2) fsetxattr$trusted_overlay_opaque(r0, &(0x7f00000002c0)='trusted.overlay.opaque\x00', &(0x7f0000000300)='y\x00', 0x2, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000500)={{{@in=@multicast2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@dev}}, &(0x7f0000000600)=0xe8) fsetxattr$system_posix_acl(r1, &(0x7f00000004c0)='system.posix_acl_access\x00', &(0x7f0000000640)={{}, {0x1, 0x4}, [{0x2, 0x4, r2}], {0x4, 0x4}, [], {0x10, 0x4}, {0x20, 0x4}}, 0x2c, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000340)='/dev/snd/pcmC#D#c\x00', 0x610, 0x1) ioctl$EVIOCSABS0(r3, 0x401845c0, &(0x7f0000000380)={0x6f887220, 0x6, 0xff, 0xbfe0, 0xf3f6, 0x9}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000080)={0x5, 0x6, 0x928, 0xfffffffffffffffe, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}]}) llistxattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/180, 0xb4) ioctl$VIDIOC_CROPCAP(r3, 0xc02c563a, &(0x7f0000000680)={0x0, {0x6, 0x97, 0x4, 0x81}, {0x4, 0x0, 0x8, 0x7}, {0x5, 0x1}}) [ 2378.599211] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2378.599229] ? futex_wake+0x304/0x760 [ 2378.611862] ? find_held_lock+0x36/0x1c0 [ 2378.615951] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2378.620558] ? lock_downgrade+0x900/0x900 [ 2378.624735] ? kasan_check_read+0x11/0x20 [ 2378.628905] ? do_raw_spin_unlock+0xa7/0x330 [ 2378.633345] ? do_raw_spin_trylock+0x270/0x270 [ 2378.637952] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2378.643607] __handle_mm_fault+0x4bbd/0x5be0 [ 2378.648042] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2378.652906] ? zap_class+0x640/0x640 [ 2378.656639] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2378.661583] ? kasan_check_read+0x11/0x20 [ 2378.665747] ? rcu_softirq_qs+0x20/0x20 [ 2378.669748] ? zap_class+0x640/0x640 [ 2378.673481] ? zap_class+0x640/0x640 [ 2378.677218] ? find_held_lock+0x36/0x1c0 [ 2378.681298] ? handle_mm_fault+0x42a/0xc70 [ 2378.685553] ? lock_downgrade+0x900/0x900 [ 2378.689721] ? check_preemption_disabled+0x48/0x280 [ 2378.694756] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2378.699701] ? kasan_check_read+0x11/0x20 [ 2378.703872] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2378.709168] ? rcu_softirq_qs+0x20/0x20 [ 2378.713161] ? trace_hardirqs_off_caller+0x310/0x310 [ 2378.718277] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2378.723833] ? check_preemption_disabled+0x48/0x280 [ 2378.728881] handle_mm_fault+0x54f/0xc70 [ 2378.732956] ? __handle_mm_fault+0x5be0/0x5be0 [ 2378.737561] ? find_vma+0x34/0x190 [ 2378.741123] __do_page_fault+0x5e8/0xe60 [ 2378.745195] ? trace_hardirqs_off+0xb8/0x310 [ 2378.749625] do_page_fault+0xf2/0x7e0 08:15:56 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = getpgid(0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/4\x00') perf_event_open(&(0x7f0000000140)={0x3, 0x70, 0x6, 0x0, 0x100000000, 0x366, 0x0, 0x3, 0x20, 0x8, 0x0, 0x400080, 0x3f, 0x15, 0x1ff, 0x0, 0x7fffffff, 0x3f, 0x6, 0x101, 0x1, 0x100000000, 0x8, 0x100000000, 0x3, 0x4, 0x9, 0x7ff, 0xfffffffffffffff9, 0x5, 0x0, 0x56, 0xffffffff, 0xc8, 0xe7, 0x100000000, 0x791, 0xfffffffffffff9da, 0x0, 0x8f, 0x1, @perf_bp={&(0x7f0000000100)}, 0x2000, 0x1, 0x5, 0x6, 0x9, 0x8, 0x8}, r1, 0x4, r2, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(r1, &(0x7f0000000300)='fdinfo/3\x00') r5 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) sendfile(r3, r4, 0x0, 0x100000080000000) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_ENDIAN(0x14, 0x0) r7 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffc, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x2, 0x2) connect$vsock_stream(r8, &(0x7f00000000c0)={0x28, 0x0, 0x0, @reserved}, 0x10) close(r7) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000040)='/\x00') 08:15:56 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) getpid() ioctl(r0, 0x1, &(0x7f0000000240)="0a5c2d023c126285718070") r1 = open(&(0x7f0000000000)='./file0\x00', 0x140, 0x84) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000002c0)={0x5, 0xd5d0}) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000200)=0x101, &(0x7f0000000280)=0x1) close(r2) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) r3 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0xffffffffffff3d38, 0x141001) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYBLOB="7d0000003df7ff472fc35bb8b9923a4b4cf6b59f730a63ce3ed841584eea5748588d6f3e2cc10041fd3bc58555567ab793344299ae50d3ee809acc5f40f17b9147733e7fed479d4d13547328b4aff510b39101000000689886d6f0be46e6137b0810c3f4dc08ee0603fc9f1ce5be9626dd6324bbf6abfd537bd212f31e80d106aa"], &(0x7f0000000140)=0x85) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000180)={r4, 0xffff, 0x100000000, 0xf9, 0x6, 0x1}, &(0x7f00000001c0)=0x14) [ 2378.753444] ? vmalloc_sync_all+0x30/0x30 [ 2378.757618] ? error_entry+0x70/0xd0 [ 2378.761360] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2378.766399] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2378.771359] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2378.776302] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2378.781173] ? trace_hardirqs_on_caller+0x310/0x310 [ 2378.786201] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2378.786222] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2378.796687] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2378.796702] ? page_fault+0x8/0x30 [ 2378.796721] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2378.796738] ? page_fault+0x8/0x30 [ 2378.796755] page_fault+0x1e/0x30 [ 2378.796771] RIP: 0033:0x4510a0 [ 2378.820340] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2378.839252] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2378.844625] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e 08:15:56 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:56 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x8100, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2378.851910] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2378.859192] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2378.866476] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2378.873762] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:15:56 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x608, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2378.987848] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2378.999494] CPU: 0 PID: 21323 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2379.006882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2379.016243] Call Trace: [ 2379.018859] dump_stack+0x244/0x39d [ 2379.022522] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2379.027750] handle_userfault.cold.32+0x47/0x62 [ 2379.032461] ? userfaultfd_ioctl+0x5610/0x5610 [ 2379.037069] ? mark_held_locks+0x130/0x130 [ 2379.041357] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2379.046398] ? futex_wait_setup+0x266/0x3e0 [ 2379.050746] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2379.055956] ? userfaultfd_ctx_put+0x830/0x830 [ 2379.060551] ? futex_wait+0x5a1/0xa50 [ 2379.064380] ? print_usage_bug+0xc0/0xc0 [ 2379.068455] ? print_usage_bug+0xc0/0xc0 [ 2379.072531] ? print_usage_bug+0xc0/0xc0 [ 2379.076606] ? zap_class+0x640/0x640 [ 2379.080353] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2379.085470] ? futex_wake+0x304/0x760 [ 2379.086610] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2379.089299] ? find_held_lock+0x36/0x1c0 [ 2379.089343] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2379.089365] ? lock_downgrade+0x900/0x900 [ 2379.106653] ? kasan_check_read+0x11/0x20 [ 2379.110820] ? do_raw_spin_unlock+0xa7/0x330 [ 2379.115243] ? do_raw_spin_trylock+0x270/0x270 [ 2379.119844] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2379.125492] __handle_mm_fault+0x4bbd/0x5be0 [ 2379.129921] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2379.134786] ? zap_class+0x640/0x640 [ 2379.138515] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2379.143463] ? kasan_check_read+0x11/0x20 [ 2379.147626] ? rcu_softirq_qs+0x20/0x20 [ 2379.151624] ? zap_class+0x640/0x640 [ 2379.155367] ? zap_class+0x640/0x640 [ 2379.159102] ? find_held_lock+0x36/0x1c0 [ 2379.163188] ? handle_mm_fault+0x42a/0xc70 [ 2379.167440] ? lock_downgrade+0x900/0x900 [ 2379.171606] ? check_preemption_disabled+0x48/0x280 [ 2379.176645] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2379.181590] ? kasan_check_read+0x11/0x20 [ 2379.185753] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2379.191050] ? rcu_softirq_qs+0x20/0x20 [ 2379.195039] ? trace_hardirqs_off_caller+0x310/0x310 [ 2379.200164] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2379.205723] ? check_preemption_disabled+0x48/0x280 [ 2379.210764] handle_mm_fault+0x54f/0xc70 [ 2379.214841] ? __handle_mm_fault+0x5be0/0x5be0 [ 2379.219443] ? find_vma+0x34/0x190 [ 2379.222999] __do_page_fault+0x5e8/0xe60 [ 2379.227074] ? trace_hardirqs_off+0xb8/0x310 [ 2379.232025] do_page_fault+0xf2/0x7e0 [ 2379.235839] ? vmalloc_sync_all+0x30/0x30 [ 2379.239998] ? error_entry+0x70/0xd0 [ 2379.243731] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2379.248764] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2379.253710] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2379.258660] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2379.263522] ? trace_hardirqs_on_caller+0x310/0x310 [ 2379.268549] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2379.274011] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2379.279041] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2379.284071] ? page_fault+0x8/0x30 [ 2379.287623] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2379.292483] ? page_fault+0x8/0x30 [ 2379.296037] page_fault+0x1e/0x30 [ 2379.299596] RIP: 0033:0x4510a0 [ 2379.302805] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2379.321718] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2379.327096] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e 08:15:56 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x68) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:56 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x5, 0x80) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000140)={0x0, 0x3b, "9fb214307f2079751d42a5775a43793acf495b1ee628f810a014c8d9f759c17342688f1211e169f73b2ff0e7e8b8de0f33a3b47a82a1a6cf0d6d76"}, &(0x7f00000001c0)=0x43) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000200)={r3, 0x7ff}, 0x8) r4 = open(&(0x7f0000000040)='./file0\x00', 0x4040, 0x181) ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x400, 0x3f, 0x2017, 0xe, 0x2, 0x1, 0x1}}) ioctl$VT_DISALLOCATE(r4, 0x5608) 08:15:56 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x88470000, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:57 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='net/ip6_flowlabel\x00') ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000500)={0x1c, 0x3, 0x17, 0x1, 0x1, 0x200, 0x5, 0x14}) r1 = socket$l2tp(0x18, 0x1, 0x1) pread64(r1, &(0x7f00000003c0)=""/158, 0x9e, 0x35) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000540)={0x13b, 0xffffffffffffff01}) r2 = syz_open_dev$swradio(&(0x7f0000000180)='/dev/swradio#\x00', 0x0, 0x2) r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f0000000380)=0x1, 0x8) llistxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/235, 0xeb) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0xc0, r4, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x28, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x57}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2a, 0x3}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x58, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@remote}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x1e}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2d, 0x8}}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10001}]}, 0xc0}}, 0x4000000) write$eventfd(r2, &(0x7f0000000480)=0x4, 0x8) 08:15:57 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0xb00, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:57 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x5, 0x400) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000080), &(0x7f00000000c0)=0x4) close(r1) [ 2379.334379] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2379.341659] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2379.348937] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2379.356214] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2379.363699] CPU: 1 PID: 21334 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2379.371086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2379.371097] Call Trace: [ 2379.381534] audit: type=1800 audit(1544688956.827:188): pid=21338 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="file0" dev="sda1" ino=17071 res=0 [ 2379.383043] dump_stack+0x244/0x39d [ 2379.383066] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2379.383093] handle_userfault.cold.32+0x47/0x62 [ 2379.416161] ? userfaultfd_ioctl+0x5610/0x5610 [ 2379.420761] ? mark_held_locks+0x130/0x130 [ 2379.425015] ? find_held_lock+0x36/0x1c0 [ 2379.425044] ? userfaultfd_ctx_put+0x830/0x830 [ 2379.425067] ? kasan_check_read+0x11/0x20 [ 2379.425087] ? print_usage_bug+0xc0/0xc0 [ 2379.432151] audit: type=1800 audit(1544688956.827:189): pid=21338 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="file0" dev="sda1" ino=17071 res=0 [ 2379.433725] ? do_raw_spin_trylock+0x270/0x270 [ 2379.441929] ? print_usage_bug+0xc0/0xc0 [ 2379.441949] ? print_usage_bug+0xc0/0xc0 [ 2379.441966] ? zap_class+0x640/0x640 [ 2379.441984] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2379.442002] ? futex_wake+0x304/0x760 [ 2379.466186] ? find_held_lock+0x36/0x1c0 [ 2379.474294] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2379.474312] ? lock_downgrade+0x900/0x900 [ 2379.474351] ? kasan_check_read+0x11/0x20 [ 2379.474370] ? do_raw_spin_unlock+0xa7/0x330 [ 2379.483180] ? do_raw_spin_trylock+0x270/0x270 [ 2379.483200] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2379.483227] __handle_mm_fault+0x4bbd/0x5be0 [ 2379.483251] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2379.491107] ? zap_class+0x640/0x640 [ 2379.499827] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2379.508373] ? kasan_check_read+0x11/0x20 [ 2379.518573] ? rcu_softirq_qs+0x20/0x20 [ 2379.527813] ? zap_class+0x640/0x640 [ 2379.536439] ? zap_class+0x640/0x640 [ 2379.536461] ? find_held_lock+0x36/0x1c0 [ 2379.536489] ? handle_mm_fault+0x42a/0xc70 [ 2379.536510] ? lock_downgrade+0x900/0x900 [ 2379.564488] ? check_preemption_disabled+0x48/0x280 [ 2379.569530] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2379.574476] ? kasan_check_read+0x11/0x20 [ 2379.578637] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2379.583932] ? rcu_softirq_qs+0x20/0x20 [ 2379.587928] ? trace_hardirqs_off_caller+0x310/0x310 [ 2379.593055] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2379.598616] ? check_preemption_disabled+0x48/0x280 [ 2379.603658] handle_mm_fault+0x54f/0xc70 [ 2379.607746] ? __handle_mm_fault+0x5be0/0x5be0 [ 2379.612361] ? find_vma+0x34/0x190 [ 2379.615926] __do_page_fault+0x5e8/0xe60 [ 2379.620003] ? trace_hardirqs_off+0xb8/0x310 [ 2379.624441] do_page_fault+0xf2/0x7e0 [ 2379.628261] ? vmalloc_sync_all+0x30/0x30 [ 2379.632425] ? error_entry+0x70/0xd0 [ 2379.636162] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2379.641192] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2379.646136] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2379.646153] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2379.646171] ? trace_hardirqs_on_caller+0x310/0x310 [ 2379.646191] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2379.655963] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2379.655981] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2379.656000] ? page_fault+0x8/0x30 [ 2379.680013] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2379.684883] ? page_fault+0x8/0x30 08:15:57 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x42000, 0x0) ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000200)={0xffffffffffffffff, 0xfffffffffffffff9, 0x9, 0x6, 0x9, 0x3}) r2 = getuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) write$FUSE_ATTR(r1, &(0x7f0000000180)={0x78, 0xffffffffffffffda, 0x3, {0x5, 0x800, 0x0, {0x4, 0x3, 0x101, 0x7, 0x4, 0xf32, 0x7fffffff, 0x7f, 0x0, 0x8000, 0x1f, r2, r3, 0x8, 0x3f}}}, 0x78) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000000)=0x7) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:15:57 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") modify_ldt$read(0x0, &(0x7f0000000040)=""/157, 0x9d) r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) 08:15:57 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000040), 0x4000) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) [ 2379.688436] page_fault+0x1e/0x30 [ 2379.691896] RIP: 0033:0x4510a0 [ 2379.695106] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2379.714025] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2379.719424] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2379.726722] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2379.734003] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 08:15:57 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:57 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x600, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2379.741286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2379.748576] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:15:57 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) [ 2379.889235] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2379.923276] CPU: 1 PID: 21371 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2379.930714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2379.930726] Call Trace: [ 2379.942681] dump_stack+0x244/0x39d [ 2379.946338] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2379.951559] handle_userfault.cold.32+0x47/0x62 [ 2379.956268] ? userfaultfd_ioctl+0x5610/0x5610 [ 2379.960875] ? mark_held_locks+0x130/0x130 [ 2379.965121] ? __sanitizer_cov_trace_cmp4+0x16/0x20 08:15:57 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x48) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:57 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x2, &(0x7f0000000000)="0a495c5c2d023c12628571") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:15:57 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:57 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x38042000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:15:57 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x400001010008912, &(0x7f0000000300)="0a4bf3d510e33497720001c56e") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x544, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x750, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180), 0x10) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000140)=@get={0x1, &(0x7f0000000040)=""/242, 0x6}) [ 2379.965137] ? futex_wait_setup+0x266/0x3e0 [ 2379.965167] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2379.965186] ? userfaultfd_ctx_put+0x830/0x830 [ 2379.984290] ? futex_wait+0x5a1/0xa50 [ 2379.988125] ? print_usage_bug+0xc0/0xc0 [ 2379.988144] ? print_usage_bug+0xc0/0xc0 [ 2379.988163] ? print_usage_bug+0xc0/0xc0 [ 2379.988182] ? zap_class+0x640/0x640 [ 2380.004066] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2380.009183] ? futex_wake+0x304/0x760 [ 2380.013018] ? find_held_lock+0x36/0x1c0 [ 2380.017112] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2380.021718] ? lock_downgrade+0x900/0x900 [ 2380.025890] ? kasan_check_read+0x11/0x20 [ 2380.025907] ? do_raw_spin_unlock+0xa7/0x330 [ 2380.025923] ? do_raw_spin_trylock+0x270/0x270 [ 2380.025943] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2380.025967] __handle_mm_fault+0x4bbd/0x5be0 [ 2380.049121] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2380.053979] ? zap_class+0x640/0x640 [ 2380.057702] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2380.062651] ? kasan_check_read+0x11/0x20 [ 2380.066815] ? rcu_softirq_qs+0x20/0x20 08:15:57 executing program 1: r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x2, 0xca000) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000080)={{0x6000000, 0x4}, 'port1\x00', 0x40, 0x424, 0x5, 0xae22, 0x2, 0x8, 0x40, 0x0, 0x1, 0x5}) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) [ 2380.070824] ? zap_class+0x640/0x640 [ 2380.074559] ? zap_class+0x640/0x640 [ 2380.078300] ? find_held_lock+0x36/0x1c0 [ 2380.082402] ? handle_mm_fault+0x42a/0xc70 [ 2380.086657] ? lock_downgrade+0x900/0x900 [ 2380.090824] ? check_preemption_disabled+0x48/0x280 [ 2380.095884] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2380.100841] ? kasan_check_read+0x11/0x20 [ 2380.105001] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2380.110291] ? rcu_softirq_qs+0x20/0x20 [ 2380.114306] ? trace_hardirqs_off_caller+0x310/0x310 [ 2380.119441] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2380.125002] ? check_preemption_disabled+0x48/0x280 [ 2380.130041] handle_mm_fault+0x54f/0xc70 [ 2380.134121] ? __handle_mm_fault+0x5be0/0x5be0 [ 2380.138726] ? find_vma+0x34/0x190 [ 2380.142288] __do_page_fault+0x5e8/0xe60 [ 2380.146374] ? trace_hardirqs_off+0xb8/0x310 [ 2380.150810] do_page_fault+0xf2/0x7e0 [ 2380.154635] ? vmalloc_sync_all+0x30/0x30 [ 2380.158805] ? error_entry+0x70/0xd0 [ 2380.162549] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2380.167581] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2380.172530] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2380.177480] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2380.182352] ? trace_hardirqs_on_caller+0x310/0x310 [ 2380.187389] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2380.192862] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2380.197905] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2380.202942] ? page_fault+0x8/0x30 [ 2380.206501] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2380.211373] ? page_fault+0x8/0x30 [ 2380.214934] page_fault+0x1e/0x30 [ 2380.218419] RIP: 0033:0x4510a0 08:15:58 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x3, 0x10000) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f0000000080)={0x7931, 0xc4, 0x7, 0x301}) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) [ 2380.221642] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2380.240553] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2380.245924] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2380.253207] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2380.260490] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2380.267771] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 08:15:58 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") prctl$PR_GET_FPEXC(0xb, &(0x7f0000000040)) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x8, &(0x7f0000000080)=[0xee00, 0xee00, 0xee01, 0x0, 0xee01, 0x0, 0xee00, 0xffffffffffffffff]) bind$vsock_stream(r1, &(0x7f00000000c0)={0x28, 0x0, 0x0, @my=0x0}, 0x10) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000100)={0x0, @speck128, 0x1, "155554ea01010008"}) setgid(r2) close(r1) 08:15:58 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2380.275054] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:15:58 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x7400000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:58 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x800000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:58 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/nfsfs\x00') r1 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x6, 0x50200) ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000440)) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000002c0)={0x0, @dev, @local}, &(0x7f0000000340)=0xc) ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000380)={r3, 0x7, 0x2, 0x4, 0x2, 0x7fff, 0xfffffffffffffff8}) ioctl(r2, 0x1000008913, &(0x7f0000000000)="0a5c2d023c126285718070") r4 = fcntl$getown(r0, 0x9) write$cgroup_pid(r1, &(0x7f0000000400)=r4, 0x12) r5 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000100)={0x101, 0x1, 0x3, 0x4, 0x6, 0x6, 0x2, 0x58, 0x2b90, 0x100000001, 0x8, 0x4}) r6 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r6) fstat(r5, &(0x7f0000000240)) r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vsock\x00', 0x2000803f8, 0x0) r8 = syz_open_dev$vbi(&(0x7f0000000180)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0) ioctl$VT_GETSTATE(r7, 0x5603, &(0x7f0000000080)={0x400, 0x2}) ioctl$SIOCGIFMTU(r7, 0x8921, &(0x7f0000000040)) write$P9_RRENAME(r8, &(0x7f00000003c0)={0x7, 0x15, 0x2}, 0x7) 08:15:58 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1, &(0x7f0000000080)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x8000000000000800, 0x0) ioctl$UI_SET_RELBIT(r2, 0x40045566, 0xe) close(r1) 08:15:58 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x1) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) accept(r0, &(0x7f0000000140)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x80) 08:15:58 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:58 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x300000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:58 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xffffdd86, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:58 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") getresuid(&(0x7f0000000040)=0x0, &(0x7f0000000080), &(0x7f00000000c0)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) setreuid(r1, r2) r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) 08:15:58 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5c00, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:58 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x4000) ioctl$EVIOCGKEYCODE(r1, 0x80084504, &(0x7f00000000c0)=""/31) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) 08:15:58 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:58 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x500000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2400007fff, 0x800) prctl$PR_SET_THP_DISABLE(0x29, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0xa40, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xfffffffffffffffd) prctl$PR_SET_PDEATHSIG(0x1, 0x1d) 08:15:58 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x200) 08:15:58 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xf000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:58 executing program 5: r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000080)={0x1, "20ac5d296e6c5d6294343506b6784504f1b39684563517b27fe8b2fc12c5ea08", 0x5, 0x1026, 0x3, 0x8, 0x0, 0x2, 0x205, 0x6}) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0xff, 0x40001) write$P9_RRENAMEAT(r2, &(0x7f00000002c0)={0x7, 0x4b, 0x2}, 0x7) ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000240)={0x80000000, "32be9dffa9452203833554d8232daaabf11644ea3ade6adeb5ad65c2c4a3088f", 0x1, 0x2, 0x10001, 0x7, 0x4, 0x1, 0x100000000, 0x1}) r3 = socket$inet6(0xa, 0xcf9e2386243a7d9, 0x200) ioctl$VIDIOC_SUBDEV_S_CROP(r3, 0xc038563c, &(0x7f0000000140)={0x0, 0x0, {0x1ff, 0x8970, 0x1000, 0xd6}}) shutdown(r1, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f0000000100)=0x800, 0x4) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) 08:15:58 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83a5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2090}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, r1, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'nq\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@broadcast}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8081}, 0x4000000) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x2f46b61a8f429988, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000240)=0x8126, 0x4) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r3, 0x300, 0x70bd25, 0x25dfdbfd, {{}, 0x0, 0x4101, 0x0, {0x20, 0x17, {0xc, 0x6d, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}}, [""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x4044004) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000340)=0x0) perf_event_open(&(0x7f00000002c0)={0x7, 0x70, 0x8, 0x2, 0x10000, 0x7, 0x0, 0x3ff, 0x0, 0x6, 0x98b, 0x6b, 0x1, 0x7, 0x401, 0x2, 0x5d4f, 0x10000, 0x9, 0x7f, 0x6, 0x200, 0x80000001, 0x8, 0x6000, 0x1, 0x3, 0x3f, 0x9, 0x7fffffff, 0x8000, 0x7, 0xffffffff, 0x1, 0x690, 0x0, 0x4c3, 0x9c, 0x0, 0x2, 0x2, @perf_bp={&(0x7f0000000280), 0x4}, 0x80, 0xe2e, 0x5, 0xf, 0x8000, 0x7, 0x100000001}, r5, 0x3, r2, 0x8) close(r4) 08:15:58 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x3, 0x2) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000100)=0xfdf) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x0}]}) ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f00000001c0)={r3, 0x1}) 08:15:58 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:58 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x700000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:58 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:58 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3f000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:59 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = request_key(&(0x7f00000001c0)='asymmetric\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)='em1\x00', 0xfffffffffffffff9) r2 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, r1) r3 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$reject(0x13, r2, 0x4ff60a68, 0x8000, r3) ioctl(r0, 0x7, &(0x7f0000000040)="0a5c2d023c126285718070") r4 = openat$zero(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/zero\x00', 0x501000, 0x0) getsockname$inet(r4, &(0x7f0000000300)={0x2, 0x0, @broadcast}, &(0x7f0000000340)=0x10) r5 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r5) r6 = dup2(r0, r0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000280)=0x3) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0) bind$bt_sco(r7, &(0x7f0000000180)={0x1f, {0x4550000, 0x40, 0x14400000, 0x2, 0xc2, 0x401}}, 0x8) 08:15:59 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x60000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:59 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) personality(0x414000e) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:15:59 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x10000, 0x0) futex(&(0x7f0000000140)=0x2, 0x85, 0x0, &(0x7f0000000180)={0x77359400}, &(0x7f0000000240), 0x1) getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000080)={'nat\x00'}, &(0x7f0000000100)=0x54) 08:15:59 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)="2f6465762f696e7075742f6576656e742304", 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:59 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:59 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14, 0x800) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x100, 0x3, 0x93b2, 0x7, 0xfffffffffffffffe, 0x3, 0x1}, 0x1c) close(r1) 08:15:59 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:59 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x8001, 0x22180) connect$bt_rfcomm(r2, &(0x7f0000000080)={0x1f, {0x650b5e8, 0x7, 0x7, 0x5, 0x6, 0x401}, 0x5}, 0xa) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0xf3d4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:15:59 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3580, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:59 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:59 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1fe, &(0x7f0000000080)="126285718170000000000001000000000000") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:15:59 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x4, 0x400) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r2, 0x40505330, &(0x7f0000000080)={{0xf0, 0x1}, {0x40, 0x20}, 0x40, 0x0, 0x6}) close(r1) 08:15:59 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3f00000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000140)={{{@in6=@ipv4={[], [], @multicast2}, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000000040)=0xe8) r3 = creat(&(0x7f0000001a00)='./file0\x00', 0x10) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000001a40)={0x0, 0x0, 0x0}, &(0x7f0000001a80)=0xc) write$FUSE_CREATE_OPEN(r3, &(0x7f0000001ac0)={0xa0, 0x0, 0x5, {{0x2, 0x3, 0x44, 0x0, 0x7f, 0xcc, {0x4, 0x400, 0x6, 0x4, 0x1ff, 0x7ff, 0x0, 0xe3, 0x4, 0x6, 0x5, r2, r4, 0x300000000, 0x800}}, {0x0, 0x1}}}, 0xa0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000000240)=0xc) r6 = getuid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) r8 = getgid() getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000340)=0xc) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000380)=ANY=[@ANYBLOB="02000000010001000000000002000100", @ANYRES32=r2, @ANYBLOB="02000100", @ANYRES32=r5, @ANYBLOB="02000200", @ANYRES32=r6, @ANYBLOB="040001000000000008000400", @ANYRES32=r7, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=r8, @ANYBLOB="29100500", @ANYRES32=r9, @ANYBLOB="10000300000000002000030000000000"], 0x54, 0x1) r10 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001980)='/dev/autofs\x00', 0x101002, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r10, 0x8918, &(0x7f00000019c0)={@ipv4={[], [], @local}, 0xb, r1}) r11 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r12 = syz_open_dev$vcsn(&(0x7f0000000400)='/dev/vcs#\x00', 0xfc6e, 0x50000) getsockopt$bt_rfcomm_RFCOMM_LM(r12, 0x12, 0x3, &(0x7f0000000440), &(0x7f0000000480)=0x4) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r12, 0x4058534c, &(0x7f0000000500)={0x20, 0x606c, 0xd4, 0x9, 0x196b, 0x4}) ioctl$UI_DEV_SETUP(r10, 0x405c5503, &(0x7f0000001b80)={{0x800, 0x2, 0x8d, 0x200}, 'syz0\x00', 0xd}) fcntl$F_SET_FILE_RW_HINT(r11, 0x40e, &(0x7f0000001940)=0x2) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) ioctl$EVIOCRMFF(r12, 0x40044581, &(0x7f00000004c0)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$kcm(r12, &(0x7f0000001900)={&(0x7f0000000580)=@nl=@kern={0x10, 0x0, 0x0, 0x220000}, 0x80, &(0x7f0000001840)=[{&(0x7f0000000600)="e40f2aea9927a58f8511ac1364498bb2c6fc2e93a3a107b7d5df06b45008837ebcbfd281a91788a9b18768c52ea4973061e91ddba7b53397b0952d045619369652de4ca55dafb5f3f382b0d3ade04fbf31faada2bf919e24e0be8c7cc1ad50417532e654df646bae7d1995944b5f3c51fa7699481dbf9c5e2d0cdbe439f7d66549dfaea8625de095d973", 0x8a}, {&(0x7f00000006c0)="8cdd0b388dfe4cc35edd3bc9fe1b08755fe9c48d1b33883893753128529a8bf5211fd4ebece6b8cb9a1fd6cd7e54b38ab6f5c1ba710e1d6d1e76543b76e27f47dffb1a1d2c10a8d3f10b785def158024f93c9029da752242fdf4cae5412831dd061a92ea260ec8510b334018fdb82a7dc95c42288e6115a8d22aa65b5c9f7b69121c2732467cd313c56dd3a31180744ff73311f4384c2fb62139a931802598653eebeb3741676f9572f7841bc06650c7034bb40c5badaca91e3920723f10a51f170580b57d285ccead8ea668a528ecc4c8ceaedbc0d5138c4707d0a678411a96f4d755eb0002eef11c55955d01f101650f4407047aa4cb8534913120883224c02b24611be5a387b35a2d8a0cde30eef9b702d7e0f33dac130d38bec18f95653847c908a993b2275866029a0f5e704503d86e11c009c56bc5e0e5957913d59508441e42daf8ecca1ae51dffe3782c88b051ca6baaf1e8f26d501493ec6bfbaaeec126c1013ff364c21880b52006cd8965a9b8db58a93c632e8f197901dd5fe9a23566f9b85b9a62a75faf74b1780f86314308fd4d977d444b2e3107b4a9edca55421fb53180a1152a838f97da235f4080037286905222aa99f289ab42372c0c2da094c5bcf6e6c26fa968a5589003c04a35a2ea90df67c184743c14b715b98c364f7a95aa0a5379b494ffddb0ac2c912219739414bd81ab0579c6061cc5c720a5fc3fa6f122554b81b9cb42c74e8d893ef7c27640688a0036694d210cbdb2dece497633d18e96fc3db231197d4d0c561288893e3a90e8928cc3147fb4a5f2bba4402a68875952e32a613e13a254f70f8cdfaa672189a14f28fa7bf6729deda5158d5d02f8a93eac504b8bde920773700ad785b3dd35c82cf8384aa807bb91c2aa857da4c73e6207fe4d66e7f75690eaa097f6216bc67908801eb3eaeb94f856652d5e25295e40513657a78ff6c92a11c492d3488fa6a2e3131e4d75d903543d479a955dac9e1a73b5cc32a1a8fa61aad68ae2bd531d0b8e949a50c302f80c6cd2675cd4300db37a86f147df26388a098369616fcdf739099bee3d305dd64592d00e05aad57c2d171dfcfde2c683168e23f1b14b019fceff6abad93e81d7f4aca0437777f368c459adc50fb6c734a976a69df752f3a7a122444583d791be68a24beade743f3d7ed9afe1597281a5a658cae9482fe22b25d817bc925f9bd479b83ab040c54cc51054a9558587d5a38be75d17643df6355551b989094d6e276cabb8d3e02f478f5c2092fbd25a067701959b19963ead8daa27e8e4e3e0facdec992ebedad11a579193ee9d1d9763171ca8a82f9809171250aea14aeb93faf27418d3ea54d488820b65fc93d46e7ba68dbae6ff75ed06e9024803cf45347e08e403df3d839a19ee7fb3ed440f023c117f3eb0da65a96cae51ffa9b8f8fc891303e04ba31e93ef6e0d638c2a851854bd17c595429495fcf826c609a6a74019f38f432fb8b66d42e8613ea9d25f32cf84973ee2422e08575b2948cdeadac6cb80c1e0c62132a15c462056b743223483be4f8abcbe7ff232c0e8835276e7763748c64c550a8f39523877a691e3ff59ad285db7affc27802dd7c647bdf777914487815a30d34a36cb8c329304eba3879a7a7e7f3342121abf2f22e8e4a67a87fff933a5d6c6811d980070d48926f78535f2dc7978d926fb5abba7b98e6994903551bd3136053291b255bfa1f92d297d9a6e627ef0599e310950ae049d463cdc2a0d69384064a43d2c68f1019669b63d8b0ff2849bd65eef6193f6ffd2a12ffa963467e46b0e008f07ac0087565047eec5b324c7721eecae3a91522082da9f5f1ca9fa5e602b9f4134176bdc933c48503a7b9d66cd11760a8b4d76f6d9f996612bdbf169a63f175e150ad6b03a15ca00ff55894549289000999650bb44f573800ac9502099c168546e5fd8067f5058aef94dd6ea3d075691d82037e2616b218130a1d5fefa27741ae8f230740dccad3ec6eefe27f827263ddd6daf76d887c33445031cc96a11b651573d08d1ca3e18fc2da652fe8f1ef66349bdd888911b85935aaeaa1729b99e72c16b10510f13f06933c1381a489a4328c708a7792a037a97a507191b52d088e5c1667140ff70a043542ba30551d6a352cad78fd9e57949b10a77a8214375a77946f326e49def399212b2dd1014041717a1585aa2d242e442e039ccf7b2c7f3743145f74eb457481a05aa63e15ed619a52a375f6fabd870c6591f7f7ca351ac8ff90b01633ae8fbd273aa19a1440be8830d67097f68321153130236d5e968bb7f6ea6fadde6c90dc83d218ee6622e56654d9526e2ad279072a1899106a2f3749879395fe0b4c19ef006c8e0b840292fcc76123bfe5ee79379bf88cfc5482bc98384fec366b9fbbb47f2958ed888e904e91240c15b47b1b45044f3f2a7081e57489cc1646a6b907533bbb86559145039cc4987b2cd4887a535f0b41b69ee92d10fb4f99bab64ce8a151124874d5d65eb4814e34e56e77af7a03d87d179ccd2f43b523aac18ffdcff7ea3e7f021fa69710234eeadb54e31806ee4cfe413154695ca6d61f953cffcbf7eb043b8bc5050f8fdc5df4a9495f13372276fe2a3460213460d1c38f5d86216fcd54ba41a5302400e22f00ad30569e29107da8f85b0449af02f0dee60d0b021d60738caa8f3d517f511c1c77db785292a71387fee11026f8b7cb971b91ef577cbed3eef5f1718fe00e6ef3038da4b23c9ccf73286f7588744d64cc2751328e892cf49cd18edd92b6219d4ba075b2d7bc51043b52799f03e7349eb4741aba060ae9d1bdd2fae5eaf3069d4a3c5d58d11a6d491b66081896b22be7afbbf9af5c66c24efdc139015d0ae7c636f74322802cf182eeef15f14b743861db51894007624468f866098c2363ef82bc23d34856f592d4dff1ada99dc336d453fbcc93e9ab32f1ce92cad596f5dd214da24574a936586ca5f0b8dd936ba6337204a053634879eca74347ae954dd1d9df51d6f221321747e6de790fa7b870149d5a8c33efcf543e4eba389c75c3c4889afc1a2b4f30210d32f7c6fe74a483b090f7cd4009f2ed4d41adec42ba79ac2db281d928fbcd0eb6cbb93b1c4a8f70be7536b21d51e9673e6997692dfdb95abe0cb2ba8247cfb94051eb681a8599a0914b1a0d169f5b9e79f291755f0568b096fcdf4683c1202372f21802323f7286ac8b55886737e176eb549f789b055e135f9785aa72d6e85f4f3b4253f599854ad3fca2970ee6ff564a60676db64feca844778fcca4950bb1839378e7ff00ad3ff5c952ecdaab82b1192a7146b146526ba1f1287446f748b684b85d8bf7e6823566ebf3ff2e160a5890e17bc7078214a9eb28d08c5fcd6710f6f4440076f24a718c9b6f5fa6fa1b609649f685102fdb076afff23d943ade0c428f700ea1f92c99d42dd7fbe6233a346c99080cd68e41028869da46d0773c79db77860e0d871b5b6fad1017fa88b911c8f870e95f2d3cbe816bb59d504662571026b49bb2dd00aa39a419bdbc9fb83335ead118b989e6b5bd1916926fa9366f2678d3b1ac57bd2447b29eceae0070040278e39992224dd189a018fa3a93c4a0ea03b404f11f52c2df86e8b838fc03dcec10ca1fe6abcb22967472556ecb47f381acea06719d847b5cb88249d2bf7eed6f569e6ed2e2074a7a3226abbde508dbdc8f3289dd73624a0b6dfad7d0adb997a445f16ed902de487c6e2f267f5b178d377ff77d127bca76853cb22093b211d0195d0dc023dae1dd2da06eb7a69c9ce04087f7a012e356af5b56cc96274f6dcfdae54a5595a7c64dd786635ca52c7b96ea5d41d590323484749d0a3dba28f119212ebf34a35b58e53ac18412493c9ff0f897717091179d515bdbe7e97d1f9aa095ca6f41117691994525ce350cecc0c5663db1df8d6e0d9746a4d6569c529683b0c455266c15f3eae6c98bb7ba6b0f26cfcba40fe42192fc56b062264c13fb030a817ce202aa6a10cf92316b0ff8b5542ec788e4a5704c6c6db08188f4ba59b1f62322390bda4e1b782c0f160af2d2f1ef8768c0ae5578a3d5dfba8de39f5bf4206bf7cd9f2b86c1d191086dbeb90cf8d2e6a9e7086e5db2451ef53e1d7ea161fdaeddadbcff140efe04f966c5af7395638244fcc0d11ae7a6809d3953395db61ab1ceb8e6754ef89083db038d7005f2883861424c27dd3d29db758162af750c8866245967a4ec1fad551959fb1139f81d752f2636fdccd570aa112b0c549d264aff2c91a06c2f08414e098c145b2bdd2015c9113a3e0075b72d21a46837213d5e7e3a886dde60960120fba6ddd8dc71fb46d262ad77716397f6e18630738cd82f30a5032d10d014680c5db26cbe7b0b39cf1d2fbf135493c4e95ffe0ab82bfb3f0fe0426e8c2609757442e1322b19803ac9d4ce90c8fe95ce06faad168b06e56ad320fae2ec36f253eec9f521b8404607e470e8dcf1ee6648ca593169b295e9199d068082d380e436b77453f95572330ee7b55f4b317a70c7705ecc16448ce2fbf1f117ded82b8519dd2c5b2e6c052a354d4bac2c58bf5a569b6baba13707ba3879974a452a70599b5901f4ec8a2cbc7c7fd346d5222b614c6f85ad1c1ce153451b35530118cafa85ef51c7c79944edbe429f3f74f70b8a5f0dd430db821af6c27a6b6eb8f08be80c2a79c6c0d3de0b8aa043caca9252e5230b5eb5dfdee20d90aa7b75be066cbc351c192ab2d074857f90b1462aca623bf05ff5cac1f76f10d599003ea650bca9c9932e5cdadb7d9228f0ef7da07c237cae5bdaef43c8beca448ff030e484b3d56f59ceb51815a1c6a11ed3051c85e88db2b61516092cbb5ac774c683834702be087a35593a1f06c4b09271ac00df3ffe94b840690e531768563120b129995ce2acc68659cef9367c6a54c29f7d578bf164d45b1fea8a6025962d1adac7b31a80eb6f091a64be3fdaa0e250afa892dcc56890971f638dfc2a6b5a2d9035e931197645c64b5c8fb254e58a0806341bf0717b2328a501155f6f9f8cfb75a4b3ffac0e2a0161a0d174a32f33ccb796962db5c381bbec6645d05661bef9bb7fa6b1f03a3c6559c709c70f72cfd0a2638aebdd564647158f5006bf749c3251a249c2a379f9dc0a15edd48f269eba4a6ca6d663d6fb4786940c08dc1053895d4c1102249daa02a8b8203aaa0126f2adb855f84bdc40d00f2894fdd1075611f015fcaa409a006881c47437f519e4a485a6e7ead79758784011560a45d4a0d4e03836d8b572d7a9729427d352223affb18a182f1af997739ce4c5dea14f9b5fb58ba459dfd02ec98cc83ad0681a1705f7ccb619535b349062dcfa974977a762e3733987038cdce48074d5c10b0210a968c1b069f899c511ec9fe972be46d6a1e6de5fa10a4ea77e4711163f84bcdb2917de640e564779d5b2a8a88bbd1cc67e11d206efc91ec576987693025cd644f5ceedab07fe5fbfe98166b86d0c1ab812d1bb3e8571cca81e1ebec43db50213dba758bdc421a15e2aa78c30e4a709920d734af89ee28e40b2185a7217937c542e43ff9ef6353fec5fd287aa2ddb548c9ca0a415122d67e56b92dfad2a6d71c89c4cca88289a908fdb3a7923850d8e2a134ae65381a46ab5b5531b9ef82346b41e856c5ba387014db6fd3b42e227d2226bd4463dfd9e64c84c9bb2969c7fb012907c4b64321c95f534c2a9838597ecd0aa993edf7421dd809dca71d3cf57ebf95373b2a3281bcbcd35f2e39c3e173c32d1d3022e9306cf202ed0d5c655ed1319661f3", 0x1000}, {&(0x7f00000016c0)="5dea9b768c1713bd5b1c7b5e0cae8e4f", 0x10}, {&(0x7f0000001700)="43a60d8832c9f7d6", 0x8}, {&(0x7f0000001740)="ecc5859a5d4ea2662cd6db703d53bb81eb47e34260b3611290d429622be46fdbbaff094e55d2f240e33dd41fd99806b4869d25bb2cfdb88f0d413dac649940978ae52644a3d285e3ac87", 0x4a}, {&(0x7f00000017c0)="fadfaa19f2071a53626ec4ea9a09b253f003b9ff26873af0aeae2e66c9f09a42a4e868d2ba2947c99f1285db2bbac48748ff1bcc7589fb24c495f146b0886c0016a967e80413103f66f1d75ecf34ed4c0243a3e79d9df44c77520b067a3c5d21", 0x60}], 0x6, &(0x7f00000018c0)}, 0xbf) ioctl$FS_IOC_GETFLAGS(r11, 0x800455d1, &(0x7f0000000080)) connect$llc(r12, &(0x7f00000018c0)={0x1a, 0x30e, 0x9d8, 0x8, 0x1, 0x100, @broadcast}, 0x10) getuid() 08:15:59 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x1000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:59 executing program 1: socket$l2tp(0x18, 0x1, 0x1) r0 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = request_key(&(0x7f0000000000)='ceph\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='selfselfmd5sum\x00', 0xfffffffffffffffc) keyctl$restrict_keyring(0x1d, r1, 0x0, &(0x7f00000000c0)='ppp0vboxnet0wlan1\x00') close(r0) 08:15:59 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x800, 0x0) ioctl$RTC_AIE_ON(r1, 0x7001) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) 08:15:59 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x5) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:59 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:59 executing program 5: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 08:15:59 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x500000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:59 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0a5c2d023c126285718070") accept4(r0, &(0x7f0000000040)=@generic, &(0x7f00000000c0)=0x80, 0x80000) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x1000, 0x800) ioctl$VIDIOC_DBG_G_CHIP_INFO(r2, 0xc0c85666, &(0x7f0000000140)={{0x3, @name="2c80b7f70744d310524b8d3f1d7ad49fe7d509aacf3318b9e88687397678f66e"}, "ec491c3d26374ecb312aee6b02b9e27961d3644eedad2046721412aec5459a92", 0x2}) 08:15:59 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:15:59 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0xffffff7f00000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:15:59 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xfeffffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:15:59 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) fsetxattr$security_smack_entry(r0, &(0x7f0000000040)='security.SMACK64IPOUT\x00', &(0x7f0000000080)='ppp0cpuset*.\x00', 0xd, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x5, 0x0) r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r1) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) 08:15:59 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x100000890f, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:15:59 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x101000) ioctl$VIDIOC_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000140)={0x0, 0x0, [], @bt={0x4, 0x0, 0x3, 0x30, 0x1, 0x0, 0x8, 0x4}}) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000200)={0x200, 0xaa, 0x8000, 'queue0\x00', 0x400}) [ 2382.041680] handle_userfault: 17 callbacks suppressed [ 2382.041688] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2382.053576] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2382.058112] CPU: 1 PID: 21616 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2382.065489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2382.074858] Call Trace: [ 2382.077477] dump_stack+0x244/0x39d [ 2382.081135] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2382.086374] handle_userfault.cold.32+0x47/0x62 [ 2382.091084] ? userfaultfd_ioctl+0x5610/0x5610 [ 2382.095717] ? mark_held_locks+0x130/0x130 [ 2382.099971] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2382.105001] ? futex_wait_setup+0x266/0x3e0 [ 2382.109366] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2382.114577] ? userfaultfd_ctx_put+0x830/0x830 [ 2382.119173] ? futex_wait+0x5a1/0xa50 [ 2382.119196] ? print_usage_bug+0xc0/0xc0 [ 2382.119213] ? print_usage_bug+0xc0/0xc0 [ 2382.119232] ? print_usage_bug+0xc0/0xc0 [ 2382.127096] ? zap_class+0x640/0x640 [ 2382.138929] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2382.144050] ? futex_wake+0x304/0x760 [ 2382.147891] ? find_held_lock+0x36/0x1c0 [ 2382.151977] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2382.156582] ? lock_downgrade+0x900/0x900 [ 2382.160749] ? kasan_check_read+0x11/0x20 [ 2382.164914] ? do_raw_spin_unlock+0xa7/0x330 [ 2382.169346] ? do_raw_spin_trylock+0x270/0x270 [ 2382.173948] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2382.179596] __handle_mm_fault+0x4bbd/0x5be0 [ 2382.184033] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2382.188894] ? zap_class+0x640/0x640 [ 2382.192622] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2382.197563] ? kasan_check_read+0x11/0x20 [ 2382.201728] ? rcu_softirq_qs+0x20/0x20 [ 2382.205731] ? zap_class+0x640/0x640 [ 2382.209469] ? zap_class+0x640/0x640 [ 2382.213200] ? find_held_lock+0x36/0x1c0 [ 2382.217284] ? handle_mm_fault+0x42a/0xc70 [ 2382.221530] ? lock_downgrade+0x900/0x900 [ 2382.225702] ? check_preemption_disabled+0x48/0x280 [ 2382.230737] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2382.235677] ? kasan_check_read+0x11/0x20 [ 2382.239846] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2382.245131] ? rcu_softirq_qs+0x20/0x20 [ 2382.249117] ? trace_hardirqs_off_caller+0x310/0x310 [ 2382.249138] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2382.259776] ? check_preemption_disabled+0x48/0x280 [ 2382.264820] handle_mm_fault+0x54f/0xc70 [ 2382.268905] ? __handle_mm_fault+0x5be0/0x5be0 [ 2382.273510] ? find_vma+0x34/0x190 [ 2382.277078] __do_page_fault+0x5e8/0xe60 [ 2382.281153] ? trace_hardirqs_off+0xb8/0x310 [ 2382.285600] do_page_fault+0xf2/0x7e0 [ 2382.289419] ? vmalloc_sync_all+0x30/0x30 [ 2382.293578] ? error_entry+0x70/0xd0 [ 2382.297306] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2382.302351] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2382.307295] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2382.312246] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2382.317100] ? trace_hardirqs_on_caller+0x310/0x310 [ 2382.322129] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2382.327598] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2382.332653] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2382.337685] ? page_fault+0x8/0x30 [ 2382.341244] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2382.346103] ? page_fault+0x8/0x30 [ 2382.349662] page_fault+0x1e/0x30 [ 2382.353128] RIP: 0033:0x4510a0 [ 2382.356343] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2382.375257] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2382.380633] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e 08:16:00 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000000912, &(0x7f0000000000)="0a0300023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) listen(r0, 0x6) close(r1) socketpair(0x5, 0x10, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$netlink(r2, &(0x7f00000000c0), &(0x7f0000000100)=0xc) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000080)={'gretap0\x00', {0x2, 0x4e24, @empty}}) 08:16:00 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8847, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:00 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) [ 2382.387914] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2382.387925] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2382.387934] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2382.387944] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2382.435445] CPU: 0 PID: 21613 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2382.442839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2382.452205] Call Trace: [ 2382.454812] dump_stack+0x244/0x39d [ 2382.458456] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2382.463670] handle_userfault.cold.32+0x47/0x62 [ 2382.468382] ? userfaultfd_ioctl+0x5610/0x5610 [ 2382.472985] ? mark_held_locks+0x130/0x130 [ 2382.477240] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2382.482269] ? futex_wait_setup+0x266/0x3e0 [ 2382.486625] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2382.491827] ? userfaultfd_ctx_put+0x830/0x830 [ 2382.491842] ? futex_wait+0x5a1/0xa50 [ 2382.491864] ? print_usage_bug+0xc0/0xc0 [ 2382.491881] ? print_usage_bug+0xc0/0xc0 [ 2382.491899] ? print_usage_bug+0xc0/0xc0 [ 2382.491920] ? zap_class+0x640/0x640 [ 2382.516201] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2382.521319] ? futex_wake+0x304/0x760 [ 2382.525173] ? find_held_lock+0x36/0x1c0 [ 2382.529271] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2382.533870] ? lock_downgrade+0x900/0x900 [ 2382.538051] ? kasan_check_read+0x11/0x20 [ 2382.542210] ? do_raw_spin_unlock+0xa7/0x330 [ 2382.546629] ? do_raw_spin_trylock+0x270/0x270 [ 2382.551235] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2382.556890] __handle_mm_fault+0x4bbd/0x5be0 [ 2382.561316] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2382.566194] ? zap_class+0x640/0x640 [ 2382.569923] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2382.574868] ? kasan_check_read+0x11/0x20 [ 2382.574885] ? rcu_softirq_qs+0x20/0x20 [ 2382.574911] ? zap_class+0x640/0x640 [ 2382.574932] ? zap_class+0x640/0x640 [ 2382.590483] ? find_held_lock+0x36/0x1c0 [ 2382.594572] ? handle_mm_fault+0x42a/0xc70 [ 2382.598827] ? lock_downgrade+0x900/0x900 [ 2382.600590] Unknown ioctl 1076932219 [ 2382.602993] ? check_preemption_disabled+0x48/0x280 [ 2382.603014] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2382.603030] ? kasan_check_read+0x11/0x20 [ 2382.603049] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2382.609023] Unknown ioctl 1076932219 [ 2382.611776] ? rcu_softirq_qs+0x20/0x20 08:16:00 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x2, 0x2) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f0000000100)={0x7fff, 0x1, 'client0\x00', 0x2, "795ed48563d7cb24", "c33fdb5f190e714185359bcd66011cffacd1fd1bd0427f4a37c752943882c2e7", 0x1f, 0x9}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x101000, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f00000001c0), &(0x7f0000000200)=0xc) ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f0000000080)={0x1, 0x7}) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r0, 0x111, 0x3, 0x0, 0x4) 08:16:00 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = gettid() perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r1, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x2, 0x121000) vmsplice(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="be308a7108e69ac211a23621a2a228a3a49886dbcb1202", 0x17}], 0x388, 0x7) close(r0) 08:16:00 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:00 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000040)) [ 2382.611794] ? trace_hardirqs_off_caller+0x310/0x310 [ 2382.611813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2382.611831] ? check_preemption_disabled+0x48/0x280 [ 2382.611854] handle_mm_fault+0x54f/0xc70 [ 2382.611874] ? __handle_mm_fault+0x5be0/0x5be0 [ 2382.658172] ? find_vma+0x34/0x190 [ 2382.661733] __do_page_fault+0x5e8/0xe60 [ 2382.665818] ? trace_hardirqs_off+0xb8/0x310 [ 2382.670249] do_page_fault+0xf2/0x7e0 [ 2382.674067] ? vmalloc_sync_all+0x30/0x30 [ 2382.678254] ? error_entry+0x70/0xd0 [ 2382.678274] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2382.678299] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2382.678316] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2382.678350] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2382.678369] ? trace_hardirqs_on_caller+0x310/0x310 [ 2382.678388] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2382.678406] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2382.678423] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2382.678438] ? page_fault+0x8/0x30 08:16:00 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4c000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:00 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r1 = dup3(r0, r0, 0x80000) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000200)={0x1, 0x0, [0x43f7, 0xc0c, 0x8, 0x3, 0x6, 0x6, 0x6, 0x8]}) setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000040)=0xffffffff, 0x4) write$evdev(r1, &(0x7f0000000140)=[{{0x77359400}, 0x1f, 0x1fffe0000000, 0xfffffffffffffffd}, {{}, 0x3, 0x7f, 0xfffffffffffffff8}, {{r2, r3/1000+30000}, 0x3, 0xbbb, 0x3}, {{}, 0x16, 0x9, 0x4}, {{0x0, 0x7530}, 0x16, 0x0, 0xffff}, {{0x77359400}, 0x17, 0x6, 0xd0b4}, {{0x77359400}, 0x3, 0x6, 0x8001}, {{0x0, 0x2710}, 0x0, 0x1, 0x6}], 0xc0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:00 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x300, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:00 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x83f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x200000, 0x0) setsockopt$inet_dccp_int(r1, 0x21, 0xa, &(0x7f0000000080)=0x8, 0x4) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) [ 2382.678459] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2382.678477] ? page_fault+0x8/0x30 [ 2382.678493] page_fault+0x1e/0x30 [ 2382.678506] RIP: 0033:0x4510a0 [ 2382.678530] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2382.678539] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2382.678552] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e 08:16:00 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x543, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2382.678562] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2382.678570] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2382.678587] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2382.678596] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2382.806099] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2382.806123] CPU: 0 PID: 21659 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2382.806133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2382.806139] Call Trace: [ 2382.806164] dump_stack+0x244/0x39d [ 2382.806186] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2382.806218] handle_userfault.cold.32+0x47/0x62 [ 2382.806251] ? userfaultfd_ioctl+0x5610/0x5610 [ 2382.806272] ? mark_held_locks+0x130/0x130 [ 2382.806291] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.806309] ? __perf_event_task_sched_out+0x33a/0x1bf0 [ 2382.806362] ? pick_next_task_fair+0xa05/0x1b30 [ 2382.806397] ? userfaultfd_ctx_put+0x830/0x830 [ 2382.806423] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 08:16:00 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x80000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) [ 2382.806458] ? __perf_event_task_sched_in+0x2a9/0xb60 [ 2382.806479] ? print_usage_bug+0xc0/0xc0 [ 2382.806508] ? print_usage_bug+0xc0/0xc0 [ 2382.806530] ? print_usage_bug+0xc0/0xc0 [ 2382.806556] ? find_held_lock+0x36/0x1c0 [ 2382.806573] ? zap_class+0x640/0x640 [ 2382.806598] ? finish_task_switch+0x1f4/0x910 [ 2382.806624] ? find_held_lock+0x36/0x1c0 [ 2382.806651] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2382.806669] ? lock_downgrade+0x900/0x900 [ 2382.806693] ? kasan_check_read+0x11/0x20 [ 2382.806708] ? do_raw_spin_unlock+0xa7/0x330 08:16:00 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000040)) 08:16:00 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:00 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8864000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2382.806724] ? do_raw_spin_trylock+0x270/0x270 [ 2382.806742] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2382.806757] ? __switch_to_asm+0x40/0x70 [ 2382.806782] __handle_mm_fault+0x4bbd/0x5be0 [ 2382.806808] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2382.806836] ? __sched_text_start+0x8/0x8 [ 2382.806852] ? zap_class+0x640/0x640 [ 2382.806871] ? kasan_check_read+0x11/0x20 [ 2382.806905] ? zap_class+0x640/0x640 [ 2382.806921] ? zap_class+0x640/0x640 [ 2382.806944] ? find_held_lock+0x36/0x1c0 [ 2382.806969] ? handle_mm_fault+0x42a/0xc70 [ 2382.806991] ? lock_downgrade+0x900/0x900 [ 2382.807015] ? check_preemption_disabled+0x48/0x280 [ 2382.807036] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2382.807053] ? kasan_check_read+0x11/0x20 [ 2382.807068] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2382.807083] ? rcu_softirq_qs+0x20/0x20 [ 2382.807100] ? trace_hardirqs_off_caller+0x310/0x310 [ 2382.807117] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2382.807135] ? check_preemption_disabled+0x48/0x280 [ 2382.807159] handle_mm_fault+0x54f/0xc70 [ 2382.807179] ? __handle_mm_fault+0x5be0/0x5be0 [ 2382.807202] ? find_vma+0x34/0x190 [ 2382.807224] __do_page_fault+0x5e8/0xe60 [ 2382.807241] ? trace_hardirqs_off+0xb8/0x310 [ 2382.807269] do_page_fault+0xf2/0x7e0 [ 2382.807286] ? vmalloc_sync_all+0x30/0x30 [ 2382.807302] ? error_entry+0x70/0xd0 [ 2382.807320] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2382.807358] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2382.807377] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2382.807394] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2382.807414] ? trace_hardirqs_on_caller+0x310/0x310 [ 2382.807430] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2382.807450] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2382.807474] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2382.807497] ? page_fault+0x8/0x30 [ 2382.807528] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2382.807548] ? page_fault+0x8/0x30 [ 2382.807567] page_fault+0x1e/0x30 [ 2382.807580] RIP: 0033:0x4510a0 [ 2382.807599] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2382.807609] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2382.807623] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2382.807634] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2382.807645] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2382.807656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2382.807667] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2382.937682] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2383.135658] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2383.139453] CPU: 1 PID: 21672 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2383.278537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2383.278544] Call Trace: [ 2383.278569] dump_stack+0x244/0x39d [ 2383.278590] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2383.278620] handle_userfault.cold.32+0x47/0x62 [ 2383.278649] ? userfaultfd_ioctl+0x5610/0x5610 [ 2383.278669] ? mark_held_locks+0x130/0x130 [ 2383.278691] ? find_held_lock+0x36/0x1c0 [ 2383.278721] ? userfaultfd_ctx_put+0x830/0x830 [ 2383.278745] ? kasan_check_read+0x11/0x20 [ 2383.278763] ? print_usage_bug+0xc0/0xc0 [ 2383.278777] ? do_raw_spin_trylock+0x270/0x270 [ 2383.278794] ? print_usage_bug+0xc0/0xc0 [ 2383.278813] ? print_usage_bug+0xc0/0xc0 [ 2383.278831] ? zap_class+0x640/0x640 [ 2383.278857] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2383.278873] ? futex_wake+0x304/0x760 [ 2383.278903] ? find_held_lock+0x36/0x1c0 [ 2383.278931] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2383.278949] ? lock_downgrade+0x900/0x900 [ 2383.278973] ? kasan_check_read+0x11/0x20 [ 2383.278988] ? do_raw_spin_unlock+0xa7/0x330 [ 2383.279003] ? do_raw_spin_trylock+0x270/0x270 [ 2383.279022] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2383.279049] __handle_mm_fault+0x4bbd/0x5be0 [ 2383.279075] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2383.279095] ? zap_class+0x640/0x640 [ 2383.279109] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2383.279125] ? kasan_check_read+0x11/0x20 [ 2383.279143] ? rcu_softirq_qs+0x20/0x20 [ 2383.279171] ? zap_class+0x640/0x640 [ 2383.279186] ? zap_class+0x640/0x640 [ 2383.279209] ? find_held_lock+0x36/0x1c0 [ 2383.279235] ? handle_mm_fault+0x42a/0xc70 [ 2383.279253] ? lock_downgrade+0x900/0x900 [ 2383.279271] ? check_preemption_disabled+0x48/0x280 [ 2383.279290] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2383.279306] ? kasan_check_read+0x11/0x20 [ 2383.279321] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2383.279348] ? rcu_softirq_qs+0x20/0x20 08:16:01 executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x4c001, 0x0) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mem_hardwall\x00', 0x2, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:16:01 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x100000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:01 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008915, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:16:01 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x7a000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:01 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)="2f6465762f696e7075742f6576656e742305", 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2383.279368] ? trace_hardirqs_off_caller+0x310/0x310 [ 2383.279387] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2383.279404] ? check_preemption_disabled+0x48/0x280 [ 2383.279428] handle_mm_fault+0x54f/0xc70 [ 2383.279448] ? __handle_mm_fault+0x5be0/0x5be0 [ 2383.279469] ? find_vma+0x34/0x190 [ 2383.279491] __do_page_fault+0x5e8/0xe60 [ 2383.279507] ? trace_hardirqs_off+0xb8/0x310 [ 2383.279533] do_page_fault+0xf2/0x7e0 [ 2383.279550] ? vmalloc_sync_all+0x30/0x30 [ 2383.279567] ? error_entry+0x70/0xd0 [ 2383.279584] ? trace_hardirqs_off_caller+0xbb/0x310 08:16:01 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0a5c2d023c12628571d3a3") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) [ 2383.279600] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2383.279617] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2383.279633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2383.279650] ? trace_hardirqs_on_caller+0x310/0x310 [ 2383.279666] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2383.279684] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2383.279703] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2383.279718] ? page_fault+0x8/0x30 [ 2383.279737] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2383.279755] ? page_fault+0x8/0x30 [ 2383.279772] page_fault+0x1e/0x30 [ 2383.279784] RIP: 0033:0x4510a0 [ 2383.279801] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2383.279810] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2383.279823] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2383.279833] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2383.279849] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2383.279859] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2383.279869] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2383.279904] CPU: 0 PID: 21681 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2383.279913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2383.279918] Call Trace: [ 2383.279935] dump_stack+0x244/0x39d [ 2383.279956] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2383.279983] handle_userfault.cold.32+0x47/0x62 [ 2383.280011] ? userfaultfd_ioctl+0x5610/0x5610 [ 2383.280027] ? mark_held_locks+0x130/0x130 [ 2383.280040] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2383.280064] ? futex_wait_setup+0x266/0x3e0 [ 2383.280094] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2383.280114] ? userfaultfd_ctx_put+0x830/0x830 [ 2383.280129] ? futex_wait+0x5a1/0xa50 [ 2383.280152] ? print_usage_bug+0xc0/0xc0 [ 2383.280169] ? print_usage_bug+0xc0/0xc0 [ 2383.280189] ? print_usage_bug+0xc0/0xc0 [ 2383.280207] ? zap_class+0x640/0x640 [ 2383.280224] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2383.280239] ? futex_wake+0x304/0x760 [ 2383.280270] ? find_held_lock+0x36/0x1c0 [ 2383.280296] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2383.280314] ? lock_downgrade+0x900/0x900 [ 2383.280355] ? kasan_check_read+0x11/0x20 [ 2383.280371] ? do_raw_spin_unlock+0xa7/0x330 [ 2383.280386] ? do_raw_spin_trylock+0x270/0x270 [ 2383.280405] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2383.280433] __handle_mm_fault+0x4bbd/0x5be0 [ 2383.280458] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2383.280478] ? zap_class+0x640/0x640 08:16:01 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x42, 0x0) write$FUSE_BMAP(r2, &(0x7f0000000040)={0x18, 0x0, 0x7, {0x6}}, 0x18) 08:16:01 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x80350000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2383.280492] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2383.280507] ? kasan_check_read+0x11/0x20 [ 2383.280525] ? rcu_softirq_qs+0x20/0x20 [ 2383.280552] ? zap_class+0x640/0x640 [ 2383.280568] ? zap_class+0x640/0x640 [ 2383.280590] ? find_held_lock+0x36/0x1c0 [ 2383.280616] ? handle_mm_fault+0x42a/0xc70 [ 2383.280634] ? lock_downgrade+0x900/0x900 [ 2383.280650] ? check_preemption_disabled+0x48/0x280 [ 2383.280669] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2383.280685] ? kasan_check_read+0x11/0x20 [ 2383.280700] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2383.280715] ? rcu_softirq_qs+0x20/0x20 [ 2383.280732] ? trace_hardirqs_off_caller+0x310/0x310 [ 2383.280749] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2383.280767] ? check_preemption_disabled+0x48/0x280 [ 2383.280791] handle_mm_fault+0x54f/0xc70 [ 2383.280811] ? __handle_mm_fault+0x5be0/0x5be0 [ 2383.280832] ? find_vma+0x34/0x190 [ 2383.280852] __do_page_fault+0x5e8/0xe60 [ 2383.280867] ? trace_hardirqs_off+0xb8/0x310 [ 2383.280894] do_page_fault+0xf2/0x7e0 [ 2383.280911] ? vmalloc_sync_all+0x30/0x30 [ 2383.280926] ? error_entry+0x70/0xd0 [ 2383.280943] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2383.280957] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2383.280971] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2383.280986] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2383.281002] ? trace_hardirqs_on_caller+0x310/0x310 [ 2383.281016] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2383.281033] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2383.281051] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2383.281066] ? page_fault+0x8/0x30 [ 2383.281085] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2383.281102] ? page_fault+0x8/0x30 [ 2383.281119] page_fault+0x1e/0x30 [ 2383.281130] RIP: 0033:0x4510a0 [ 2383.281146] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2383.281154] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2383.281165] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2383.281174] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 08:16:01 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2383.281183] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2383.281193] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2383.281203] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2383.644905] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2383.850411] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2383.896909] CPU: 1 PID: 21703 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2383.936711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2383.936717] Call Trace: [ 2383.936741] dump_stack+0x244/0x39d [ 2383.936764] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2383.936800] handle_userfault.cold.32+0x47/0x62 [ 2383.962069] ? userfaultfd_ioctl+0x5610/0x5610 [ 2383.962090] ? mark_held_locks+0x130/0x130 [ 2383.962107] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2383.962121] ? futex_wait_setup+0x266/0x3e0 [ 2383.962157] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2383.975541] ? userfaultfd_ctx_put+0x830/0x830 [ 2383.975557] ? futex_wait+0x5a1/0xa50 [ 2383.975579] ? print_usage_bug+0xc0/0xc0 [ 2383.975597] ? print_usage_bug+0xc0/0xc0 [ 2383.975616] ? print_usage_bug+0xc0/0xc0 [ 2384.004690] ? zap_class+0x640/0x640 [ 2384.004708] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2384.004724] ? futex_wake+0x304/0x760 [ 2384.004765] ? find_held_lock+0x36/0x1c0 [ 2384.004790] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2384.017419] ? lock_downgrade+0x900/0x900 [ 2384.017445] ? kasan_check_read+0x11/0x20 [ 2384.017461] ? do_raw_spin_unlock+0xa7/0x330 [ 2384.017478] ? do_raw_spin_trylock+0x270/0x270 [ 2384.017498] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2384.039304] __handle_mm_fault+0x4bbd/0x5be0 [ 2384.039341] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2384.039362] ? zap_class+0x640/0x640 [ 2384.039376] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2384.039396] ? kasan_check_read+0x11/0x20 [ 2384.072366] ? rcu_softirq_qs+0x20/0x20 [ 2384.072395] ? zap_class+0x640/0x640 [ 2384.072411] ? zap_class+0x640/0x640 [ 2384.072433] ? find_held_lock+0x36/0x1c0 [ 2384.072459] ? handle_mm_fault+0x42a/0xc70 [ 2384.072476] ? lock_downgrade+0x900/0x900 [ 2384.072495] ? check_preemption_disabled+0x48/0x280 [ 2384.072513] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2384.232295] ? kasan_check_read+0x11/0x20 [ 2384.236485] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2384.241782] ? rcu_softirq_qs+0x20/0x20 [ 2384.245773] ? trace_hardirqs_off_caller+0x310/0x310 [ 2384.250893] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2384.256441] ? check_preemption_disabled+0x48/0x280 [ 2384.261481] handle_mm_fault+0x54f/0xc70 [ 2384.265561] ? __handle_mm_fault+0x5be0/0x5be0 [ 2384.270168] ? find_vma+0x34/0x190 [ 2384.273734] __do_page_fault+0x5e8/0xe60 [ 2384.277807] ? trace_hardirqs_off+0xb8/0x310 [ 2384.282250] do_page_fault+0xf2/0x7e0 [ 2384.286067] ? vmalloc_sync_all+0x30/0x30 [ 2384.290231] ? error_entry+0x70/0xd0 [ 2384.293961] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2384.298999] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2384.303944] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2384.308891] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2384.313755] ? trace_hardirqs_on_caller+0x310/0x310 [ 2384.318783] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2384.324251] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2384.329278] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2384.334305] ? page_fault+0x8/0x30 [ 2384.337891] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2384.342757] ? page_fault+0x8/0x30 [ 2384.346315] page_fault+0x1e/0x30 [ 2384.349787] RIP: 0033:0x4510a0 [ 2384.353012] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2384.371921] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2384.377290] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2384.384577] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2384.391858] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2384.399137] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2384.406411] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2384.413711] CPU: 0 PID: 21700 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2384.421089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2384.430447] Call Trace: [ 2384.433051] dump_stack+0x244/0x39d [ 2384.436707] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2384.441912] handle_userfault.cold.32+0x47/0x62 [ 2384.446581] ? userfaultfd_ioctl+0x5610/0x5610 [ 2384.451156] ? mark_held_locks+0x130/0x130 [ 2384.455393] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2384.460396] ? futex_wait_setup+0x266/0x3e0 [ 2384.464715] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2384.469895] ? userfaultfd_ctx_put+0x830/0x830 [ 2384.474464] ? futex_wait+0x5a1/0xa50 [ 2384.478260] ? print_usage_bug+0xc0/0xc0 [ 2384.482337] ? print_usage_bug+0xc0/0xc0 [ 2384.486435] ? print_usage_bug+0xc0/0xc0 [ 2384.490519] ? zap_class+0x640/0x640 [ 2384.494248] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2384.499368] ? futex_wake+0x304/0x760 [ 2384.503186] ? find_held_lock+0x36/0x1c0 [ 2384.507290] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2384.511930] ? lock_downgrade+0x900/0x900 [ 2384.516109] ? kasan_check_read+0x11/0x20 [ 2384.520278] ? do_raw_spin_unlock+0xa7/0x330 [ 2384.524706] ? do_raw_spin_trylock+0x270/0x270 [ 2384.529312] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2384.534983] __handle_mm_fault+0x4bbd/0x5be0 [ 2384.539405] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2384.544252] ? zap_class+0x640/0x640 [ 2384.547952] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2384.552875] ? kasan_check_read+0x11/0x20 [ 2384.557013] ? rcu_softirq_qs+0x20/0x20 [ 2384.560993] ? zap_class+0x640/0x640 [ 2384.564695] ? zap_class+0x640/0x640 [ 2384.568400] ? find_held_lock+0x36/0x1c0 [ 2384.572457] ? handle_mm_fault+0x42a/0xc70 [ 2384.576681] ? lock_downgrade+0x900/0x900 [ 2384.580834] ? check_preemption_disabled+0x48/0x280 [ 2384.585851] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2384.590770] ? kasan_check_read+0x11/0x20 [ 2384.594922] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2384.600186] ? rcu_softirq_qs+0x20/0x20 [ 2384.604149] ? trace_hardirqs_off_caller+0x310/0x310 [ 2384.609244] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2384.614771] ? check_preemption_disabled+0x48/0x280 [ 2384.619780] handle_mm_fault+0x54f/0xc70 [ 2384.623829] ? __handle_mm_fault+0x5be0/0x5be0 [ 2384.628418] ? find_vma+0x34/0x190 [ 2384.631971] __do_page_fault+0x5e8/0xe60 [ 2384.636038] ? trace_hardirqs_off+0xb8/0x310 [ 2384.640444] do_page_fault+0xf2/0x7e0 [ 2384.644233] ? vmalloc_sync_all+0x30/0x30 [ 2384.648374] ? error_entry+0x70/0xd0 [ 2384.652088] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2384.657090] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2384.662007] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2384.666927] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2384.671759] ? trace_hardirqs_on_caller+0x310/0x310 [ 2384.676773] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2384.682231] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2384.687239] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2384.692243] ? page_fault+0x8/0x30 [ 2384.695772] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2384.700606] ? page_fault+0x8/0x30 [ 2384.704133] page_fault+0x1e/0x30 [ 2384.707571] RIP: 0033:0x4510a0 [ 2384.710761] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2384.729650] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2384.735004] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2384.742270] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2384.749534] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2384.756798] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2384.764064] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:02 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:02 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$inet6(0xa, 0x400000000000803, 0x3) ioctl(r2, 0x1000008912, &(0x7f00000006c0)="0a5c2d023c126285718070") perf_event_open(&(0x7f0000000040)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r3, 0x10d, 0xc, &(0x7f0000000040), &(0x7f0000000000)=0x1c5) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x80400, 0x0) ioctl$NBD_DO_IT(r4, 0xab03) r5 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x2, 0x0) setsockopt$TIPC_MCAST_REPLICAST(r5, 0x10f, 0x86) r6 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x40000) close(r0) ioctl$VIDIOC_QUERYMENU(r6, 0xc02c5625, &(0x7f00000000c0)={0x6, 0x1, @value=0x8}) 08:16:02 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x5, 0x80) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000000c0)=0x14) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000000100)=r2) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) 08:16:02 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:02 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x1, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800200}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="02002bbd3000fb0000000800050081000000000000000000000000000000"], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x20008014) 08:16:02 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6c) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:02 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x89060000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2384.945919] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2384.956591] CPU: 0 PID: 21736 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2384.963983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2384.963991] Call Trace: [ 2384.964018] dump_stack+0x244/0x39d [ 2384.964045] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2384.964078] handle_userfault.cold.32+0x47/0x62 [ 2384.964111] ? userfaultfd_ioctl+0x5610/0x5610 [ 2384.964132] ? mark_held_locks+0x130/0x130 [ 2384.964151] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2384.964172] ? futex_wait_setup+0x266/0x3e0 [ 2385.003408] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2385.003430] ? userfaultfd_ctx_put+0x830/0x830 [ 2385.003446] ? futex_wait+0x5a1/0xa50 [ 2385.003468] ? print_usage_bug+0xc0/0xc0 [ 2385.003488] ? print_usage_bug+0xc0/0xc0 [ 2385.029491] ? print_usage_bug+0xc0/0xc0 [ 2385.033568] ? zap_class+0x640/0x640 [ 2385.037303] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2385.042435] ? futex_wake+0x304/0x760 [ 2385.046264] ? find_held_lock+0x36/0x1c0 [ 2385.050367] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2385.054971] ? lock_downgrade+0x900/0x900 [ 2385.059147] ? kasan_check_read+0x11/0x20 [ 2385.063312] ? do_raw_spin_unlock+0xa7/0x330 [ 2385.067766] ? do_raw_spin_trylock+0x270/0x270 [ 2385.072385] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2385.078039] __handle_mm_fault+0x4bbd/0x5be0 [ 2385.082481] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2385.087394] ? zap_class+0x640/0x640 [ 2385.091128] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2385.096073] ? kasan_check_read+0x11/0x20 [ 2385.098543] IPVS: ftp: loaded support on port[0] = 21 [ 2385.100231] ? rcu_softirq_qs+0x20/0x20 [ 2385.100260] ? zap_class+0x640/0x640 [ 2385.100280] ? zap_class+0x640/0x640 [ 2385.116855] ? find_held_lock+0x36/0x1c0 [ 2385.120944] ? handle_mm_fault+0x42a/0xc70 [ 2385.125196] ? lock_downgrade+0x900/0x900 [ 2385.129374] ? check_preemption_disabled+0x48/0x280 [ 2385.134407] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2385.139367] ? kasan_check_read+0x11/0x20 [ 2385.143538] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2385.148834] ? rcu_softirq_qs+0x20/0x20 [ 2385.152822] ? trace_hardirqs_off_caller+0x310/0x310 [ 2385.157945] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2385.163498] ? check_preemption_disabled+0x48/0x280 [ 2385.168539] handle_mm_fault+0x54f/0xc70 [ 2385.172651] ? __handle_mm_fault+0x5be0/0x5be0 [ 2385.177259] ? find_vma+0x34/0x190 [ 2385.180818] __do_page_fault+0x5e8/0xe60 [ 2385.184896] ? trace_hardirqs_off+0xb8/0x310 [ 2385.189343] do_page_fault+0xf2/0x7e0 [ 2385.193160] ? vmalloc_sync_all+0x30/0x30 [ 2385.197325] ? error_entry+0x70/0xd0 [ 2385.201073] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2385.206103] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2385.211062] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2385.216005] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2385.220862] ? trace_hardirqs_on_caller+0x310/0x310 [ 2385.225894] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2385.231856] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2385.236894] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2385.241936] ? page_fault+0x8/0x30 [ 2385.245498] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2385.250377] ? page_fault+0x8/0x30 [ 2385.253934] page_fault+0x1e/0x30 [ 2385.257396] RIP: 0033:0x4510a0 [ 2385.260599] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2385.279507] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2385.284886] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e 08:16:02 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xfffffffffffff000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:02 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x48, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:03 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88caffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:03 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88470000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:03 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x7000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:03 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x689, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2385.292169] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2385.299553] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2385.306825] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2385.314093] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2385.323520] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2385.328986] CPU: 0 PID: 21739 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2385.336372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2385.345759] Call Trace: [ 2385.348372] dump_stack+0x244/0x39d [ 2385.352019] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2385.357233] handle_userfault.cold.32+0x47/0x62 [ 2385.362101] ? userfaultfd_ioctl+0x5610/0x5610 [ 2385.366811] ? mark_held_locks+0x130/0x130 [ 2385.371062] ? find_held_lock+0x36/0x1c0 [ 2385.375140] ? userfaultfd_ctx_put+0x830/0x830 [ 2385.379745] ? kasan_check_read+0x11/0x20 [ 2385.383905] ? print_usage_bug+0xc0/0xc0 [ 2385.387968] ? do_raw_spin_trylock+0x270/0x270 [ 2385.392554] ? print_usage_bug+0xc0/0xc0 [ 2385.396629] ? print_usage_bug+0xc0/0xc0 [ 2385.400701] ? zap_class+0x640/0x640 [ 2385.404425] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2385.409530] ? futex_wake+0x304/0x760 [ 2385.413365] ? find_held_lock+0x36/0x1c0 [ 2385.417441] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2385.422028] ? lock_downgrade+0x900/0x900 [ 2385.426193] ? kasan_check_read+0x11/0x20 [ 2385.430361] ? do_raw_spin_unlock+0xa7/0x330 [ 2385.434776] ? do_raw_spin_trylock+0x270/0x270 [ 2385.439378] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2385.445017] __handle_mm_fault+0x4bbd/0x5be0 [ 2385.449442] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2385.454299] ? zap_class+0x640/0x640 [ 2385.458029] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2385.462964] ? kasan_check_read+0x11/0x20 [ 2385.467117] ? rcu_softirq_qs+0x20/0x20 [ 2385.471123] ? zap_class+0x640/0x640 [ 2385.474837] ? zap_class+0x640/0x640 [ 2385.478563] ? find_held_lock+0x36/0x1c0 [ 2385.482639] ? handle_mm_fault+0x42a/0xc70 [ 2385.486879] ? lock_downgrade+0x900/0x900 [ 2385.491033] ? check_preemption_disabled+0x48/0x280 [ 2385.496057] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2385.500989] ? kasan_check_read+0x11/0x20 [ 2385.505144] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2385.510435] ? rcu_softirq_qs+0x20/0x20 [ 2385.514415] ? trace_hardirqs_off_caller+0x310/0x310 [ 2385.519525] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2385.525068] ? check_preemption_disabled+0x48/0x280 [ 2385.530098] handle_mm_fault+0x54f/0xc70 [ 2385.534168] ? __handle_mm_fault+0x5be0/0x5be0 [ 2385.538757] ? find_vma+0x34/0x190 [ 2385.542310] __do_page_fault+0x5e8/0xe60 [ 2385.546393] ? trace_hardirqs_off+0xb8/0x310 [ 2385.550816] do_page_fault+0xf2/0x7e0 [ 2385.554622] ? vmalloc_sync_all+0x30/0x30 [ 2385.558775] ? error_entry+0x70/0xd0 [ 2385.562495] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2385.567515] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2385.572454] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2385.577385] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2385.582235] ? trace_hardirqs_on_caller+0x310/0x310 [ 2385.587257] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2385.592712] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2385.597735] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2385.602756] ? page_fault+0x8/0x30 [ 2385.606306] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2385.611166] ? page_fault+0x8/0x30 [ 2385.614715] page_fault+0x1e/0x30 [ 2385.618167] RIP: 0033:0x4510a0 [ 2385.621376] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2385.640278] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 08:16:03 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x100) write$evdev(r2, &(0x7f0000000080)=[{{0x0, 0x2710}, 0x3, 0x6, 0x42}], 0x18) close(r1) 08:16:03 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xd00000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2385.645641] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2385.652915] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2385.660184] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2385.667454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2385.674727] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:03 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\a', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2385.926676] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2385.931380] CPU: 1 PID: 21776 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2385.938762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2385.948119] Call Trace: [ 2385.950732] dump_stack+0x244/0x39d [ 2385.954390] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2385.959606] handle_userfault.cold.32+0x47/0x62 [ 2385.964298] ? userfaultfd_ioctl+0x5610/0x5610 [ 2385.968902] ? mark_held_locks+0x130/0x130 [ 2385.973149] ? find_held_lock+0x36/0x1c0 [ 2385.977227] ? userfaultfd_ctx_put+0x830/0x830 [ 2385.981821] ? kasan_check_read+0x11/0x20 [ 2385.985988] ? print_usage_bug+0xc0/0xc0 [ 2385.990053] ? do_raw_spin_trylock+0x270/0x270 [ 2385.994645] ? print_usage_bug+0xc0/0xc0 [ 2385.998718] ? print_usage_bug+0xc0/0xc0 [ 2386.002785] ? zap_class+0x640/0x640 [ 2386.006508] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2386.011618] ? futex_wake+0x304/0x760 [ 2386.015440] ? find_held_lock+0x36/0x1c0 [ 2386.019524] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2386.024117] ? lock_downgrade+0x900/0x900 [ 2386.028281] ? kasan_check_read+0x11/0x20 [ 2386.032434] ? do_raw_spin_unlock+0xa7/0x330 [ 2386.036850] ? do_raw_spin_trylock+0x270/0x270 [ 2386.041437] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2386.047079] __handle_mm_fault+0x4bbd/0x5be0 [ 2386.051508] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2386.056367] ? zap_class+0x640/0x640 [ 2386.060088] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2386.065024] ? kasan_check_read+0x11/0x20 [ 2386.069184] ? rcu_softirq_qs+0x20/0x20 [ 2386.073176] ? zap_class+0x640/0x640 [ 2386.076894] ? zap_class+0x640/0x640 [ 2386.080625] ? find_held_lock+0x36/0x1c0 [ 2386.084707] ? handle_mm_fault+0x42a/0xc70 [ 2386.088966] ? lock_downgrade+0x900/0x900 [ 2386.093125] ? check_preemption_disabled+0x48/0x280 [ 2386.098152] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2386.103087] ? kasan_check_read+0x11/0x20 [ 2386.107243] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2386.112529] ? rcu_softirq_qs+0x20/0x20 [ 2386.116507] ? trace_hardirqs_off_caller+0x310/0x310 [ 2386.121621] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2386.127169] ? check_preemption_disabled+0x48/0x280 [ 2386.132199] handle_mm_fault+0x54f/0xc70 [ 2386.136267] ? __handle_mm_fault+0x5be0/0x5be0 [ 2386.140900] ? find_vma+0x34/0x190 [ 2386.144454] __do_page_fault+0x5e8/0xe60 [ 2386.148523] ? trace_hardirqs_off+0xb8/0x310 [ 2386.152951] do_page_fault+0xf2/0x7e0 [ 2386.156757] ? vmalloc_sync_all+0x30/0x30 [ 2386.160914] ? error_entry+0x70/0xd0 [ 2386.164636] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2386.169704] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2386.174640] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2386.179583] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2386.184435] ? trace_hardirqs_on_caller+0x310/0x310 [ 2386.189454] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2386.194910] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2386.199935] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2386.204961] ? page_fault+0x8/0x30 [ 2386.208511] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2386.213368] ? page_fault+0x8/0x30 [ 2386.216922] page_fault+0x1e/0x30 [ 2386.220380] RIP: 0033:0x4510a0 [ 2386.223579] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2386.242481] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2386.247851] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2386.255124] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2386.262397] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2386.269667] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2386.276956] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2386.432402] device bridge_slave_1 left promiscuous mode [ 2386.437904] bridge0: port 2(bridge_slave_1) entered disabled state [ 2386.448537] device bridge_slave_0 left promiscuous mode [ 2386.454251] bridge0: port 1(bridge_slave_0) entered disabled state [ 2386.482746] team0 (unregistering): Port device team_slave_1 removed [ 2386.492773] team0 (unregistering): Port device team_slave_0 removed [ 2386.502494] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2386.515831] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2386.541395] bond0 (unregistering): Released all slaves [ 2386.911311] bridge0: port 1(bridge_slave_0) entered blocking state [ 2386.917940] bridge0: port 1(bridge_slave_0) entered disabled state [ 2386.925656] device bridge_slave_0 entered promiscuous mode [ 2386.970357] bridge0: port 2(bridge_slave_1) entered blocking state [ 2386.976882] bridge0: port 2(bridge_slave_1) entered disabled state [ 2386.984655] device bridge_slave_1 entered promiscuous mode [ 2387.029674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2387.074146] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2387.206426] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2387.252988] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2387.464419] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2387.472272] team0: Port device team_slave_0 added [ 2387.516163] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2387.523991] team0: Port device team_slave_1 added [ 2387.566664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2387.612613] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 2387.619462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2387.635253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2387.670795] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2387.677965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2387.689873] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2387.728831] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2387.736009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2387.747527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2388.037939] bridge0: port 2(bridge_slave_1) entered blocking state [ 2388.044327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2388.050913] bridge0: port 1(bridge_slave_0) entered blocking state [ 2388.057310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2388.065927] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 2388.592122] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2388.973579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2389.074482] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2389.167346] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2389.173708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2389.180798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2389.276273] 8021q: adding VLAN 0 to HW filter on device team0 08:16:07 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:07 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x20000, 0x0) ioctl$TCXONC(r1, 0x540a, 0x401) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) 08:16:07 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88640000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:07 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x60) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:07 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) fstat(r0, &(0x7f0000000040)) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:16:07 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:07 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0xfffffffffffffe48, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x6, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) [ 2389.921194] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2389.926666] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2389.931582] CPU: 0 PID: 22042 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2389.938957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2389.948309] Call Trace: [ 2389.950928] dump_stack+0x244/0x39d [ 2389.954574] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2389.959789] handle_userfault.cold.32+0x47/0x62 [ 2389.964486] ? userfaultfd_ioctl+0x5610/0x5610 [ 2389.969078] ? mark_held_locks+0x130/0x130 [ 2389.973318] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2389.978365] ? futex_wait_setup+0x266/0x3e0 [ 2389.982720] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2389.987920] ? userfaultfd_ctx_put+0x830/0x830 [ 2389.992510] ? futex_wait+0x5a1/0xa50 [ 2389.996322] ? print_usage_bug+0xc0/0xc0 [ 2390.000405] ? print_usage_bug+0xc0/0xc0 [ 2390.004474] ? print_usage_bug+0xc0/0xc0 [ 2390.008539] ? zap_class+0x640/0x640 [ 2390.012264] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2390.017377] ? futex_wake+0x304/0x760 [ 2390.021205] ? find_held_lock+0x36/0x1c0 [ 2390.025281] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2390.029874] ? lock_downgrade+0x900/0x900 [ 2390.034036] ? kasan_check_read+0x11/0x20 [ 2390.038190] ? do_raw_spin_unlock+0xa7/0x330 [ 2390.042602] ? do_raw_spin_trylock+0x270/0x270 [ 2390.047192] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2390.052837] __handle_mm_fault+0x4bbd/0x5be0 [ 2390.057263] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2390.062119] ? zap_class+0x640/0x640 [ 2390.065841] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2390.070772] ? kasan_check_read+0x11/0x20 [ 2390.074925] ? rcu_softirq_qs+0x20/0x20 [ 2390.078916] ? zap_class+0x640/0x640 [ 2390.082637] ? zap_class+0x640/0x640 [ 2390.086372] ? find_held_lock+0x36/0x1c0 [ 2390.090446] ? handle_mm_fault+0x42a/0xc70 [ 2390.094688] ? lock_downgrade+0x900/0x900 [ 2390.098845] ? check_preemption_disabled+0x48/0x280 [ 2390.103868] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2390.108805] ? kasan_check_read+0x11/0x20 [ 2390.112955] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2390.118235] ? rcu_softirq_qs+0x20/0x20 [ 2390.122215] ? trace_hardirqs_off_caller+0x310/0x310 [ 2390.127327] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2390.132892] ? check_preemption_disabled+0x48/0x280 [ 2390.137925] handle_mm_fault+0x54f/0xc70 [ 2390.141996] ? __handle_mm_fault+0x5be0/0x5be0 [ 2390.146591] ? find_vma+0x34/0x190 [ 2390.150145] __do_page_fault+0x5e8/0xe60 [ 2390.154211] ? trace_hardirqs_off+0xb8/0x310 [ 2390.158635] do_page_fault+0xf2/0x7e0 [ 2390.162446] ? vmalloc_sync_all+0x30/0x30 [ 2390.166597] ? error_entry+0x70/0xd0 [ 2390.170315] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2390.175362] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2390.180301] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2390.185246] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2390.190094] ? trace_hardirqs_on_caller+0x310/0x310 [ 2390.195116] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2390.200574] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2390.205598] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2390.210621] ? page_fault+0x8/0x30 [ 2390.214171] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2390.219025] ? page_fault+0x8/0x30 [ 2390.222573] page_fault+0x1e/0x30 [ 2390.226028] RIP: 0033:0x4510a0 [ 2390.229229] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2390.248144] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2390.253520] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2390.260791] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 08:16:08 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)=0x0) ptrace$setopts(0x4206, r1, 0x1000, 0x10) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = open(&(0x7f0000000080)='./file0\x00', 0x1, 0x20) ioctl$TCGETA(r3, 0x5405, &(0x7f00000000c0)) [ 2390.268061] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2390.275347] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2390.282620] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2390.301714] CPU: 1 PID: 22047 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2390.309105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2390.309118] Call Trace: 08:16:08 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2390.321077] dump_stack+0x244/0x39d [ 2390.324725] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2390.329957] handle_userfault.cold.32+0x47/0x62 [ 2390.334653] ? userfaultfd_ioctl+0x5610/0x5610 [ 2390.339254] ? mark_held_locks+0x130/0x130 [ 2390.343518] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2390.348551] ? futex_wait_setup+0x266/0x3e0 [ 2390.352906] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2390.358118] ? userfaultfd_ctx_put+0x830/0x830 [ 2390.362716] ? futex_wait+0x5a1/0xa50 [ 2390.366535] ? print_usage_bug+0xc0/0xc0 08:16:08 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xffffca88, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2390.370610] ? print_usage_bug+0xc0/0xc0 [ 2390.374692] ? print_usage_bug+0xc0/0xc0 [ 2390.378773] ? zap_class+0x640/0x640 [ 2390.382506] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2390.387625] ? futex_wake+0x304/0x760 [ 2390.391452] ? find_held_lock+0x36/0x1c0 [ 2390.395547] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2390.400140] ? lock_downgrade+0x900/0x900 [ 2390.404309] ? kasan_check_read+0x11/0x20 [ 2390.408494] ? do_raw_spin_unlock+0xa7/0x330 [ 2390.412917] ? do_raw_spin_trylock+0x270/0x270 [ 2390.417520] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2390.423170] __handle_mm_fault+0x4bbd/0x5be0 [ 2390.423196] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2390.423216] ? zap_class+0x640/0x640 [ 2390.423234] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2390.432485] ? kasan_check_read+0x11/0x20 [ 2390.432504] ? rcu_softirq_qs+0x20/0x20 [ 2390.432532] ? zap_class+0x640/0x640 [ 2390.432548] ? zap_class+0x640/0x640 [ 2390.432570] ? find_held_lock+0x36/0x1c0 [ 2390.432599] ? handle_mm_fault+0x42a/0xc70 [ 2390.432617] ? lock_downgrade+0x900/0x900 08:16:08 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x14000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2390.432634] ? check_preemption_disabled+0x48/0x280 [ 2390.432652] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2390.432667] ? kasan_check_read+0x11/0x20 [ 2390.432681] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2390.432697] ? rcu_softirq_qs+0x20/0x20 [ 2390.432712] ? trace_hardirqs_off_caller+0x310/0x310 [ 2390.432740] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2390.432756] ? check_preemption_disabled+0x48/0x280 [ 2390.432778] handle_mm_fault+0x54f/0xc70 [ 2390.432796] ? __handle_mm_fault+0x5be0/0x5be0 [ 2390.432817] ? find_vma+0x34/0x190 [ 2390.432837] __do_page_fault+0x5e8/0xe60 [ 2390.432861] ? trace_hardirqs_off+0xb8/0x310 [ 2390.432887] do_page_fault+0xf2/0x7e0 [ 2390.432901] ? vmalloc_sync_all+0x30/0x30 [ 2390.432917] ? error_entry+0x70/0xd0 [ 2390.432937] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2390.488892] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2390.488911] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2390.488928] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2390.488946] ? trace_hardirqs_on_caller+0x310/0x310 [ 2390.488963] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2390.488981] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2390.489000] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2390.503613] ? page_fault+0x8/0x30 [ 2390.503634] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2390.503653] ? page_fault+0x8/0x30 [ 2390.503670] page_fault+0x1e/0x30 [ 2390.503684] RIP: 0033:0x4510a0 [ 2390.503701] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d 08:16:08 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4000000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2390.503709] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2390.503722] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2390.503732] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2390.503742] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2390.503751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2390.503761] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:08 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x80000000000001, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0xa400, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f0000000200)=@assoc_value={0x0, 0x1}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000280)={r3, 0xffffffff, 0x30, 0x3}, &(0x7f00000002c0)=0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2040, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(r4, 0x5385, &(0x7f00000000c0)) 08:16:08 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:08 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8100, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:08 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = dup(r0) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x2000, 0x0) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000080)=r2) r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) 08:16:08 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x2000, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r2, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {&(0x7f0000000240)}}, 0x10) close(r1) [ 2390.741052] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2390.772802] CPU: 0 PID: 22077 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2390.780217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2390.789612] Call Trace: [ 2390.789639] dump_stack+0x244/0x39d [ 2390.789662] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2390.801084] handle_userfault.cold.32+0x47/0x62 [ 2390.805801] ? userfaultfd_ioctl+0x5610/0x5610 08:16:08 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0xa4f, &(0x7f0000000140)="9c6e236da53f2478c578bbf854956deb1ea9fdfbb1c7d5b6831465695847ac53d435eb914bdaa91298ae20bec1e9edf0c4fc9ae5f7a1ce7c98dd955809eb920a531b768a0f8ce329e80cdfacc1144baf2523646d9f5631e1aa75516d5bf82903b1dab4007d8259cf906e3ca314e3da7443116d6425e5b990ae5dc29977") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) [ 2390.805821] ? mark_held_locks+0x130/0x130 [ 2390.805837] ? __sanitizer_cov_trace_cmp4+0x16/0x20 08:16:08 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xfffffffe, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:08 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2390.805851] ? futex_wait_setup+0x266/0x3e0 [ 2390.805879] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2390.805897] ? userfaultfd_ctx_put+0x830/0x830 [ 2390.805911] ? futex_wait+0x5a1/0xa50 [ 2390.805932] ? print_usage_bug+0xc0/0xc0 [ 2390.805949] ? print_usage_bug+0xc0/0xc0 08:16:08 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x3000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:08 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x9, &(0x7f0000000040)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) fchdir(r1) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x24400, 0x0) r3 = mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3, 0x41010, 0xffffffffffffff9c, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffff9c, 0xc018620b, &(0x7f0000000100)={0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffff9c, 0xc018620b, &(0x7f0000000140)={0x0}) write$cgroup_int(r2, &(0x7f00000003c0)=0xe0, 0x12) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0xa8, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00634040000000000000000002000000000000000000000010000000000000000000000030000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="852a627701000000", @ANYRES64=r3, @ANYBLOB="0100000000000000852a646600000000", @ANYRES32=r0, @ANYBLOB="000000000200000000000000"], @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='p\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="033f0040", @ANYRES64=r4, @ANYBLOB="0f630c40000000000200000000000000106308400100000000000000066304400300000008631040", @ANYRES64=r5, @ANYBLOB="040000000000000005630440000000000e630c400300000003000000000000000663044002000000"], 0xba, 0x0, &(0x7f0000000240)="1799e314c65804404ee4e22fb18e480de2320ed7478b7b818ed28b39d4ddcb90b1073b9df886f2b2b2c16bb66d22cad4fa1dd21b09cabc812ef2c2496a4fb43f353f0851629ec52a75c287fce3df8fe3ed6cb7d1bfb51822a552f3436d23b213975d7c8267e1130a0c05fdbf2d69f31b69aa80840bd37960683374e032960ba3b75a26c81923a81eb2665338b84028877cf7db081bfb196b8be57662ce9980625cc132a0b72316cf4453249aefa764c39a8eb846fe089ebdc7ce"}) setsockopt$IP_VS_SO_SET_EDITDEST(r2, 0x0, 0x489, &(0x7f0000000340)={{0x7f, @dev={0xac, 0x14, 0x14, 0x11}, 0x4e23, 0x3, 'none\x00', 0x11, 0x8001, 0x43}, {@multicast2, 0x4e21, 0x2002, 0xffff, 0x1, 0x9c}}, 0x44) [ 2390.805967] ? print_usage_bug+0xc0/0xc0 [ 2390.805984] ? zap_class+0x640/0x640 [ 2390.806001] ? drop_futex_key_refs.isra.14+0x6d/0xe0 08:16:08 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x43050000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:08 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x7ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) [ 2390.806016] ? futex_wake+0x304/0x760 [ 2390.806044] ? find_held_lock+0x36/0x1c0 [ 2390.806070] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2390.806087] ? lock_downgrade+0x900/0x900 [ 2390.806111] ? kasan_check_read+0x11/0x20 [ 2390.806125] ? do_raw_spin_unlock+0xa7/0x330 [ 2390.806140] ? do_raw_spin_trylock+0x270/0x270 [ 2390.806158] ? fault_dirty_shared_page.isra.87+0x320/0x320 08:16:08 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x22000, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000040)=0x6, &(0x7f00000000c0)=0x2) r1 = syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x1, 0x4000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xd0, r2, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x400}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x401}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x101}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_LINK={0x44, 0x4, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NET={0x4c, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7fff}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x19}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xb721}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7e}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfff}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20004005}, 0x4000001) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) 08:16:08 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:09 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x3000, &(0x7f0000000080), 0xc, 0xffffffffffffffff, 0x6}) ioctl$KVM_GET_XSAVE(0xffffffffffffffff, 0x9000aea4, &(0x7f0000001a40)) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={0x0, r2, 0xb, 0x2}, 0x14) ioctl$TUNSETVNETLE(r1, 0x400454dc, &(0x7f0000000200)) [ 2390.806183] __handle_mm_fault+0x4bbd/0x5be0 [ 2390.806207] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2390.806226] ? zap_class+0x640/0x640 [ 2390.806240] ? rcu_read_unlock_special+0x1c0/0x1c0 08:16:09 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2390.806254] ? kasan_check_read+0x11/0x20 [ 2390.806271] ? rcu_softirq_qs+0x20/0x20 [ 2390.806297] ? zap_class+0x640/0x640 [ 2390.806312] ? zap_class+0x640/0x640 [ 2390.806352] ? find_held_lock+0x36/0x1c0 [ 2390.806377] ? handle_mm_fault+0x42a/0xc70 [ 2390.806394] ? lock_downgrade+0x900/0x900 [ 2390.806412] ? check_preemption_disabled+0x48/0x280 [ 2390.806430] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2390.806444] ? kasan_check_read+0x11/0x20 [ 2390.806459] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2390.806473] ? rcu_softirq_qs+0x20/0x20 [ 2390.806489] ? trace_hardirqs_off_caller+0x310/0x310 [ 2390.806506] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2390.806522] ? check_preemption_disabled+0x48/0x280 [ 2390.806544] handle_mm_fault+0x54f/0xc70 [ 2390.806564] ? __handle_mm_fault+0x5be0/0x5be0 [ 2390.806584] ? find_vma+0x34/0x190 [ 2390.806605] __do_page_fault+0x5e8/0xe60 [ 2390.806620] ? trace_hardirqs_off+0xb8/0x310 [ 2390.806645] do_page_fault+0xf2/0x7e0 [ 2390.806661] ? vmalloc_sync_all+0x30/0x30 [ 2390.806676] ? error_entry+0x70/0xd0 [ 2390.806693] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2390.806707] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2390.806724] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2390.806740] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2390.806757] ? trace_hardirqs_on_caller+0x310/0x310 [ 2390.806773] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2390.806792] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2390.806811] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2390.806826] ? page_fault+0x8/0x30 [ 2390.806844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2390.806862] ? page_fault+0x8/0x30 [ 2390.806878] page_fault+0x1e/0x30 [ 2390.806891] RIP: 0033:0x4510a0 [ 2390.806908] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2390.806917] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2390.806930] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2390.806940] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2390.806950] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2390.806960] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2390.806970] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2390.810857] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2390.810882] CPU: 1 PID: 22085 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2390.810895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2390.810900] Call Trace: [ 2390.810924] dump_stack+0x244/0x39d [ 2390.810950] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2390.810987] handle_userfault.cold.32+0x47/0x62 [ 2390.811020] ? userfaultfd_ioctl+0x5610/0x5610 [ 2390.811040] ? mark_held_locks+0x130/0x130 [ 2390.811056] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2390.811080] ? futex_wait_setup+0x266/0x3e0 [ 2390.811115] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2390.811138] ? userfaultfd_ctx_put+0x830/0x830 [ 2390.811157] ? futex_wait+0x5a1/0xa50 [ 2390.811182] ? print_usage_bug+0xc0/0xc0 [ 2390.811212] ? print_usage_bug+0xc0/0xc0 [ 2390.811233] ? print_usage_bug+0xc0/0xc0 [ 2390.811254] ? zap_class+0x640/0x640 [ 2390.811275] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2390.811293] ? futex_wake+0x304/0x760 [ 2390.811325] ? find_held_lock+0x36/0x1c0 [ 2390.811371] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2390.811391] ? lock_downgrade+0x900/0x900 [ 2390.811419] ? kasan_check_read+0x11/0x20 [ 2390.811435] ? do_raw_spin_unlock+0xa7/0x330 [ 2390.811452] ? do_raw_spin_trylock+0x270/0x270 [ 2390.811476] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2390.811508] __handle_mm_fault+0x4bbd/0x5be0 [ 2390.811538] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2390.811561] ? zap_class+0x640/0x640 [ 2390.811576] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2390.811594] ? kasan_check_read+0x11/0x20 [ 2390.811614] ? rcu_softirq_qs+0x20/0x20 [ 2390.811646] ? zap_class+0x640/0x640 [ 2390.811663] ? zap_class+0x640/0x640 [ 2390.811690] ? find_held_lock+0x36/0x1c0 [ 2390.811718] ? handle_mm_fault+0x42a/0xc70 [ 2390.811740] ? lock_downgrade+0x900/0x900 [ 2390.811760] ? check_preemption_disabled+0x48/0x280 [ 2390.811793] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2390.811812] ? kasan_check_read+0x11/0x20 [ 2390.811831] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2390.811856] ? rcu_softirq_qs+0x20/0x20 [ 2390.811876] ? trace_hardirqs_off_caller+0x310/0x310 [ 2390.811898] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2390.811919] ? check_preemption_disabled+0x48/0x280 [ 2390.811946] handle_mm_fault+0x54f/0xc70 [ 2390.811970] ? __handle_mm_fault+0x5be0/0x5be0 [ 2390.811992] ? find_vma+0x34/0x190 [ 2390.812016] __do_page_fault+0x5e8/0xe60 [ 2390.812035] ? trace_hardirqs_off+0xb8/0x310 [ 2390.812062] do_page_fault+0xf2/0x7e0 [ 2390.812081] ? vmalloc_sync_all+0x30/0x30 [ 2390.812100] ? error_entry+0x70/0xd0 [ 2390.812121] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2390.812139] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2390.812159] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2390.812176] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2390.812195] ? trace_hardirqs_on_caller+0x310/0x310 [ 2390.812214] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2390.812233] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2390.812255] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2390.812274] ? page_fault+0x8/0x30 [ 2390.812298] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2390.812320] ? page_fault+0x8/0x30 [ 2390.812356] page_fault+0x1e/0x30 [ 2390.812370] RIP: 0033:0x4510a0 [ 2390.812388] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2390.812399] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2390.812413] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2390.812425] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2390.812436] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2390.812447] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2390.812458] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2391.035976] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2391.036001] CPU: 1 PID: 22114 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2391.036013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2391.036020] Call Trace: [ 2391.036045] dump_stack+0x244/0x39d [ 2391.036070] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2391.036105] handle_userfault.cold.32+0x47/0x62 [ 2391.036138] ? userfaultfd_ioctl+0x5610/0x5610 [ 2391.036161] ? mark_held_locks+0x130/0x130 [ 2391.036187] ? find_held_lock+0x36/0x1c0 [ 2391.036226] ? userfaultfd_ctx_put+0x830/0x830 [ 2391.036262] ? kasan_check_read+0x11/0x20 [ 2391.036283] ? print_usage_bug+0xc0/0xc0 [ 2391.036300] ? do_raw_spin_trylock+0x270/0x270 [ 2391.036319] ? print_usage_bug+0xc0/0xc0 [ 2391.036355] ? print_usage_bug+0xc0/0xc0 [ 2391.036377] ? zap_class+0x640/0x640 [ 2391.036400] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2391.036428] ? futex_wake+0x304/0x760 [ 2391.036462] ? find_held_lock+0x36/0x1c0 [ 2391.036490] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2391.036520] ? lock_downgrade+0x900/0x900 [ 2391.036546] ? kasan_check_read+0x11/0x20 [ 2391.036562] ? do_raw_spin_unlock+0xa7/0x330 [ 2391.036580] ? do_raw_spin_trylock+0x270/0x270 [ 2391.036602] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2391.036650] __handle_mm_fault+0x4bbd/0x5be0 [ 2391.036680] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2391.036701] ? zap_class+0x640/0x640 [ 2391.036716] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2391.036732] ? kasan_check_read+0x11/0x20 [ 2391.036750] ? rcu_softirq_qs+0x20/0x20 [ 2391.036780] ? zap_class+0x640/0x640 [ 2391.036796] ? zap_class+0x640/0x640 [ 2391.036819] ? find_held_lock+0x36/0x1c0 [ 2391.036856] ? handle_mm_fault+0x42a/0xc70 [ 2391.036878] ? lock_downgrade+0x900/0x900 [ 2391.036898] ? check_preemption_disabled+0x48/0x280 [ 2391.036918] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2391.036934] ? kasan_check_read+0x11/0x20 [ 2391.036949] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2391.036964] ? rcu_softirq_qs+0x20/0x20 [ 2391.036981] ? trace_hardirqs_off_caller+0x310/0x310 [ 2391.037003] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2391.037022] ? check_preemption_disabled+0x48/0x280 [ 2391.037046] handle_mm_fault+0x54f/0xc70 [ 2391.037068] ? __handle_mm_fault+0x5be0/0x5be0 [ 2391.037090] ? find_vma+0x34/0x190 [ 2391.037114] __do_page_fault+0x5e8/0xe60 [ 2391.037130] ? trace_hardirqs_off+0xb8/0x310 [ 2391.037162] do_page_fault+0xf2/0x7e0 [ 2391.037183] ? vmalloc_sync_all+0x30/0x30 [ 2391.037203] ? error_entry+0x70/0xd0 [ 2391.037224] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2391.037241] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2391.037263] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2391.037284] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.037305] ? trace_hardirqs_on_caller+0x310/0x310 [ 2391.037325] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2391.037362] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2391.037385] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2391.037402] ? page_fault+0x8/0x30 [ 2391.037425] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.037447] ? page_fault+0x8/0x30 [ 2391.037467] page_fault+0x1e/0x30 [ 2391.037481] RIP: 0033:0x4510a0 [ 2391.037502] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2391.037513] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2391.037529] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2391.037540] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2391.037552] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2391.037562] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2391.037574] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2391.110726] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2391.110752] CPU: 1 PID: 22119 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2391.110763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2391.110769] Call Trace: [ 2391.110796] dump_stack+0x244/0x39d [ 2391.110820] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2391.110863] handle_userfault.cold.32+0x47/0x62 [ 2391.110897] ? userfaultfd_ioctl+0x5610/0x5610 [ 2391.110921] ? mark_held_locks+0x130/0x130 [ 2391.110950] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2391.110967] ? futex_wait_setup+0x266/0x3e0 [ 2391.111001] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2391.111024] ? userfaultfd_ctx_put+0x830/0x830 [ 2391.111040] ? futex_wait+0x5a1/0xa50 [ 2391.111065] ? print_usage_bug+0xc0/0xc0 [ 2391.111084] ? print_usage_bug+0xc0/0xc0 [ 2391.111103] ? print_usage_bug+0xc0/0xc0 [ 2391.111122] ? zap_class+0x640/0x640 [ 2391.111144] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2391.111162] ? futex_wake+0x304/0x760 [ 2391.111195] ? find_held_lock+0x36/0x1c0 [ 2391.111226] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2391.111257] ? lock_downgrade+0x900/0x900 [ 2391.111285] ? kasan_check_read+0x11/0x20 [ 2391.111305] ? do_raw_spin_unlock+0xa7/0x330 [ 2391.111325] ? do_raw_spin_trylock+0x270/0x270 [ 2391.111361] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2391.111393] __handle_mm_fault+0x4bbd/0x5be0 [ 2391.111423] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2391.111447] ? zap_class+0x640/0x640 [ 2391.111463] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2391.111483] ? kasan_check_read+0x11/0x20 [ 2391.111504] ? rcu_softirq_qs+0x20/0x20 [ 2391.111555] ? zap_class+0x640/0x640 [ 2391.111572] ? zap_class+0x640/0x640 [ 2391.111598] ? find_held_lock+0x36/0x1c0 [ 2391.111627] ? handle_mm_fault+0x42a/0xc70 [ 2391.111648] ? lock_downgrade+0x900/0x900 [ 2391.111669] ? check_preemption_disabled+0x48/0x280 [ 2391.111691] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2391.111710] ? kasan_check_read+0x11/0x20 [ 2391.111727] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2391.111745] ? rcu_softirq_qs+0x20/0x20 [ 2391.111767] ? trace_hardirqs_off_caller+0x310/0x310 [ 2391.111791] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2391.111810] ? check_preemption_disabled+0x48/0x280 [ 2391.111839] handle_mm_fault+0x54f/0xc70 [ 2391.111878] ? __handle_mm_fault+0x5be0/0x5be0 [ 2391.111910] ? find_vma+0x34/0x190 [ 2391.111935] __do_page_fault+0x5e8/0xe60 [ 2391.111952] ? trace_hardirqs_off+0xb8/0x310 [ 2391.111981] do_page_fault+0xf2/0x7e0 [ 2391.112003] ? vmalloc_sync_all+0x30/0x30 [ 2391.112022] ? error_entry+0x70/0xd0 [ 2391.112051] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2391.112069] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2391.112089] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2391.112108] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.112128] ? trace_hardirqs_on_caller+0x310/0x310 [ 2391.112147] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2391.112168] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2391.112189] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2391.112214] ? page_fault+0x8/0x30 [ 2391.112236] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.112257] ? page_fault+0x8/0x30 [ 2391.112275] page_fault+0x1e/0x30 [ 2391.112289] RIP: 0033:0x4510a0 [ 2391.112309] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2391.112318] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2391.112346] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2391.112358] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2391.112369] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2391.112379] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2391.112391] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2391.257806] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2391.257831] CPU: 0 PID: 22138 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2391.257843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2391.257851] Call Trace: [ 2391.257880] dump_stack+0x244/0x39d [ 2391.257907] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2391.257939] handle_userfault.cold.32+0x47/0x62 [ 2391.257969] ? userfaultfd_ioctl+0x5610/0x5610 [ 2391.257989] ? mark_held_locks+0x130/0x130 [ 2391.258006] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2391.258022] ? futex_wait_setup+0x266/0x3e0 [ 2391.258054] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2391.258076] ? userfaultfd_ctx_put+0x830/0x830 [ 2391.258093] ? futex_wait+0x5a1/0xa50 [ 2391.258116] ? print_usage_bug+0xc0/0xc0 [ 2391.258134] ? print_usage_bug+0xc0/0xc0 [ 2391.258154] ? print_usage_bug+0xc0/0xc0 [ 2391.258172] ? zap_class+0x640/0x640 [ 2391.258190] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2391.258208] ? futex_wake+0x304/0x760 [ 2391.258241] ? find_held_lock+0x36/0x1c0 [ 2391.258269] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2391.258295] ? lock_downgrade+0x900/0x900 [ 2391.258323] ? kasan_check_read+0x11/0x20 [ 2391.258359] ? do_raw_spin_unlock+0xa7/0x330 [ 2391.258378] ? do_raw_spin_trylock+0x270/0x270 [ 2391.258398] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2391.258430] __handle_mm_fault+0x4bbd/0x5be0 [ 2391.258459] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2391.258481] ? zap_class+0x640/0x640 [ 2391.258497] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2391.258512] ? kasan_check_read+0x11/0x20 [ 2391.258530] ? rcu_softirq_qs+0x20/0x20 [ 2391.258558] ? zap_class+0x640/0x640 [ 2391.258576] ? zap_class+0x640/0x640 [ 2391.258602] ? find_held_lock+0x36/0x1c0 [ 2391.258631] ? handle_mm_fault+0x42a/0xc70 [ 2391.258651] ? lock_downgrade+0x900/0x900 [ 2391.258671] ? check_preemption_disabled+0x48/0x280 [ 2391.258691] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2391.258706] ? kasan_check_read+0x11/0x20 [ 2391.258723] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2391.258741] ? rcu_softirq_qs+0x20/0x20 [ 2391.258762] ? trace_hardirqs_off_caller+0x310/0x310 [ 2391.258782] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2391.258803] ? check_preemption_disabled+0x48/0x280 [ 2391.258830] handle_mm_fault+0x54f/0xc70 [ 2391.258855] ? __handle_mm_fault+0x5be0/0x5be0 [ 2391.258882] ? find_vma+0x34/0x190 [ 2391.258907] __do_page_fault+0x5e8/0xe60 [ 2391.258927] ? trace_hardirqs_off+0xb8/0x310 [ 2391.258957] do_page_fault+0xf2/0x7e0 [ 2391.258983] ? vmalloc_sync_all+0x30/0x30 [ 2391.259003] ? error_entry+0x70/0xd0 [ 2391.259028] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2391.259047] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2391.259079] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2391.259104] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.259126] ? trace_hardirqs_on_caller+0x310/0x310 [ 2391.259147] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2391.259167] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2391.259189] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2391.259207] ? page_fault+0x8/0x30 [ 2391.259228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.259249] ? page_fault+0x8/0x30 [ 2391.259275] page_fault+0x1e/0x30 [ 2391.259290] RIP: 0033:0x4510a0 [ 2391.259310] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2391.259319] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2391.259359] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2391.259383] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2391.259394] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2391.259405] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2391.259415] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2391.342373] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2391.342398] CPU: 0 PID: 22149 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2391.342410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2391.342416] Call Trace: [ 2391.342446] dump_stack+0x244/0x39d [ 2391.342472] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2391.342506] handle_userfault.cold.32+0x47/0x62 [ 2391.342536] ? userfaultfd_ioctl+0x5610/0x5610 [ 2391.342557] ? mark_held_locks+0x130/0x130 [ 2391.342581] ? find_held_lock+0x36/0x1c0 [ 2391.342611] ? userfaultfd_ctx_put+0x830/0x830 [ 2391.342637] ? kasan_check_read+0x11/0x20 [ 2391.342659] ? print_usage_bug+0xc0/0xc0 [ 2391.342677] ? do_raw_spin_trylock+0x270/0x270 [ 2391.342696] ? print_usage_bug+0xc0/0xc0 [ 2391.342720] ? print_usage_bug+0xc0/0xc0 [ 2391.342741] ? zap_class+0x640/0x640 [ 2391.342763] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2391.342779] ? futex_wake+0x304/0x760 [ 2391.342816] ? find_held_lock+0x36/0x1c0 [ 2391.342846] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2391.342870] ? lock_downgrade+0x900/0x900 [ 2391.342899] ? kasan_check_read+0x11/0x20 [ 2391.342916] ? do_raw_spin_unlock+0xa7/0x330 [ 2391.342932] ? do_raw_spin_trylock+0x270/0x270 [ 2391.342954] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2391.342983] __handle_mm_fault+0x4bbd/0x5be0 [ 2391.343012] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2391.343032] ? zap_class+0x640/0x640 [ 2391.343048] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2391.343065] ? kasan_check_read+0x11/0x20 [ 2391.343086] ? rcu_softirq_qs+0x20/0x20 [ 2391.343116] ? zap_class+0x640/0x640 [ 2391.343134] ? zap_class+0x640/0x640 [ 2391.343158] ? find_held_lock+0x36/0x1c0 [ 2391.343184] ? handle_mm_fault+0x42a/0xc70 [ 2391.343203] ? lock_downgrade+0x900/0x900 [ 2391.343221] ? check_preemption_disabled+0x48/0x280 [ 2391.343241] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2391.343257] ? kasan_check_read+0x11/0x20 [ 2391.343273] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2391.343289] ? rcu_softirq_qs+0x20/0x20 [ 2391.343316] ? trace_hardirqs_off_caller+0x310/0x310 [ 2391.343358] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2391.343381] ? check_preemption_disabled+0x48/0x280 [ 2391.343409] handle_mm_fault+0x54f/0xc70 [ 2391.343432] ? __handle_mm_fault+0x5be0/0x5be0 [ 2391.343455] ? find_vma+0x34/0x190 [ 2391.343480] __do_page_fault+0x5e8/0xe60 [ 2391.343498] ? trace_hardirqs_off+0xb8/0x310 [ 2391.343532] do_page_fault+0xf2/0x7e0 [ 2391.343553] ? vmalloc_sync_all+0x30/0x30 [ 2391.343570] ? error_entry+0x70/0xd0 [ 2391.343592] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2391.343610] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2391.343629] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2391.343647] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.343667] ? trace_hardirqs_on_caller+0x310/0x310 [ 2391.343685] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2391.343706] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2391.343726] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2391.343742] ? page_fault+0x8/0x30 [ 2391.343764] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2391.343785] ? page_fault+0x8/0x30 [ 2391.343801] page_fault+0x1e/0x30 [ 2391.343814] RIP: 0033:0x4510a0 [ 2391.343834] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2391.343844] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2391.343861] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2391.343873] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2391.343884] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2391.343895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 08:16:11 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x86ddffff00000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:11 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:11 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x2, 0x0) ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000080)={0x81, 0x0, [0x0, 0x7, 0x10]}) 08:16:11 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x69a, 0xa00) socket$inet_sctp(0x2, 0x5, 0x84) ioctl$NBD_CLEAR_SOCK(r3, 0xab04) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, r1, 0x0, 0x10, &(0x7f0000000080)='selfGPL:keyring\x00'}, 0x30) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000100)=0x0) kcmp$KCMP_EPOLL_TFD(r4, r5, 0x7, r1, &(0x7f0000000140)={r3, r2, 0x2}) 08:16:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x800, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000040)) clone(0x2, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) dup2(r0, r2) ioctl$DRM_IOCTL_GET_MAGIC(r2, 0x80046402, &(0x7f00000000c0)=0x80) ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000140)={0xfd, 0x0, [0x2, 0x5, 0x3ff]}) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) 08:16:11 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x74) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2391.343906] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:11 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8848000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:11 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f0000000240)={0x1, 0x0, [], {0x0, @reserved}}) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f00000000c0)) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r2, 0xc10c5541, &(0x7f0000000100)={0x4, 0x2, 0x0, 0x0, 0x0, [], [], [], 0x7, 0x3}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) [ 2393.470822] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2393.475979] CPU: 1 PID: 22163 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2393.483373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2393.492735] Call Trace: [ 2393.495361] dump_stack+0x244/0x39d [ 2393.499020] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2393.504250] handle_userfault.cold.32+0x47/0x62 [ 2393.508965] ? userfaultfd_ioctl+0x5610/0x5610 [ 2393.513564] ? mark_held_locks+0x130/0x130 [ 2393.517812] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2393.522862] ? futex_wait_setup+0x266/0x3e0 [ 2393.522898] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2393.532426] ? userfaultfd_ctx_put+0x830/0x830 [ 2393.537019] ? futex_wait+0x5a1/0xa50 [ 2393.537042] ? print_usage_bug+0xc0/0xc0 [ 2393.537059] ? print_usage_bug+0xc0/0xc0 [ 2393.537079] ? print_usage_bug+0xc0/0xc0 [ 2393.553053] ? zap_class+0x640/0x640 [ 2393.556783] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2393.561942] ? futex_wake+0x304/0x760 [ 2393.561973] ? find_held_lock+0x36/0x1c0 [ 2393.561998] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2393.574428] ? lock_downgrade+0x900/0x900 [ 2393.574455] ? kasan_check_read+0x11/0x20 [ 2393.574470] ? do_raw_spin_unlock+0xa7/0x330 [ 2393.574486] ? do_raw_spin_trylock+0x270/0x270 [ 2393.574504] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2393.574530] __handle_mm_fault+0x4bbd/0x5be0 [ 2393.601831] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2393.606704] ? zap_class+0x640/0x640 [ 2393.610438] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2393.615388] ? kasan_check_read+0x11/0x20 [ 2393.619555] ? rcu_softirq_qs+0x20/0x20 [ 2393.623562] ? zap_class+0x640/0x640 [ 2393.627293] ? zap_class+0x640/0x640 [ 2393.631050] ? find_held_lock+0x36/0x1c0 [ 2393.635135] ? handle_mm_fault+0x42a/0xc70 [ 2393.639490] ? lock_downgrade+0x900/0x900 [ 2393.643655] ? check_preemption_disabled+0x48/0x280 [ 2393.648693] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2393.653640] ? kasan_check_read+0x11/0x20 [ 2393.657812] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2393.663115] ? rcu_softirq_qs+0x20/0x20 [ 2393.667112] ? trace_hardirqs_off_caller+0x310/0x310 [ 2393.672235] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2393.677789] ? check_preemption_disabled+0x48/0x280 [ 2393.682829] handle_mm_fault+0x54f/0xc70 [ 2393.686909] ? __handle_mm_fault+0x5be0/0x5be0 [ 2393.691515] ? find_vma+0x34/0x190 [ 2393.695081] __do_page_fault+0x5e8/0xe60 [ 2393.699159] ? trace_hardirqs_off+0xb8/0x310 [ 2393.703587] do_page_fault+0xf2/0x7e0 [ 2393.703605] ? vmalloc_sync_all+0x30/0x30 [ 2393.703621] ? error_entry+0x70/0xd0 [ 2393.703641] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2393.720306] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2393.725266] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2393.730209] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2393.735070] ? trace_hardirqs_on_caller+0x310/0x310 [ 2393.740103] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2393.745572] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2393.750618] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2393.755653] ? page_fault+0x8/0x30 [ 2393.759227] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2393.764089] ? page_fault+0x8/0x30 [ 2393.767642] page_fault+0x1e/0x30 08:16:11 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dsp\x00', 0x8000, 0x0) write$P9_RLOPEN(r1, &(0x7f00000002c0)={0x18, 0xd, 0x1, {{0xa4, 0x2, 0x6}, 0x7b82}}, 0x18) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_matches\x00') write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000140)={0xffffffffffffffff}, 0x0, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r2, &(0x7f0000000240)={0xb, 0x10, 0xfa00, {&(0x7f0000000080), r3, 0x2}}, 0x18) 08:16:11 executing program 4: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f, 0x100f}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f0000000200)={0x6, 0x118, 0xfa00, {{0x9, 0x11, "b1ca74f5f6bd85b90942148ed5ae743559f7db751d000f73a54d7112094060a6403f484772c1b3f09b2a3dca42e1745379a4562ea674fe3ee39cf13a5c23eaa428f288dbcbb80dac0bc4f2dc213f801317c7bbdcccb43d4d3aa5e57c31c51f9ba28b4d14907931138e1adf86e5e64e8372bdfdfb4d758f953aabb1b23710149829c459672af8cb1a3d818ec0b824171a789de4dab7c368c4e6a7ff456777402fda2a003cce3ffb7b7b8c367eadde5e2909cdbae94da746e30165d5886f04edbefe9740686281d202d27c68af9bb1778920738419de11447e53bec39c028dad471c87ceb6f768807db43109620694703cd03fdb2481e105d451f65be0a0172e0c", 0x96, 0x1, 0xbaa, 0x1000, 0x81, 0x7ff, 0x3}, r1}}, 0x120) r2 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x7b, 0x200) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x80, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2) r4 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r4, 0x800455d1, &(0x7f0000000080)) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80, 0x40) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xffffffff) r6 = dup2(r4, r4) ioctl$FUSE_DEV_IOC_CLONE(r5, 0x8004e500, &(0x7f0000000040)=r6) 08:16:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000040)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x80000, 0x0) fcntl$getown(r1, 0x9) sync_file_range(r2, 0xffffffffffffffea, 0x400, 0x5) socket$nl_crypto(0x10, 0x3, 0x15) 08:16:11 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xfffff000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2393.771106] RIP: 0033:0x4510a0 [ 2393.771124] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2393.771133] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2393.771146] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2393.771156] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2393.771165] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2393.771180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2393.793301] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2393.838652] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2393.851529] CPU: 0 PID: 22170 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2393.858911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2393.868267] Call Trace: 08:16:11 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x8, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x40, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000100)={0x0, 0xf94c}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000180)={r3, @in={{0x2, 0x4e24, @remote}}}, &(0x7f0000000240)=0x84) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'bond_slave_1\x00', &(0x7f0000000040)=@ethtool_gfeatures={0x3a, 0x1, [{0x9, 0x7, 0x3, 0x10001}]}}) [ 2393.870871] dump_stack+0x244/0x39d [ 2393.874521] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2393.879747] handle_userfault.cold.32+0x47/0x62 [ 2393.884453] ? userfaultfd_ioctl+0x5610/0x5610 [ 2393.889060] ? mark_held_locks+0x130/0x130 [ 2393.893316] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2393.898376] ? futex_wait_setup+0x266/0x3e0 [ 2393.902742] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2393.907956] ? print_usage_bug+0xc0/0xc0 [ 2393.912027] ? futex_wait+0x5a1/0xa50 [ 2393.915843] ? print_usage_bug+0xc0/0xc0 [ 2393.919925] ? print_usage_bug+0xc0/0xc0 [ 2393.924009] ? print_usage_bug+0xc0/0xc0 [ 2393.928089] ? zap_class+0x640/0x640 [ 2393.931823] ? mark_held_locks+0xc7/0x130 [ 2393.936001] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2393.936022] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2393.936043] ? find_held_lock+0x36/0x1c0 [ 2393.936068] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2393.945403] ? lock_downgrade+0x900/0x900 [ 2393.945429] ? kasan_check_read+0x11/0x20 [ 2393.945444] ? do_raw_spin_unlock+0xa7/0x330 [ 2393.945460] ? do_raw_spin_trylock+0x270/0x270 [ 2393.945479] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2393.945496] ? __handle_mm_fault+0xe9e/0x5be0 [ 2393.945519] __handle_mm_fault+0x4bbd/0x5be0 [ 2393.985953] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2393.990811] ? zap_class+0x640/0x640 [ 2393.994538] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2393.999482] ? kasan_check_read+0x11/0x20 [ 2394.003646] ? rcu_softirq_qs+0x20/0x20 [ 2394.007648] ? zap_class+0x640/0x640 [ 2394.011390] ? zap_class+0x640/0x640 [ 2394.015123] ? find_held_lock+0x36/0x1c0 [ 2394.019210] ? handle_mm_fault+0x42a/0xc70 [ 2394.023466] ? lock_downgrade+0x900/0x900 [ 2394.027631] ? check_preemption_disabled+0x48/0x280 [ 2394.032673] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2394.037614] ? kasan_check_read+0x11/0x20 [ 2394.041776] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2394.047067] ? rcu_softirq_qs+0x20/0x20 [ 2394.051056] ? trace_hardirqs_off_caller+0x310/0x310 [ 2394.051077] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2394.051094] ? check_preemption_disabled+0x48/0x280 [ 2394.051116] handle_mm_fault+0x54f/0xc70 [ 2394.066763] ? __handle_mm_fault+0x5be0/0x5be0 [ 2394.066786] ? find_vma+0x34/0x190 [ 2394.066811] __do_page_fault+0x5e8/0xe60 [ 2394.083049] ? trace_hardirqs_off+0xb8/0x310 [ 2394.087485] do_page_fault+0xf2/0x7e0 [ 2394.091303] ? vmalloc_sync_all+0x30/0x30 [ 2394.095488] ? error_entry+0x70/0xd0 [ 2394.099221] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2394.104253] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2394.109198] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2394.114142] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2394.119003] ? trace_hardirqs_on_caller+0x310/0x310 [ 2394.124037] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2394.129512] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2394.134557] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2394.139590] ? page_fault+0x8/0x30 [ 2394.143138] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2394.147971] ? page_fault+0x8/0x30 [ 2394.151540] page_fault+0x1e/0x30 [ 2394.154984] RIP: 0033:0x4510a0 [ 2394.158169] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2394.177057] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2394.182420] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2394.189691] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2394.196951] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2394.204207] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2394.211497] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:12 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:12 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000000040)={0x1, 0xfca8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x1, 0x0) ioctl$PIO_FONTRESET(r2, 0x4b6d, 0x0) 08:16:12 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88480000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x2, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffc) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) ioctl$BLKPG(r1, 0x1269, &(0x7f00000000c0)={0x8, 0x200, 0xb2, &(0x7f0000000240)="373b42c29cfda3ed7b5d4099a87fc419b74474048485ddfc3972de5cc039377041ec6cdff52da7cd2aa59ec13daf19eef38c716175c66429fe62e90984a9fdad4ddf0a715214c520c386e64b90926d304aba1a0201739133fb00e0593b25e055568e40db40adc2decec15479e9d3eef715af9a6e399fee43ba1a27a56d29a3edb615e89a1f4b9834e682c065075d53f5e6b7df9e1be53689e1235a2bd8489001481cafafc55725ec57dc4bc359b4c6e6a045"}) r2 = getuid() setreuid(0x0, r2) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x1d, @loopback, 0x4e22, 0x3, 'wlc\x00', 0x21, 0x4, 0x73}, 0x2c) 08:16:12 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x3f00000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:12 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x4e, &(0x7f0000000040)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7774fcb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000000), &(0x7f0000000080)=0xc) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) accept4$inet(r2, 0x0, &(0x7f0000000100), 0x80000) 08:16:12 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0xfffffffffffffff8, 0x2000) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000240)=""/237) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x400, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000000c0)={&(0x7f0000000080)=[0x4, 0x8, 0x3ff800000000000, 0x0], 0x4, 0x4, 0x2b9, 0x19, 0x2464, 0x1, {0x4, 0x7, 0x1, 0x1f, 0x3e5, 0x40, 0xaaff, 0x5, 0x272, 0x4, 0x7ff, 0x9, 0x2, 0x9, "b627b59e3b8505f598afb7c27a399bd16aea44b181a8df389d948e357b3bab5e"}}) close(r1) 08:16:12 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x2000) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000280)=ANY=[@ANYBLOB="0800000007e95ca87aece10f03f1a30493e0858c9e049b1e601000000009f7a07dbc1e00000003000000f4c526c0cc0800bba86ebc65fde3ed000002000000"]) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = semget(0x0, 0x4, 0x586) semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000140)=""/131) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000080)={0x0, 0x4004400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000919000/0x400000)=nil, 0x400000, 0xffffffffffffffff, 0x8031, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x20) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0)) openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000004c0)) openat$sequencer(0xffffffffffffff9c, 0x0, 0xc0200, 0x0) sched_setscheduler(0x0, 0x6, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x80000, 0x0) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0) r5 = socket(0x1e, 0x805, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x0, 0x200, 0x0, 0x0, 0x38f, 0x0, 0x0, 0xb08, 0x0, 0x7, 0x3, 0x800, 0xffffffffffffffff, 0x5a}}) sendmsg(r5, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 08:16:12 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8864, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:12 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x80000000008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/tcp\x00') write$FUSE_DIRENT(r2, &(0x7f00000002c0)={0x168, 0x0, 0x2, [{0x2, 0x2, 0x1f, 0xf2, 'posix_acl_accesswlan1ppp1/em0\'{'}, {0x0, 0x248, 0x1, 0x9, '^'}, {0x6, 0xbd1, 0x8, 0x2, 'keyring\x00'}, {0x2, 0xffffffff, 0x8, 0x7fff, 'keyring\x00'}, {0x3, 0x1, 0x2a, 0x80000001, '^/\\[bdevvboxnet1[)vboxnet1@wlan0vboxnet1.}'}, {0x6, 0x200, 0x1e, 0x2, 'vboxnet0selinuxeth1-selinux!+['}, {0x1, 0xfffffffffffffff9, 0x5, 0x0, 'user\x00'}, {0x5, 0x4, 0x3, 0x1ff, 'syz'}]}, 0x168) r3 = semget$private(0x0, 0x3, 0x10) semctl$GETPID(r3, 0xd565892094bc5ab3, 0xb, &(0x7f0000000040)=""/95) r4 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) utime(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x80000001, 0x7}) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000140)="60e5e2534f3771e0ac74ce38c7a33ffaa339a7ee57c7c1b737c4c54b0750a6f9408e4782d05be9f68b4e332d813ccbdfafa2d20759965a4a3a5915d5f83252aa7c15ecc552e3bac49d0a23c29409e0bb5f9802e2135a133b7f05cb2c1c3dff8b40b527b21c04281cdcbc379d3c76a161083ceb95aca60cd5845b800882c111c1aaf6d0858d6490d962fd21de4db453b66b8c6353d2b73d5c4cf29c", 0x9b, r4) 08:16:12 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6000000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:12 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:12 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r2, 0x0, 0xe, &(0x7f0000000180)='vmnet1nodev\\]\x00'}, 0x30) fcntl$getown(r0, 0x9) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)) fcntl$getown(r1, 0x9) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f00000002c0)) fcntl$getown(r2, 0x9) getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0xffffffffffffffff, r2, 0x0, 0x5, &(0x7f0000000300)='self\x00'}, 0x30) gettid() r3 = gettid() r4 = getpgrp(r3) perf_event_open(&(0x7f0000000080)={0x7, 0x70, 0x7, 0x6, 0x1, 0x0, 0x0, 0x7, 0x44000, 0x4, 0x3, 0x9, 0x1, 0x576, 0x0, 0x1, 0x8, 0x3, 0x9, 0x8a88, 0x7, 0x8, 0x0, 0x1, 0x0, 0x7, 0x7d0, 0x88c3, 0x7, 0x9, 0xff, 0x2, 0x6, 0x6f, 0x86d4, 0x566, 0x1, 0x1f, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000040), 0x4}, 0x20, 0x7, 0x20, 0x0, 0xfffffffffffffff9, 0x7fffffff, 0x3}, r4, 0x6, r2, 0x2) r5 = perf_event_open(&(0x7f0000014f88)={0x5, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r5) 08:16:12 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8035, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:12 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) clone(0x106, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000013c0)=""/251, &(0x7f00000014c0)=0xfb) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0xf255, &(0x7f0000000000)="0a5c2d023c126285718070") r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x4000, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000100)={r4, 0x401}, &(0x7f0000000140)=0xc) close(r2) 08:16:12 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x100000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:12 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x4000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:12 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = memfd_create(&(0x7f0000000040)='*\x00', 0x1) ioctl$DRM_IOCTL_AGP_INFO(r2, 0x80386433, &(0x7f00000000c0)=""/137) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=0x0) bind$bt_sco(r2, &(0x7f0000000180)={0x1f, {0xffffffffffff593d, 0x7fff, 0x7d34deef, 0x1, 0x10001, 0x3}}, 0x8) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) sched_setscheduler(r3, 0x7, &(0x7f0000000240)=0x7f) dup3(r2, r1, 0x80000) [ 2394.673276] IPVS: length: 251 != 24 08:16:12 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e24, 0x7, @mcast1, 0xff}}, 0x1, 0x0, 0x0, 0x317, 0x1}, &(0x7f0000000140)=0x98) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000180)={r2, @in6={{0xa, 0x4e21, 0x7ff, @mcast2, 0xb5dd}}}, 0xffffffffffffff60) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280)='nbd\x00') ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f00000003c0)={0x1}) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40021}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x50, r5, 0x524, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xdda9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x18, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x44000}, 0x8000) ioctl$VIDIOC_S_AUDIO(r3, 0x40345622, &(0x7f0000000400)={0x40, "4f8dd4df22e3da0504ffd00ada2874d09d3055deabbcdc7192407570cdb8a981", 0x2, 0x1}) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f00000006c0)={r2, @in6={{0xa, 0x4e23, 0x6, @mcast1, 0x68a}}}, 0x250) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="3b002cbd7000fdfcfeffff0c00080007000000000000000c00040001000000000000000c00040001010000000000000c000200b5d60000000000000c00030077000000080000000c0004000200000000000000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x10) close(r3) 08:16:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f0000000140)={0x1, @raw_data="c30c2199ee45a89fd971d9b803a6753f1b84c54ff661909a8ae58eb964080133a3ed21162b7fc721fe55d9abc40a8606acb744d1464acb18621ad6d24ad050b15ee164d59716653d12f68ab67de57635695f5aecdcb044f7eaddfe5265f27d77856cc9a566194a8526ff9f12e2a3429ef6caf439ad36d497bd57760b14e33a0865648986de037c4f58a791b91aa3c6c088bc215868b2490ab33d7c82eda13c4795833b2400831f703e05d22709e4a034800094a9bcda2eb1e593895f629ce3d18b2f8f233a5fade2"}) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) prctl$PR_GET_DUMPABLE(0x3) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=0x0) fcntl$setownex(r0, 0xf, &(0x7f00000000c0)={0x1, r3}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) 08:16:13 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xf0ffffffffffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:13 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x9000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:13 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0xffffffff00000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:13 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffffffffffff9, &(0x7f0000001940)="55d2cc35b8c2172d48e24f844475ef360f47d5aca966a71b6747eb0b14be56ac8734b66599c59714329c302a642fb8bcb8922b75c0a825b14fdb3b8edbd9042a06c2a797808c1be33bb2a532d60b2cf37b54c9c5d529a0ecb82c7e9c2fcd42970a44da8041b083e13014b99779cd7201fe6cb7e49fb41139c66745c27ab57e8eecacaf98ecb18559f78b02b5d8119d4c25b79b764034a6016be5") r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) getpeername$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) sendmmsg(r0, &(0x7f0000001900)=[{{&(0x7f00000000c0)=@xdp={0x2c, 0x1, r3, 0x30}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)="39dc6760ec3d001093b94ba834cd5d018234adba57300aa2a4850b51a0922bb44aad6779041185a4462cdff904354be7dbe85ee2bcba9c0bf49f812ad8b91596b8f7c8e00a1f845511a73b90430d30cf68cb551f259608a663deb38b47bb1501ed", 0x61}, {&(0x7f0000000240)="fd4ac5352cf9176db0c279b88522194a7a701b7dea6994d4fabee4515131b44ee97893dfb9da50d1095a29140cc409700cd385f5bc34b7d3c012810975f66b8811ff853a8d1a6d296dec357559dd2f975e459a6ed9", 0x55}, {&(0x7f00000002c0)="c8ee56fa2d9b724b7fd642a983dd5320e14a3ab5e77f4d8399e26c52a8c1757990e100420d03595211a927234a3036369a5a8fd0e70a49697ffe0fce325dd45eec86ec1000c2fb9f1d7ceed878125856dbe69b6c1cd6cb7a082a33fab0a1e398d6d8a28aa3c7445b734d03aabd1c1895428e4aed34393d2ba1ed34d280cddf905c55b7179a8324b1f1a88ca15acfa2893671c9b7f8097073df4b2f3cc377ffb44e40db954132d1db2a89aa595eedd540b6288b4399a0298a3bc1b767e0866667", 0xc0}], 0x3, &(0x7f00000003c0)=[{0xd0, 0x1, 0x10000, "6420913a6b2a9894a90d24add0b5d2cd176d9c455aefa2324c5ff92ccf8cc5eba2417d43764835bf52cc9b88b22581767704a62f68880cc0258fb8d23c7536c2c749f76d982aafabafb2de923033ca7b9e451388baf4ee9caa7cdc59e227a28dc9e086022c76e731a0e9f7539c31b33bcd111d30897ed0102bf954f34409d21e457c4bce50593631e415ef75a44842ea045b8cf65476913b495de3ce6827a1ec2a64682542b1338a348f063c22d2b26b25b5e61efbce7cd97f1b"}, {0x1010, 0x0, 0x4, "0a5befc3681666adec57cd39706cae889dd2039460695db1df5cc2f50f203482ac415dc9efec290b342b4edf6a3e76d3e2dcd6f0001a2e9cc066fe93bf7f6b9cb6692da1b110c6d78275e03c85e53cdaa6d024216075b42ca803e25c0e5d5a7acd15c2baf75171f502d2336b7977e9fd9344646e88144f1761bdde1f98e428c720e7eeaa260aa000d34f26deca96c107dbbfea5b64fa982a7172e90d1b4da8a03d9cc6b9f70cb650614e9f5c596089f2080ba26d53bab1e97c8e2a4c20653afe53a6e35cffa88a3fee611d1dc8df0d6ba1c97ef4a97d63eb311e2826960ae6a6c7ac3cf6dfbee33f502111e91766ba45696850b48ddc46392e606d02e8a1c00f76efe3d8c642ff1a2e8096c2f6b1965e761a5cb1be0834e39bc5cfe091c64794240aefda5fda7287e4da0d64d9a8f70c2536e5250e4a60760edfe86af70080051ecf11102e2bbb1bd092e6cc7350dcc053ce03b1c662026f6424d0b0de0e1bada35ec82e91d454ff5ce5c75a5cc3ac9b556257f48bd27bfa9f5c312041b92e1288d6dd0597134f11cfc89e6586ff4faa18d93a1cb343f00aeb7053e042eb28fc7306577e05711e46fb2744b62488eaeefa2c3ef8055706e320ee148bfe9bdecc69504061c020563a9ba20fa1c4250b6966dbb2a4818e605c7b6397e0e411d67b04cb792aa35b5bf51b64e9a4c5db1e6e60bc9ad8a05b9b3c2277c39eb2f8ecbd72e050825576d39ad65f13a9cffabef099f4c0f404bf96f25e3852b50772fc65aecf508d95d3f7a988e407bae4ed533ee99a9b2a23bcbe41f00c7bfa8f3d111d4fd6696f5a9e519d99e0915490ace69f00ec4bea90494b6c7f35b339764bdae61c42916cc72d10eec6325d411c8c97b97fa7f32897ef85345c1edbd67b904658dcb22c46e1b4deb026ee3b9c5eb78d10ee5fc6de20c5af0f77ce5c5ee5f19c0614467aec2d7a1b7280ccacd8c67ec5cecc9827b8f3b99ec749de8453147f03b803bde6364a774c08b6535a8d02e8987111cdbfc9750f38b8f77ac1a885eced2c515585d8ae218e34aca1416276a619b13aee27dd243b85cd67057204f26d7b5c0b277592e457acfc8bc2d31dff3beaf4c8144da43d075f502801ab340e0af812977d50bf9c8efe85537c551a9414dd9d2e2dc3fa0bf9be28c8b00a9dc4cb931aeb25917ae906fc0e6202f593604a837a859f8bf74ca0d87ffd07e37af550bc5c8fe4c5112c8f6479ed16f7a9ea0da9510179f44f75fb10acb49612ef076421bbc36e8152030a766a0e6983b47f729c6b8ec2d83a90412bed8f0e58339cdfbcabe0ff6ff509dbe17fa15d9ad0aec2b2f0d418f7414e30e97f97517c8ae7e12c692d95c6b98c48b9faac1138e016c01a581a5ab27208c671ec65e7749b4731fb2047eed356dcc521078096e047a7d59606058b72391c9f2c7aa4ff82844e9fa28db8916d2d4e438181f4acbb978cdc5b76884a207be9ea3acceb9f4dd2b8dd08544509760ec49341fbf338a270591a745eed4921d24efdeb79e9eb5c3a2c6a8fe169a757675567eed98db155cf79e33af3d685fd32d684431f8626a1a78b4c07f55ad622e06d203aafde11b0b374b44156514fd8cad1c381c3b23fcbff1ce773582152078a236ca59891bb50f7dc5aa30a565f99a40fc14c67768a6313f1908feb41f83132d8e1dec5ce2163e9e0837ebd982be9ff3e544860b55597111c89a9ce336684be6e5f1fafb2f49299177e9bab1020be5ea8117c161987e8b3705c18f70b46a19327e77697daa183d352d441e97f0ecdf31c8cd498d5ddf4c53944dbab4c8078a0b33711ac4650d84802136e6f25df4961e6ed0acb5f78ffcf1690945f336f806af336f3f020452d50bb514e192204d3ec1efc4b3976b4e0275c4646c6b47322d0f3dd31971b2b4ed3e0451ccad090847ca2da3456deffb6473df43f451a4c18e2898381cee15a44a0e27641d00aa87a5fe8cd7063b08a45bfbd6cc7d8d3a10f7559cf48d54008596014f984a186e54c1283e1956e499c5915c26f748e30e7da82ab0cd0ae696b1dc45d750b158bcdef7dd2b061dccdb19c59399de00ea15e3d168fa3ce3577acff821fc6daaa4728b6f9ba7f0cd345c4e39afe393a5f1a9173c1681f7c8a809d3b67250dc7a6b9e38132d553d406a633d420b20f8021e9ef03d6cefd0c76f670aea287eb34afc343c1c6d09cb7a9fec3dbc02a2f7d9b05eb98d6aaa0e8b7dc9859159030e8afb9e5e28930642258d895e07481b6719608f55bafb13f04cccf56fc88fcf24d4c5227ac3e6f2058d5979eaf9c7283d2d45b3ebdd3c0245c29029a964323986ac88f3ac701cdc44f6c6e2e2cfd7debcb87da81b63ef329c9639c52fa9eda32cbb422f5735d72444932c19c4286caa3dbee49dd4ca17972bb231f9e6cd3f8fc634b142d19b007ee2b56d50a13a910656b66ebadad5d9d0d5f3fed7d64100d7af3315d7a280fd91066817443ac1b69921efcfc4eb2d96660179d8f96bcc0f4a14390beb3368382b586f214e3b02df8b5f9099fea165a13b419a328091cb4a331cd184dd3ee422b175ec1cc8d82ca2c30b9671548023026f04c699d905df33ec6db8dbcc34941e726b6013ec44bc972a828f4f65b780970a7fcfdf95c683349c3a0f1a5d5e9773b86d7daaac31b35ccd89d99cccac7607581cd9f2670e7b2b0e0f2f8b4a5a0a4c0caf0bba2016aadd3b8f79e3810a5ba38c1b570b19b7fe84ecc04ed8bae6dd53b3f623f187c7a56e520f8802744c6673ba4dc655d0f7023cbe76eac7ece5aef7caec89a23d5e5a9c838427e972c10a33388bd0cb11aaaf6205236760f660d962b0e7010ca323d227cd453c7d26cf082df22e6a68acea3c015ee34a4e1496136bbfcce6139e9ab7f30692f73789836e18f5363f05e32a80ea303cb84d68f68e80a7490e654c4635651843f6f768bea7ee5fa4dd56ecb0fa19007db018fcc41bcaf33c3922e812a5b2c7825f51f3084b26163b1369f7a2c71d63a4fe1d8778d4d5d45ada331ce7c1b43c9e58ae0a9acb87447fccd4b5966a320018761dd8e9198fd2c2acb63023012e12d7cf7e34d7b4a44a882cc53fb17fadebc68b1831a99d51f5b198d069210009fc0630ce3e75d1f14400c329515057749336d4aa7d4823587947973030cabe2a79ebcc9eb3ba11a13d8d8ca35b91909413201d2b95f2edd6783f42b3bdd1728e1ecd911f7c5a500bff5720c62c5d11755488975bc46ca63c72854a743cd546e64f1dc7d822deadba9761fedffa6bca47b93b443a192493dcfbaa939fa71dcb8740e69b73284ed05f66ab47e63b9d470d145b59cea9f9ac38e4c7cc1181ae67933af03d75042a5a81cc7d05228ea421ffd7009e3a955b30767e756c61a4fa82427cf43eecceed1a10176e8d5ad4d83204d10e2325dcfebd7cfd209c85bcd2492d4da689da9dfbeb7894a96c85bc0f56ed8bcbb38bb2c8e6371fbaac1919fc489a206b05e0cfc240a7c1c5813e96ec55ac440b108e1cc5e99a5eb1ab7f5b14ad24fe7cc39146f34f8b75433a0e3ebbe5bc39a96706f8be062e503947acc9f67ecc239d039e25e1a669f1df4a6c6bac666f5e5d965bf649be04022348a89dc1cb7384dc8b0b982ad0607a48eb1b6b3f02055d29e5b4bdc1d6689711142c3e54f84ddbe124c70b2357cc68cc75a53a567fd0baa84781d401a1813667a7fb0a1dc5145240c8809da2279e675f30690bcdafb686754e420b17960a4eb280a3cd46972892ce4817ce036435acbd8b5f8c35e4c27f2541a7d34d7dc16925c3d9910a4d4a48d7f59be474dd1d21ca877946b6eb599afdcf86aeb9c6eea4cdcc549861c22e7fdb2da693fdfefc72232493cbd119bc4f2e889d6994a824f2ac08ae1668a0924a9ca92b28d84d3e1a1b965105b556bd3d748aac7a5073225e21f97a213fda0893f927abdebd6250b67d0e876e49a45a82aea54547c333ac1b8aafa39d7bb652658f2bc4c1d83af214c54caa08f5365eaa5986f843cb8359a811792be629698bf129c8997ecf7313f623c46fcddef91b7de90cbab9e909d00bab802386ace48e9e4bb7b3ec241da0d8673dd4482b83199cf99c8ced33de9a23b1c37d3e52a3eed44e4d6120b8d22d7c3d927b0f979e5063e708513c51e06fe0404d326d57bd25a91a9879e6a3acd47ca10c0f76e81751a5a2a69f8590bdc1e4fdec0917ae5a2649c872c3b0f93b935bb9f05af8ba61992f0e15c301c4746d71ee84d99e4e2386b07e0b478a83b4cf838ff6ed76487d71906dc28629d6553a6eb6a153235ee2a463c75f289865d907cbcaa7b579882d55d44784da74c4f4720b62862883b6e3d4b5989f7507886b0561acc9469fe327fa6d861d389abb6299b3b044a7ceb61a24db7dfacdeb9357089ce21fb7d7dbd593256820b15774fdc35d4dd09e663c9b1ca88187329c5042fbaf4617fbdffd1c32ec24a7ae0d9a381fc4210fcb9613af07f617f534b7cd9448e31edd3eac40580108b9f30b32f721694e9069c0d007d56a4188ae1374942e493c55f58798ed2877ddf09c7c7b9834e34c24ac161d4bfc79926e233441bd3f25212556f7d6b764d09b981a8deb47038a45dc6dbda19fe2f4676725d3c6760a112b0d3e110f830092abf225ee94f8451de5476997f7c392c6599609a70b06f38704e62fe80a1ea88d92235dfdd26f448dd5881f40273ba6ad30f1fe18c863c166953ff651f99d6322f34e25f919bfad6da17a4aefbf3075629706b13610d7f98ca54a014a6d256357a9661a752e6ec5b52a965c30f7b1d4699c4d03ff7ec9c5a4405bc53ed81a972dbb4dd6cf05dffc6e765ef9a567865f71c207f97976488c4ce500db18b0dc7249617d1049004b274c5a5c3ab35815cc492ac15361cab61b179d0300279fc91353535e4357fc8e7429e4bc798c347d7bb6c385b4889089391d4a79f8f441905599633efb1068105752d6f492954a7a96391ee9093b36bd748fc7d8577d453ff056db7fc85235a6d5ea61783fab68ccb8b9bd446c0c9231dcc1cef156d0700f153868f0358f37b8d8e874f0ff37965434f24604f70ee71df29037d5e3180a88d4c5ab56b4ffed4cd133452a1994902d1423a10e85b07cce7f30fda857c1382cb215d0598cdb1c7612583356ad34994fc9c72ef88ea2daf776817fc25bd5b91517a8b1111778c4633bd106d68458e5cbef5cb64ac2ee5770e56e0b4f9589988f80bcf7ef409434e8d2400d29b899cedb014db75c4afbec5743b42e7a14129f3da8f1a14b72aae6c88968656da166643ad5bbe4da80dfb84f7a23700ca8497940b057eb6b33b222d8990d3e4a459f07e0a85ba16863a2ee0c693a71b4234ee5a28b9ef311e44c325826b31021a927752aaa31df89834cf653e0023056ffc888813486aa59b0e7a4c71518e66b07641c7c88b7a69c24773c66edfa0ddbe8c5ff0b24c08a6092d245fa98387ca58384a7ed8d3c3cd12a7b65e75dfc40833b1927a0bfc015c6ed1ab8c1dc648857304f84cae30babda0087e2100d274e634eb74341cd5bfa7ce661121f854c198f1273116fc248aaaf29efdc85c9d1010d288de658eee29aec43dc9e04de96d8462f44ca1df217b3b915616c2e75879a1e7415bf2232aab3d1c1796aa20c6e5a8aab0bd47397453eb54af174ac6cc9c43a9c8970fb589109bba996bfa4adf07279b21fdfc8b2726fe4d4ba0abf258e0e0963067b7a2a09d8c1b173ee0548c386bc778b54a1fba6604683bef24d7fb3c6205948f0988dfd8022d17fcb6a8dd4ceb9d32445f448081c5ed25"}, {0xd0, 0x29, 0x2189e312, "691ac9c9793c9c4ee90612340854443b983abc99fca7a6010d412d8b4a83458ac052350224bc1bf64702ea3e5d06a7d0481d38f5c85939b55df27b05e9a035c0be1693840baf872183d9ae51b78341360e18bdd8f04bfbd11fc971cfbe6357d9f5faf172cadc91f0b1aa1c8aafa7c8fe1109cb09b0d35cc3f300757718c23c271408431d78e86b8de37431d5578f9519342849c70d1337c30a6606420ec2c5856462e0f54a07d73a04883824560580eebcc99f1079512a93018034a9f507"}, {0x108, 0x102, 0x5, "2a7b6a321e17cc7e16613bdadcb31c9773daacf06b90d939cf1e2f16a777bb5d5116786cd73d64462d8110289bf359e0de167035c64f65c23634010f53a09eb12a9d87e6729bccdb7545a449a98f0ce3b7911df46d5cc243755adcfde21c67d9a81ba0b98036eea13e22f4229b4025df2165448a7352a6704c6c569785661ae7a066d43442cd751b9f82068a5af3eb4f65e010389e03048ce73f3c3d1c8274d3c62a5814f0a8912624ec9db14fe8aaa09923633c9795aca9246de3b45827761be237f8f8c226497df9c71d87641d4a5c51c2cee965f22d4e3de89b396bbf62d4d0b432971c3e324c70780360a951e818e80c"}, {0x90, 0x113, 0x4, "5e63beaef6f6ccd58817839637701e538085489311bdc525414278bb3279d284fd79013f1d8a6937a5042d2524cd46616e4357a0fbdf107c8cc675e1e71a7b23e6d3600779376d3152778bc0847fa1ba45f87f92c0ceee9e153c6967905ce229fe1b454f7e0ad23f8c172848de95cc22b917a33baeaf2fc20815c7a36b3af1"}, {0xe8, 0x1, 0x14, "273639916da563ac1415965a647b632c3384ba4ccf03968f39386bf34441f2483f2521fcd539c42875e00758e45f73ed1ce777229fd50c04a1e89b0ea19a9d3c7cf141a5d97db1612b78d4b3fde2635c093c105aa29213a56cdf2b701fa0e834645c56a57329b7bb34f4992602567f950c416a69752a85e3d8ca92291616457b4340387e034353ba26b2af6b6de598c53e989f7b8e963bec132b0842931db4d75bace37c40df98343d0ca624cc78fa6b89928705c29169467e5b28330367810db432ab872bf57410666287ade16339ae1da5"}, {0x100, 0x115, 0x9, "066a9452cba36b399545958f1ffc6f756319c6e74677f43d43dd1669bab41a876c274e4349b394d6e53224fc883bf35ed74f7a095b3849e40d4314d7b29d7ccdff483ea1792803f55f0f7a46cb566060a10436be9a011fdef2a09ed19180c0d81a4d152c3edb99bde0fbec25062c2681f4400e89e948d92a3f989901914c09f6cb577efb8c429ab5957d620a4cef640e23a5741ba49993c2f59e8a815e4cae16aae8a6b9f9df1cb95ed5267cfc2ecfc0acc2ee9fb024edd62bb96e9d5eaaa82e942e16bf05b626dface1973dd6faf1a8854b031444471ce8ff426d04f13f3d410baa46db0295e7ae1479812e"}], 0x1530}, 0x327}], 0x1, 0x4010) 08:16:13 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x3, 0x4) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) 08:16:13 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x400000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:13 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, r1, 0x0, 0x2, &(0x7f0000000040)='!\x00'}, 0x30) ptrace$peekuser(0x3, r2, 0xff) close(r1) 08:16:13 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_misc(r2, &(0x7f00000000c0)={'syz1', "ba76619e174193c0a1b788466c0b1234f7524cc0b4fea51631eff075e5318059447fe56ec8c63a1c2fb856e5d0a47da58669fed5784be0cc04a48f33008555886b4c547bd176dea186f1d97210d64fbff20590df989c2c1821e7cfdbb18f252ccc1ef4b322a10b5e5f6c8103a4f4a88e6229bda38a6c9285778e7d499d0fa172890a73c5354b8cbab29f73f6916d111fae74fe8e9ac91caa30735e6d2c4fb2"}, 0xa3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, r1, 0x0, 0x17, &(0x7f0000000040)='.?(eth0(vmnet0vboxnet0\x00'}, 0x30) getpriority(0x2, r3) r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r4) [ 2395.982624] handle_userfault: 7 callbacks suppressed [ 2395.982632] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2396.014892] CPU: 1 PID: 22297 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2396.022287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2396.031657] Call Trace: [ 2396.034273] dump_stack+0x244/0x39d [ 2396.037936] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2396.043169] handle_userfault.cold.32+0x47/0x62 [ 2396.047887] ? userfaultfd_ioctl+0x5610/0x5610 [ 2396.052499] ? mark_held_locks+0x130/0x130 [ 2396.056755] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2396.061783] ? futex_wait_setup+0x266/0x3e0 [ 2396.066135] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2396.071353] ? userfaultfd_ctx_put+0x830/0x830 [ 2396.075962] ? futex_wait+0x5a1/0xa50 [ 2396.079789] ? print_usage_bug+0xc0/0xc0 [ 2396.083888] ? print_usage_bug+0xc0/0xc0 [ 2396.087974] ? print_usage_bug+0xc0/0xc0 [ 2396.092054] ? zap_class+0x640/0x640 [ 2396.095782] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2396.095799] ? futex_wake+0x304/0x760 [ 2396.104704] ? find_held_lock+0x36/0x1c0 [ 2396.104731] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2396.104753] ? lock_downgrade+0x900/0x900 [ 2396.117675] ? kasan_check_read+0x11/0x20 [ 2396.121840] ? do_raw_spin_unlock+0xa7/0x330 [ 2396.126268] ? do_raw_spin_trylock+0x270/0x270 [ 2396.130876] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2396.136532] __handle_mm_fault+0x4bbd/0x5be0 [ 2396.140964] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2396.145831] ? zap_class+0x640/0x640 [ 2396.149563] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2396.154505] ? kasan_check_read+0x11/0x20 [ 2396.158675] ? rcu_softirq_qs+0x20/0x20 [ 2396.162680] ? zap_class+0x640/0x640 [ 2396.166414] ? zap_class+0x640/0x640 [ 2396.170155] ? find_held_lock+0x36/0x1c0 [ 2396.174239] ? handle_mm_fault+0x42a/0xc70 [ 2396.178493] ? lock_downgrade+0x900/0x900 [ 2396.182703] ? check_preemption_disabled+0x48/0x280 [ 2396.187740] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2396.192686] ? kasan_check_read+0x11/0x20 [ 2396.196866] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2396.202153] ? rcu_softirq_qs+0x20/0x20 [ 2396.206139] ? trace_hardirqs_off_caller+0x310/0x310 [ 2396.211267] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2396.216822] ? check_preemption_disabled+0x48/0x280 [ 2396.221876] handle_mm_fault+0x54f/0xc70 [ 2396.225962] ? __handle_mm_fault+0x5be0/0x5be0 [ 2396.230566] ? find_vma+0x34/0x190 [ 2396.234137] __do_page_fault+0x5e8/0xe60 [ 2396.238226] ? trace_hardirqs_off+0xb8/0x310 [ 2396.242666] do_page_fault+0xf2/0x7e0 [ 2396.246485] ? vmalloc_sync_all+0x30/0x30 [ 2396.250648] ? error_entry+0x70/0xd0 [ 2396.254380] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2396.259410] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2396.264365] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2396.269317] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2396.274195] ? trace_hardirqs_on_caller+0x310/0x310 08:16:13 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x10000, 0x0) ioctl$BLKBSZGET(r1, 0x80081270, &(0x7f0000000280)) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = open(&(0x7f0000000040)='./file0\x00', 0x400000, 0x174) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000080)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000100)={r4, @in6={{0xa, 0x4e22, 0x400, @loopback, 0x3}}, [0x29a, 0xf40000, 0x10000, 0x9, 0x9, 0x9, 0x200, 0x4, 0xf1, 0x8, 0x30, 0xcab, 0x100000000, 0x4, 0x1000]}, &(0x7f0000000200)=0x100) 08:16:13 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00', r0}, 0x10) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000040)={0x100, 0x0, 0x2024, 0x8000, 0x5fc6f17f, 0x8000, 0x995c, 0x1}) close(r2) r3 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x8, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f00000002c0)={&(0x7f0000000140), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r4, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x1}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 08:16:14 executing program 1: r0 = syz_open_dev$adsp(&(0x7f0000000400)='/dev/adsp#\x00', 0xd8, 0x80000) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffff9c, 0x84, 0x14, &(0x7f0000000440)=@assoc_value={0x0}, &(0x7f0000000480)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000004c0)={r1, 0x6}, 0x8) r2 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r3 = syz_open_dev$usb(&(0x7f0000000380)='/dev/bus/usb/00#/00#\x00', 0x401, 0x101800) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f00000003c0)={0x3, 0x1ff, 0x0, 0x3, 0x4, 0x48, 0x7, 0x3, 0x6, 0xffffffff, 0x2, 0x6}) r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='\x00', 0xfffffffffffffff9) r6 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa) keyctl$negate(0xd, r5, 0x100, r6) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000200)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@dev}}, &(0x7f0000000300)=0xe8) setxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000340)=@v3={0x3000000, [{0x6, 0x700000000}, {0x9, 0x1}], r7}, 0x18, 0x1) close(r4) [ 2396.279233] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2396.284702] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2396.289734] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2396.294769] ? page_fault+0x8/0x30 [ 2396.298328] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2396.303196] ? page_fault+0x8/0x30 [ 2396.306754] page_fault+0x1e/0x30 [ 2396.310220] RIP: 0033:0x4510a0 [ 2396.313430] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d 08:16:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:14 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x0}, {}, {}]}) ioctl$DRM_IOCTL_RM_CTX(r1, 0xc0086421, &(0x7f00000000c0)={r2, 0x3}) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) [ 2396.332350] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2396.337727] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2396.345009] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2396.352287] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2396.352298] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2396.352307] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2396.378542] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2396.383604] CPU: 1 PID: 22299 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2396.390986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2396.400357] Call Trace: [ 2396.402967] dump_stack+0x244/0x39d [ 2396.406617] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2396.406652] handle_userfault.cold.32+0x47/0x62 [ 2396.416525] ? userfaultfd_ioctl+0x5610/0x5610 [ 2396.421124] ? mark_held_locks+0x130/0x130 [ 2396.421147] ? find_held_lock+0x36/0x1c0 [ 2396.421175] ? userfaultfd_ctx_put+0x830/0x830 08:16:14 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0xa00) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2396.434032] ? kasan_check_read+0x11/0x20 [ 2396.434051] ? print_usage_bug+0xc0/0xc0 [ 2396.434064] ? do_raw_spin_trylock+0x270/0x270 [ 2396.434085] ? print_usage_bug+0xc0/0xc0 [ 2396.450938] ? print_usage_bug+0xc0/0xc0 [ 2396.455021] ? zap_class+0x640/0x640 [ 2396.458754] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2396.463878] ? futex_wake+0x304/0x760 [ 2396.467705] ? find_held_lock+0x36/0x1c0 [ 2396.471797] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2396.476404] ? lock_downgrade+0x900/0x900 [ 2396.480577] ? kasan_check_read+0x11/0x20 [ 2396.484739] ? do_raw_spin_unlock+0xa7/0x330 [ 2396.489169] ? do_raw_spin_trylock+0x270/0x270 [ 2396.493786] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2396.499435] __handle_mm_fault+0x4bbd/0x5be0 [ 2396.503873] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2396.508735] ? zap_class+0x640/0x640 [ 2396.512472] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2396.517417] ? kasan_check_read+0x11/0x20 [ 2396.521588] ? rcu_softirq_qs+0x20/0x20 [ 2396.525593] ? zap_class+0x640/0x640 [ 2396.529322] ? zap_class+0x640/0x640 [ 2396.533066] ? find_held_lock+0x36/0x1c0 [ 2396.537151] ? handle_mm_fault+0x42a/0xc70 [ 2396.541406] ? lock_downgrade+0x900/0x900 [ 2396.545578] ? check_preemption_disabled+0x48/0x280 [ 2396.550782] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2396.555732] ? kasan_check_read+0x11/0x20 [ 2396.559895] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2396.565202] ? rcu_softirq_qs+0x20/0x20 [ 2396.569189] ? trace_hardirqs_off_caller+0x310/0x310 [ 2396.574315] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2396.579886] ? check_preemption_disabled+0x48/0x280 [ 2396.584921] handle_mm_fault+0x54f/0xc70 [ 2396.585576] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2396.589000] ? __handle_mm_fault+0x5be0/0x5be0 [ 2396.589021] ? find_vma+0x34/0x190 [ 2396.589044] __do_page_fault+0x5e8/0xe60 [ 2396.605700] ? trace_hardirqs_off+0xb8/0x310 [ 2396.605727] do_page_fault+0xf2/0x7e0 [ 2396.605744] ? vmalloc_sync_all+0x30/0x30 [ 2396.605763] ? error_entry+0x70/0xd0 [ 2396.613963] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2396.613979] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2396.614079] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2396.614137] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2396.641696] ? trace_hardirqs_on_caller+0x310/0x310 [ 2396.646732] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2396.652200] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2396.657231] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2396.662264] ? page_fault+0x8/0x30 [ 2396.665822] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2396.670691] ? page_fault+0x8/0x30 [ 2396.674259] page_fault+0x1e/0x30 [ 2396.677728] RIP: 0033:0x4510a0 [ 2396.680932] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2396.699845] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2396.705224] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2396.712503] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2396.719778] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2396.727055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2396.734330] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2396.741642] CPU: 0 PID: 22338 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2396.749024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2396.758386] Call Trace: [ 2396.760988] dump_stack+0x244/0x39d [ 2396.764632] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2396.769848] handle_userfault.cold.32+0x47/0x62 [ 2396.774541] ? userfaultfd_ioctl+0x5610/0x5610 [ 2396.779152] ? mark_held_locks+0x130/0x130 [ 2396.783422] ? find_held_lock+0x36/0x1c0 [ 2396.787520] ? userfaultfd_ctx_put+0x830/0x830 [ 2396.792125] ? kasan_check_read+0x11/0x20 [ 2396.796280] ? print_usage_bug+0xc0/0xc0 [ 2396.800360] ? do_raw_spin_trylock+0x270/0x270 [ 2396.804957] ? print_usage_bug+0xc0/0xc0 [ 2396.809031] ? print_usage_bug+0xc0/0xc0 [ 2396.813104] ? zap_class+0x640/0x640 [ 2396.816835] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2396.821950] ? futex_wake+0x304/0x760 [ 2396.825821] ? find_held_lock+0x36/0x1c0 [ 2396.829904] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2396.834502] ? lock_downgrade+0x900/0x900 [ 2396.838671] ? kasan_check_read+0x11/0x20 [ 2396.842834] ? do_raw_spin_unlock+0xa7/0x330 [ 2396.847255] ? do_raw_spin_trylock+0x270/0x270 [ 2396.851854] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2396.851883] __handle_mm_fault+0x4bbd/0x5be0 [ 2396.851908] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2396.851927] ? zap_class+0x640/0x640 [ 2396.861951] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2396.861967] ? kasan_check_read+0x11/0x20 [ 2396.861984] ? rcu_softirq_qs+0x20/0x20 [ 2396.862011] ? zap_class+0x640/0x640 [ 2396.862029] ? zap_class+0x640/0x640 [ 2396.891309] ? find_held_lock+0x36/0x1c0 [ 2396.895413] ? handle_mm_fault+0x42a/0xc70 [ 2396.899667] ? lock_downgrade+0x900/0x900 [ 2396.903833] ? check_preemption_disabled+0x48/0x280 [ 2396.908881] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2396.913828] ? kasan_check_read+0x11/0x20 [ 2396.918000] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2396.923291] ? rcu_softirq_qs+0x20/0x20 [ 2396.927280] ? trace_hardirqs_off_caller+0x310/0x310 08:16:14 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x20000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:14 executing program 1: r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ftruncate(r0, 0x9) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x11000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r1, 0x0, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x804) r2 = socket$l2tp(0x18, 0x1, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='trusted.overlay.upper\x00', &(0x7f0000000240)={0x0, 0xfb, 0x1f, 0x3, 0x0, "b2af996f0fafe0fd692ce133015f7f93", "a8a8601d4900e1a0a82a"}, 0x1f, 0x2) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) 08:16:14 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x6000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:14 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', 0x200}) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) 08:16:14 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r1) r4 = syz_open_dev$usbmon(&(0x7f0000000400)='/dev/usbmon#\x00', 0x4, 0x101) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000440)={0x0, 0x5}, &(0x7f0000000480)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f00000004c0)={r5, 0x6, 0x7, 0x400}, &(0x7f0000000500)=0x10) 08:16:14 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0xffffffff80000000, 0x121000) ioctl$ION_IOC_HEAP_QUERY(r1, 0xc0184908, &(0x7f00000000c0)={0x34, 0x0, &(0x7f0000000080)}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) [ 2396.932408] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2396.937966] ? check_preemption_disabled+0x48/0x280 [ 2396.943001] handle_mm_fault+0x54f/0xc70 [ 2396.947084] ? __handle_mm_fault+0x5be0/0x5be0 [ 2396.951685] ? find_vma+0x34/0x190 [ 2396.951709] __do_page_fault+0x5e8/0xe60 [ 2396.951725] ? trace_hardirqs_off+0xb8/0x310 [ 2396.951753] do_page_fault+0xf2/0x7e0 [ 2396.967563] ? vmalloc_sync_all+0x30/0x30 [ 2396.971726] ? error_entry+0x70/0xd0 [ 2396.971745] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2396.971767] ? trace_hardirqs_on_caller+0xc0/0x310 08:16:14 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4788, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2396.971806] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2396.971822] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2396.971839] ? trace_hardirqs_on_caller+0x310/0x310 [ 2396.971855] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2396.971876] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2397.010747] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2397.015776] ? page_fault+0x8/0x30 [ 2397.019331] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2397.022090] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2397.024208] ? page_fault+0x8/0x30 [ 2397.024225] page_fault+0x1e/0x30 [ 2397.024244] RIP: 0033:0x4510a0 [ 2397.038908] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2397.057815] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2397.057829] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2397.057840] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2397.057849] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2397.057858] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2397.057869] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2397.071833] CPU: 0 PID: 22356 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2397.107255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2397.116613] Call Trace: [ 2397.119220] dump_stack+0x244/0x39d [ 2397.122875] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2397.128092] handle_userfault.cold.32+0x47/0x62 [ 2397.132805] ? userfaultfd_ioctl+0x5610/0x5610 08:16:15 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8847000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2397.137413] ? mark_held_locks+0x130/0x130 [ 2397.141670] ? find_held_lock+0x36/0x1c0 [ 2397.145756] ? userfaultfd_ctx_put+0x830/0x830 [ 2397.150370] ? kasan_check_read+0x11/0x20 [ 2397.150389] ? print_usage_bug+0xc0/0xc0 [ 2397.150409] ? do_raw_spin_trylock+0x270/0x270 [ 2397.163207] ? print_usage_bug+0xc0/0xc0 [ 2397.167284] ? print_usage_bug+0xc0/0xc0 [ 2397.171376] ? zap_class+0x640/0x640 [ 2397.175127] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2397.180249] ? futex_wake+0x304/0x760 [ 2397.184084] ? find_held_lock+0x36/0x1c0 [ 2397.188172] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2397.192766] ? lock_downgrade+0x900/0x900 [ 2397.196939] ? kasan_check_read+0x11/0x20 [ 2397.201103] ? do_raw_spin_unlock+0xa7/0x330 [ 2397.205527] ? do_raw_spin_trylock+0x270/0x270 [ 2397.210128] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2397.215777] __handle_mm_fault+0x4bbd/0x5be0 [ 2397.220211] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2397.225075] ? zap_class+0x640/0x640 [ 2397.228800] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2397.234202] ? kasan_check_read+0x11/0x20 [ 2397.238378] ? rcu_softirq_qs+0x20/0x20 [ 2397.242393] ? zap_class+0x640/0x640 [ 2397.246122] ? zap_class+0x640/0x640 [ 2397.249858] ? find_held_lock+0x36/0x1c0 [ 2397.253948] ? handle_mm_fault+0x42a/0xc70 [ 2397.258201] ? lock_downgrade+0x900/0x900 [ 2397.262381] ? check_preemption_disabled+0x48/0x280 [ 2397.267419] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2397.272371] ? kasan_check_read+0x11/0x20 [ 2397.272388] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2397.272404] ? rcu_softirq_qs+0x20/0x20 08:16:15 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88a8ffff00000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:15 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 2397.272421] ? trace_hardirqs_off_caller+0x310/0x310 [ 2397.272441] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2397.272459] ? check_preemption_disabled+0x48/0x280 [ 2397.272483] handle_mm_fault+0x54f/0xc70 [ 2397.272503] ? __handle_mm_fault+0x5be0/0x5be0 [ 2397.272525] ? find_vma+0x34/0x190 [ 2397.281954] __do_page_fault+0x5e8/0xe60 [ 2397.281971] ? trace_hardirqs_off+0xb8/0x310 [ 2397.281998] do_page_fault+0xf2/0x7e0 [ 2397.282016] ? vmalloc_sync_all+0x30/0x30 [ 2397.282033] ? error_entry+0x70/0xd0 [ 2397.282050] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2397.282065] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2397.282082] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2397.282098] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2397.282117] ? trace_hardirqs_on_caller+0x310/0x310 [ 2397.310445] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2397.310466] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2397.310485] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2397.310502] ? page_fault+0x8/0x30 [ 2397.310521] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2397.310543] ? page_fault+0x8/0x30 [ 2397.330492] page_fault+0x1e/0x30 [ 2397.330506] RIP: 0033:0x4510a0 [ 2397.330523] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2397.330532] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2397.330546] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2397.330556] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 08:16:15 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x608, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:15 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x3f000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2397.330566] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2397.330575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2397.330585] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2397.527838] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2397.546700] CPU: 0 PID: 22386 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2397.554091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2397.563451] Call Trace: [ 2397.563479] dump_stack+0x244/0x39d [ 2397.563514] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2397.563548] handle_userfault.cold.32+0x47/0x62 [ 2397.563580] ? userfaultfd_ioctl+0x5610/0x5610 [ 2397.563601] ? mark_held_locks+0x130/0x130 [ 2397.563620] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2397.563642] ? futex_wait_setup+0x266/0x3e0 [ 2397.575061] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2397.575082] ? userfaultfd_ctx_put+0x830/0x830 [ 2397.575097] ? futex_wait+0x5a1/0xa50 [ 2397.575119] ? print_usage_bug+0xc0/0xc0 [ 2397.575136] ? print_usage_bug+0xc0/0xc0 [ 2397.575156] ? print_usage_bug+0xc0/0xc0 [ 2397.623678] ? zap_class+0x640/0x640 [ 2397.627413] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2397.632525] ? futex_wake+0x304/0x760 [ 2397.636370] ? find_held_lock+0x36/0x1c0 [ 2397.640462] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2397.645038] ? lock_downgrade+0x900/0x900 [ 2397.649181] ? kasan_check_read+0x11/0x20 [ 2397.653317] ? do_raw_spin_unlock+0xa7/0x330 [ 2397.657728] ? do_raw_spin_trylock+0x270/0x270 [ 2397.662310] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2397.667939] __handle_mm_fault+0x4bbd/0x5be0 [ 2397.672353] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2397.677210] ? zap_class+0x640/0x640 [ 2397.680918] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2397.685850] ? kasan_check_read+0x11/0x20 [ 2397.689994] ? rcu_softirq_qs+0x20/0x20 [ 2397.693965] ? zap_class+0x640/0x640 [ 2397.697667] ? zap_class+0x640/0x640 [ 2397.701380] ? find_held_lock+0x36/0x1c0 [ 2397.705434] ? handle_mm_fault+0x42a/0xc70 [ 2397.709658] ? lock_downgrade+0x900/0x900 [ 2397.713795] ? check_preemption_disabled+0x48/0x280 [ 2397.718800] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2397.723717] ? kasan_check_read+0x11/0x20 [ 2397.727856] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2397.733144] ? rcu_softirq_qs+0x20/0x20 [ 2397.737108] ? trace_hardirqs_off_caller+0x310/0x310 [ 2397.742202] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2397.747731] ? check_preemption_disabled+0x48/0x280 [ 2397.752739] handle_mm_fault+0x54f/0xc70 [ 2397.756791] ? __handle_mm_fault+0x5be0/0x5be0 [ 2397.761376] ? find_vma+0x34/0x190 [ 2397.764907] __do_page_fault+0x5e8/0xe60 [ 2397.768972] ? trace_hardirqs_off+0xb8/0x310 [ 2397.773380] do_page_fault+0xf2/0x7e0 [ 2397.777184] ? vmalloc_sync_all+0x30/0x30 [ 2397.781323] ? error_entry+0x70/0xd0 [ 2397.785042] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2397.790059] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2397.794979] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2397.799903] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2397.804735] ? trace_hardirqs_on_caller+0x310/0x310 [ 2397.809748] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2397.815204] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2397.820213] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2397.825217] ? page_fault+0x8/0x30 [ 2397.828752] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2397.833587] ? page_fault+0x8/0x30 [ 2397.837115] page_fault+0x1e/0x30 [ 2397.840557] RIP: 0033:0x4510a0 [ 2397.843740] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2397.862627] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2397.867981] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e 08:16:15 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:15 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:16:15 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_G_STD(r2, 0x80085617, &(0x7f0000000080)) [ 2397.875237] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2397.882494] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2397.889751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2397.897009] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:15 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x800000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:15 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xb000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:15 executing program 5: shmget(0x0, 0x3000, 0x840, &(0x7f0000ffd000/0x3000)=nil) r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:16:15 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x7a00) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2398.024841] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2398.034039] CPU: 1 PID: 22407 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2398.041428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2398.050794] Call Trace: [ 2398.053404] dump_stack+0x244/0x39d [ 2398.057067] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2398.062295] handle_userfault.cold.32+0x47/0x62 [ 2398.067009] ? userfaultfd_ioctl+0x5610/0x5610 [ 2398.071623] ? mark_held_locks+0x130/0x130 [ 2398.075892] ? find_held_lock+0x36/0x1c0 [ 2398.079992] ? userfaultfd_ctx_put+0x830/0x830 [ 2398.084602] ? kasan_check_read+0x11/0x20 [ 2398.088766] ? print_usage_bug+0xc0/0xc0 [ 2398.092842] ? do_raw_spin_trylock+0x270/0x270 [ 2398.097450] ? print_usage_bug+0xc0/0xc0 [ 2398.101535] ? print_usage_bug+0xc0/0xc0 [ 2398.105612] ? zap_class+0x640/0x640 [ 2398.109356] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2398.114475] ? futex_wake+0x304/0x760 [ 2398.118302] ? find_held_lock+0x36/0x1c0 [ 2398.119801] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2398.122399] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2398.122418] ? lock_downgrade+0x900/0x900 [ 2398.122451] ? kasan_check_read+0x11/0x20 [ 2398.139810] ? do_raw_spin_unlock+0xa7/0x330 [ 2398.144236] ? do_raw_spin_trylock+0x270/0x270 [ 2398.148836] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2398.154673] __handle_mm_fault+0x4bbd/0x5be0 [ 2398.159101] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2398.163961] ? zap_class+0x640/0x640 [ 2398.167687] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2398.172630] ? kasan_check_read+0x11/0x20 [ 2398.176792] ? rcu_softirq_qs+0x20/0x20 [ 2398.180789] ? zap_class+0x640/0x640 [ 2398.184516] ? zap_class+0x640/0x640 [ 2398.188247] ? find_held_lock+0x36/0x1c0 [ 2398.192330] ? handle_mm_fault+0x42a/0xc70 [ 2398.196594] ? lock_downgrade+0x900/0x900 [ 2398.200755] ? check_preemption_disabled+0x48/0x280 [ 2398.205809] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2398.210754] ? kasan_check_read+0x11/0x20 [ 2398.214918] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2398.220203] ? rcu_softirq_qs+0x20/0x20 [ 2398.224191] ? trace_hardirqs_off_caller+0x310/0x310 [ 2398.229313] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2398.234882] ? check_preemption_disabled+0x48/0x280 [ 2398.239920] handle_mm_fault+0x54f/0xc70 [ 2398.244000] ? __handle_mm_fault+0x5be0/0x5be0 [ 2398.248625] ? find_vma+0x34/0x190 [ 2398.252183] __do_page_fault+0x5e8/0xe60 [ 2398.256258] ? trace_hardirqs_off+0xb8/0x310 [ 2398.260689] do_page_fault+0xf2/0x7e0 [ 2398.264509] ? vmalloc_sync_all+0x30/0x30 [ 2398.268674] ? error_entry+0x70/0xd0 [ 2398.272404] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2398.277432] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2398.282377] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2398.287321] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2398.292182] ? trace_hardirqs_on_caller+0x310/0x310 [ 2398.297206] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2398.302667] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2398.307697] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2398.312720] ? page_fault+0x8/0x30 [ 2398.316275] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2398.321132] ? page_fault+0x8/0x30 [ 2398.324687] page_fault+0x1e/0x30 [ 2398.328147] RIP: 0033:0x4510a0 [ 2398.331358] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2398.350269] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2398.355640] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2398.362914] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 08:16:16 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xb, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:16 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fgetxattr(r1, &(0x7f0000000040)=@random={'btrfs.', '\x00'}, &(0x7f0000000080)=""/202, 0xca) close(r1) 08:16:16 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f0000000080)={{0x9, 0x3}, 'port1\x00', 0xc8, 0xa0008, 0x33, 0x3, 0x8, 0x1e8, 0x1, 0x0, 0x6, 0xf185}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) [ 2398.370190] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2398.377464] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2398.384738] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2398.392043] CPU: 0 PID: 22417 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2398.399430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2398.399441] Call Trace: [ 2398.411416] dump_stack+0x244/0x39d [ 2398.415075] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2398.420289] handle_userfault.cold.32+0x47/0x62 [ 2398.424978] ? userfaultfd_ioctl+0x5610/0x5610 [ 2398.424998] ? mark_held_locks+0x130/0x130 [ 2398.425019] ? find_held_lock+0x36/0x1c0 [ 2398.425046] ? userfaultfd_ctx_put+0x830/0x830 [ 2398.433864] ? kasan_check_read+0x11/0x20 [ 2398.433883] ? print_usage_bug+0xc0/0xc0 [ 2398.433898] ? do_raw_spin_trylock+0x270/0x270 [ 2398.433914] ? print_usage_bug+0xc0/0xc0 [ 2398.433933] ? print_usage_bug+0xc0/0xc0 [ 2398.433952] ? zap_class+0x640/0x640 [ 2398.442609] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2398.442626] ? futex_wake+0x304/0x760 [ 2398.442656] ? find_held_lock+0x36/0x1c0 [ 2398.442682] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2398.450884] ? lock_downgrade+0x900/0x900 [ 2398.488956] ? kasan_check_read+0x11/0x20 [ 2398.493126] ? do_raw_spin_unlock+0xa7/0x330 [ 2398.497552] ? do_raw_spin_trylock+0x270/0x270 [ 2398.502154] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2398.507813] __handle_mm_fault+0x4bbd/0x5be0 [ 2398.512238] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2398.517109] ? zap_class+0x640/0x640 [ 2398.520835] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2398.525776] ? kasan_check_read+0x11/0x20 [ 2398.529940] ? rcu_softirq_qs+0x20/0x20 [ 2398.533939] ? zap_class+0x640/0x640 [ 2398.537675] ? zap_class+0x640/0x640 [ 2398.541414] ? find_held_lock+0x36/0x1c0 [ 2398.545499] ? handle_mm_fault+0x42a/0xc70 [ 2398.549753] ? lock_downgrade+0x900/0x900 [ 2398.553924] ? check_preemption_disabled+0x48/0x280 [ 2398.558963] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2398.563905] ? kasan_check_read+0x11/0x20 [ 2398.568069] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 08:16:16 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4305, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2398.573371] ? rcu_softirq_qs+0x20/0x20 [ 2398.577375] ? trace_hardirqs_off_caller+0x310/0x310 [ 2398.582498] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2398.588052] ? check_preemption_disabled+0x48/0x280 [ 2398.593087] handle_mm_fault+0x54f/0xc70 [ 2398.593108] ? __handle_mm_fault+0x5be0/0x5be0 [ 2398.593129] ? find_vma+0x34/0x190 [ 2398.593151] __do_page_fault+0x5e8/0xe60 [ 2398.593171] ? trace_hardirqs_off+0xb8/0x310 [ 2398.613863] do_page_fault+0xf2/0x7e0 [ 2398.617686] ? vmalloc_sync_all+0x30/0x30 [ 2398.621847] ? error_entry+0x70/0xd0 [ 2398.625584] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2398.630614] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2398.635567] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2398.640516] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2398.645390] ? trace_hardirqs_on_caller+0x310/0x310 [ 2398.650422] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2398.655894] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2398.660929] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2398.665958] ? page_fault+0x8/0x30 [ 2398.669520] ? trace_hardirqs_off_thunk+0x1a/0x1c 08:16:16 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xfeffffff00000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2398.674390] ? page_fault+0x8/0x30 [ 2398.677946] page_fault+0x1e/0x30 [ 2398.681406] RIP: 0033:0x4510a0 [ 2398.684607] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2398.703515] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2398.708890] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2398.716170] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 08:16:16 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x60, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:16 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000140)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @remote}}, 0x0, @in=@broadcast}}, &(0x7f0000000240)=0xe8) sendmsg$can_raw(r1, &(0x7f0000000380)={&(0x7f0000000280)={0x1d, r2}, 0x10, &(0x7f0000000340)={&(0x7f00000002c0)=@canfd={{0x4, 0x4, 0x200, 0x80}, 0x6, 0x2, 0x0, 0x0, "f3c48d055b543a85b5f3315865f62ce8eeff066906c593953c43ca3585a420d5284d9bfce9c3723b41f6eea8e840118a9d12709eef7fa37ab851caebeed3d3a4"}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0xc000) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x20000, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x7, 0x310, 0x0, 0xe0f, 0x1000, 0x8000, 0x6, 0x2, 0x0}, &(0x7f00000000c0)=0x20) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000100)={r4, 0x5}, 0x8) openat$vhci(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vhci\x00', 0xa000, 0x0) r5 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r5) 08:16:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x400, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) ppoll(&(0x7f00000000c0)=[{r0, 0x1}, {r0, 0x1000}, {r2, 0x4010}], 0x3, &(0x7f0000000280)={r3, r4+30000000}, &(0x7f00000002c0)={0x4}, 0x8) write$eventfd(r2, &(0x7f0000000000)=0x4, 0x8) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000140)) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) [ 2398.723445] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2398.723455] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2398.723465] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:16 executing program 5: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x2000) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000280)=ANY=[@ANYBLOB="0800000007e95ca87aece10f03f1a30493e0858c9e049b1e601000000009f7a07dbc1e00000003000000f4c526c0cc0800bba86ebc65fde3ed000002000000"]) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = semget(0x0, 0x4, 0x586) semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000140)=""/131) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000080)={0x0, 0x4004400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000919000/0x400000)=nil, 0x400000, 0xffffffffffffffff, 0x8031, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x20) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0)) openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000004c0)) openat$sequencer(0xffffffffffffff9c, 0x0, 0xc0200, 0x0) sched_setscheduler(0x0, 0x6, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x80000, 0x0) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0) r5 = socket(0x1e, 0x805, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x0, 0x200, 0x0, 0x0, 0x38f, 0x0, 0x0, 0xb08, 0x0, 0x7, 0x3, 0x800, 0xffffffffffffffff, 0x5a}}) sendmsg(r5, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) [ 2398.831877] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2398.837106] CPU: 0 PID: 22443 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2398.844481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2398.844489] Call Trace: [ 2398.844516] dump_stack+0x244/0x39d [ 2398.844544] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2398.844580] handle_userfault.cold.32+0x47/0x62 [ 2398.844615] ? userfaultfd_ioctl+0x5610/0x5610 [ 2398.844637] ? mark_held_locks+0x130/0x130 [ 2398.844655] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2398.844671] ? futex_wait_setup+0x266/0x3e0 [ 2398.844704] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2398.844724] ? userfaultfd_ctx_put+0x830/0x830 [ 2398.844745] ? futex_wait+0x5a1/0xa50 [ 2398.874738] ? print_usage_bug+0xc0/0xc0 [ 2398.874758] ? print_usage_bug+0xc0/0xc0 [ 2398.874778] ? print_usage_bug+0xc0/0xc0 [ 2398.874800] ? zap_class+0x640/0x640 [ 2398.884046] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2398.884063] ? futex_wake+0x304/0x760 [ 2398.884093] ? find_held_lock+0x36/0x1c0 [ 2398.884121] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2398.884139] ? lock_downgrade+0x900/0x900 [ 2398.884163] ? kasan_check_read+0x11/0x20 [ 2398.893659] ? do_raw_spin_unlock+0xa7/0x330 [ 2398.893676] ? do_raw_spin_trylock+0x270/0x270 [ 2398.893695] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2398.893722] __handle_mm_fault+0x4bbd/0x5be0 [ 2398.893746] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2398.902134] ? zap_class+0x640/0x640 [ 2398.902149] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2398.902166] ? kasan_check_read+0x11/0x20 08:16:16 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88caffff00000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:16 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f0000000040)=""/81) close(r1) [ 2398.902183] ? rcu_softirq_qs+0x20/0x20 [ 2398.902211] ? zap_class+0x640/0x640 [ 2398.902225] ? zap_class+0x640/0x640 [ 2398.902246] ? find_held_lock+0x36/0x1c0 [ 2398.907688] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2398.910377] ? handle_mm_fault+0x42a/0xc70 [ 2398.910399] ? lock_downgrade+0x900/0x900 [ 2399.008844] ? check_preemption_disabled+0x48/0x280 [ 2399.008864] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2399.008882] ? kasan_check_read+0x11/0x20 [ 2399.008898] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2399.008914] ? rcu_softirq_qs+0x20/0x20 [ 2399.008932] ? trace_hardirqs_off_caller+0x310/0x310 [ 2399.008952] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2399.008969] ? check_preemption_disabled+0x48/0x280 [ 2399.008994] handle_mm_fault+0x54f/0xc70 08:16:17 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:17 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:17 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x200, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000080)={0x5, 0x80000001, 0x9, 0x1, 0x7}) 08:16:17 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x4c, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2399.009015] ? __handle_mm_fault+0x5be0/0x5be0 08:16:17 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2399.009037] ? find_vma+0x34/0x190 [ 2399.009059] __do_page_fault+0x5e8/0xe60 08:16:17 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) mknod$loop(&(0x7f0000000040)='./file0\x00', 0xc000, 0x0) [ 2399.009074] ? trace_hardirqs_off+0xb8/0x310 [ 2399.009101] do_page_fault+0xf2/0x7e0 [ 2399.009119] ? vmalloc_sync_all+0x30/0x30 [ 2399.009135] ? error_entry+0x70/0xd0 [ 2399.009153] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2399.009169] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2399.009186] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2399.009202] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2399.009219] ? trace_hardirqs_on_caller+0x310/0x310 [ 2399.009235] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2399.009253] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2399.009273] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2399.009288] ? page_fault+0x8/0x30 [ 2399.009307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2399.009324] ? page_fault+0x8/0x30 [ 2399.009359] page_fault+0x1e/0x30 [ 2399.009374] RIP: 0033:0x4510a0 [ 2399.009391] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d 08:16:17 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x4000, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) [ 2399.009400] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2399.009413] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2399.009423] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2399.009433] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2399.009443] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2399.009453] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2399.026040] CPU: 1 PID: 22417 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2399.026050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2399.026055] Call Trace: [ 2399.026074] dump_stack+0x244/0x39d [ 2399.026094] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2399.026121] handle_userfault.cold.32+0x47/0x62 [ 2399.026148] ? userfaultfd_ioctl+0x5610/0x5610 [ 2399.026166] ? mark_held_locks+0x130/0x130 [ 2399.026181] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2399.026194] ? futex_wait_setup+0x266/0x3e0 [ 2399.026208] ? zap_class+0x640/0x640 [ 2399.026235] ? __sanitizer_cov_trace_switch+0x53/0x90 08:16:17 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x6c00) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2399.026253] ? userfaultfd_ctx_put+0x830/0x830 [ 2399.026267] ? futex_wait+0x5a1/0xa50 [ 2399.026301] ? print_usage_bug+0xc0/0xc0 [ 2399.026325] ? print_usage_bug+0xc0/0xc0 [ 2399.026356] ? print_usage_bug+0xc0/0xc0 [ 2399.026374] ? zap_class+0x640/0x640 [ 2399.026391] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2399.026406] ? futex_wake+0x304/0x760 [ 2399.026423] ? __ia32_sys_mmap_pgoff+0x1a0/0x1a0 [ 2399.026450] ? find_held_lock+0x36/0x1c0 [ 2399.026475] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2399.026492] ? lock_downgrade+0x900/0x900 08:16:17 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x7a00, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2399.026517] ? kasan_check_read+0x11/0x20 [ 2399.026540] ? do_raw_spin_unlock+0xa7/0x330 [ 2399.026555] ? do_raw_spin_trylock+0x270/0x270 [ 2399.026573] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2399.026607] __handle_mm_fault+0x4bbd/0x5be0 [ 2399.026631] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2399.026651] ? zap_class+0x640/0x640 [ 2399.026664] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2399.026679] ? kasan_check_read+0x11/0x20 [ 2399.026696] ? rcu_softirq_qs+0x20/0x20 [ 2399.026722] ? zap_class+0x640/0x640 [ 2399.026737] ? zap_class+0x640/0x640 [ 2399.026758] ? find_held_lock+0x36/0x1c0 [ 2399.026782] ? handle_mm_fault+0x42a/0xc70 [ 2399.026800] ? lock_downgrade+0x900/0x900 [ 2399.026817] ? check_preemption_disabled+0x48/0x280 [ 2399.026837] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2399.026860] ? kasan_check_read+0x11/0x20 [ 2399.026876] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2399.026892] ? rcu_softirq_qs+0x20/0x20 [ 2399.026908] ? trace_hardirqs_off_caller+0x310/0x310 [ 2399.026926] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2399.026944] ? check_preemption_disabled+0x48/0x280 [ 2399.026968] handle_mm_fault+0x54f/0xc70 [ 2399.026987] ? __handle_mm_fault+0x5be0/0x5be0 [ 2399.027007] ? find_vma+0x34/0x190 [ 2399.027027] __do_page_fault+0x5e8/0xe60 [ 2399.027043] ? trace_hardirqs_off+0xb8/0x310 [ 2399.027070] do_page_fault+0xf2/0x7e0 [ 2399.027087] ? vmalloc_sync_all+0x30/0x30 [ 2399.027102] ? error_entry+0x70/0xd0 [ 2399.027118] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2399.027131] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2399.027147] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2399.027162] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2399.027179] ? trace_hardirqs_on_caller+0x310/0x310 [ 2399.027195] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2399.027216] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2399.027230] ? page_fault+0x8/0x30 [ 2399.027249] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2399.027267] ? page_fault+0x8/0x30 [ 2399.027283] page_fault+0x1e/0x30 [ 2399.027295] RIP: 0033:0x4510a0 [ 2399.027311] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2399.027319] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2399.027331] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2399.027359] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2399.027369] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2399.027379] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2399.027389] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2399.502518] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2399.502542] CPU: 0 PID: 22484 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2399.502554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2399.502560] Call Trace: [ 2399.502585] dump_stack+0x244/0x39d [ 2399.502608] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2399.502636] handle_userfault.cold.32+0x47/0x62 [ 2399.502663] ? userfaultfd_ioctl+0x5610/0x5610 [ 2399.502681] ? mark_held_locks+0x130/0x130 [ 2399.502700] ? find_held_lock+0x36/0x1c0 [ 2399.502727] ? userfaultfd_ctx_put+0x830/0x830 [ 2399.502749] ? kasan_check_read+0x11/0x20 [ 2399.502765] ? print_usage_bug+0xc0/0xc0 [ 2399.502778] ? do_raw_spin_trylock+0x270/0x270 [ 2399.502794] ? print_usage_bug+0xc0/0xc0 [ 2399.502812] ? print_usage_bug+0xc0/0xc0 [ 2399.502828] ? zap_class+0x640/0x640 [ 2399.502844] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2399.502859] ? futex_wake+0x304/0x760 [ 2399.502890] ? find_held_lock+0x36/0x1c0 [ 2399.502916] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2399.502934] ? lock_downgrade+0x900/0x900 [ 2399.502957] ? kasan_check_read+0x11/0x20 [ 2399.502971] ? do_raw_spin_unlock+0xa7/0x330 [ 2399.502985] ? do_raw_spin_trylock+0x270/0x270 [ 2399.503003] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2399.503035] __handle_mm_fault+0x4bbd/0x5be0 [ 2399.503062] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2399.503082] ? zap_class+0x640/0x640 [ 2399.503097] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2399.503113] ? kasan_check_read+0x11/0x20 [ 2399.503129] ? rcu_softirq_qs+0x20/0x20 [ 2399.503155] ? zap_class+0x640/0x640 [ 2399.503169] ? zap_class+0x640/0x640 [ 2399.503189] ? find_held_lock+0x36/0x1c0 [ 2399.503213] ? handle_mm_fault+0x42a/0xc70 [ 2399.503229] ? lock_downgrade+0x900/0x900 [ 2399.503245] ? check_preemption_disabled+0x48/0x280 [ 2399.503263] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2399.503277] ? kasan_check_read+0x11/0x20 [ 2399.503292] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2399.503308] ? rcu_softirq_qs+0x20/0x20 [ 2399.503324] ? trace_hardirqs_off_caller+0x310/0x310 [ 2399.503361] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2399.503381] ? check_preemption_disabled+0x48/0x280 [ 2399.503405] handle_mm_fault+0x54f/0xc70 [ 2399.503425] ? __handle_mm_fault+0x5be0/0x5be0 [ 2399.503446] ? find_vma+0x34/0x190 [ 2399.503466] __do_page_fault+0x5e8/0xe60 [ 2399.503480] ? trace_hardirqs_off+0xb8/0x310 [ 2399.503505] do_page_fault+0xf2/0x7e0 [ 2399.503520] ? vmalloc_sync_all+0x30/0x30 [ 2399.503535] ? error_entry+0x70/0xd0 [ 2399.503551] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2399.503566] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2399.503581] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2399.503596] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2399.503612] ? trace_hardirqs_on_caller+0x310/0x310 [ 2399.503627] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2399.503643] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2399.503660] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2399.503674] ? page_fault+0x8/0x30 [ 2399.503692] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2399.503709] ? page_fault+0x8/0x30 [ 2399.503724] page_fault+0x1e/0x30 [ 2399.503736] RIP: 0033:0x4510a0 [ 2399.503751] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2399.503759] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2399.503773] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2399.503783] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2399.503793] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2399.503803] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2399.503813] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:18 executing program 5: ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000300)={{0x0, 0x2}, 0x0, 0x80000000}) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x0) 08:16:18 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6800, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:18 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x2000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:18 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x5) 08:16:18 executing program 1: prctl$PR_GET_KEEPCAPS(0x7) r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:16:18 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x300) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:18 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x3f00, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:18 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sysinfo(&(0x7f0000000040)=""/96) close(r1) 08:16:18 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x300000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:18 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8035000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:18 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x200000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:18 executing program 5: r0 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x173, &(0x7f00000007c0), 0x0, &(0x7f0000000240)=ANY=[]) syz_mount_image$ntfs(0x0, &(0x7f0000000080)='./file1\x00', 0x2, 0x0, &(0x7f0000000180), 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x404005, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0x4000}) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) symlinkat(&(0x7f00000001c0)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000380)='./file1/file0\x00') mkdir(0x0, 0x0) syz_mount_image$gfs2(&(0x7f0000000400)='gfs2\x00', &(0x7f0000000500)='./file0\x00', 0x6, 0x1, &(0x7f0000000800)=[{&(0x7f00000007c0)="abd92ea4647e79292854414a7185b7a84e11ec742d7510f29fa7f2892155", 0x1e}], 0x8000, 0x0) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) execve(0x0, 0x0, &(0x7f0000001480)) syz_open_dev$sndpcmc(&(0x7f00000004c0)='/dev/snd/pcmC#D#c\x00', 0x1, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x10}) splice(0xffffffffffffffff, &(0x7f0000000280), r0, &(0x7f0000000c80), 0x10000001ff, 0x3) vmsplice(0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x0) msgsnd(0x0, 0x0, 0x0, 0x0) getresuid(&(0x7f0000000b00), &(0x7f0000000b40), &(0x7f0000000b80)) getegid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000540)='./file1/file0\x00', 0x0, 0x2100000, &(0x7f0000000600)={[{@workdir={'workdir', 0x3d, './file1/file0'}}], [{@measure='measure'}, {@uid_lt={'uid<'}}, {@appraise='appraise'}]}) syz_genetlink_get_family_id$nbd(&(0x7f0000000300)='nbd\x00') stat(&(0x7f0000000340)='./file1\x00', &(0x7f0000000440)) syz_mount_image$iso9660(&(0x7f00000002c0)='iso9660\x00', &(0x7f0000000cc0)='./file1\x00', 0x5, 0x1, &(0x7f0000000dc0)=[{&(0x7f0000000d00)="ad03380d062b4e49e867da5d6fb0210849a3f616065d85a07d28bbf5403f064931eaa5465f9d618fea2b4843888d479f2684fa535f99aba1c446e88741dbf3e5dacb7903ab895b282463a4a3077fbbee104619dd9d233a2bec4954e786d21d89973438664301b6aff0096d3aba4747bc4eb839edc38efdb7319ed178b3", 0x7d, 0x400}], 0x800000, 0x0) [ 2401.076687] handle_userfault: 6 callbacks suppressed [ 2401.076698] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2401.099415] CPU: 0 PID: 22538 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2401.106811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2401.116174] Call Trace: [ 2401.118789] dump_stack+0x244/0x39d [ 2401.122449] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2401.127680] handle_userfault.cold.32+0x47/0x62 [ 2401.132398] ? userfaultfd_ioctl+0x5610/0x5610 [ 2401.137002] ? mark_held_locks+0x130/0x130 [ 2401.141257] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2401.146291] ? futex_wait_setup+0x266/0x3e0 [ 2401.150644] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2401.155858] ? userfaultfd_ctx_put+0x830/0x830 [ 2401.160453] ? futex_wait+0x5a1/0xa50 [ 2401.164277] ? print_usage_bug+0xc0/0xc0 [ 2401.168374] ? print_usage_bug+0xc0/0xc0 [ 2401.172451] ? print_usage_bug+0xc0/0xc0 [ 2401.176612] ? zap_class+0x640/0x640 [ 2401.180357] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2401.183662] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2401.185483] ? futex_wake+0x304/0x760 [ 2401.193798] ? find_held_lock+0x36/0x1c0 [ 2401.197881] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2401.202487] ? lock_downgrade+0x900/0x900 [ 2401.206657] ? kasan_check_read+0x11/0x20 [ 2401.210821] ? do_raw_spin_unlock+0xa7/0x330 [ 2401.215246] ? do_raw_spin_trylock+0x270/0x270 [ 2401.219848] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2401.225496] __handle_mm_fault+0x4bbd/0x5be0 [ 2401.229926] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2401.235268] ? zap_class+0x640/0x640 [ 2401.238992] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2401.243936] ? kasan_check_read+0x11/0x20 [ 2401.248099] ? rcu_softirq_qs+0x20/0x20 [ 2401.252099] ? zap_class+0x640/0x640 [ 2401.255829] ? zap_class+0x640/0x640 [ 2401.259606] ? find_held_lock+0x36/0x1c0 [ 2401.263688] ? handle_mm_fault+0x42a/0xc70 [ 2401.267947] ? lock_downgrade+0x900/0x900 [ 2401.272107] ? check_preemption_disabled+0x48/0x280 [ 2401.277141] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2401.282081] ? kasan_check_read+0x11/0x20 [ 2401.286244] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2401.291531] ? rcu_softirq_qs+0x20/0x20 [ 2401.295517] ? trace_hardirqs_off_caller+0x310/0x310 [ 2401.300760] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2401.306320] ? check_preemption_disabled+0x48/0x280 [ 2401.311391] handle_mm_fault+0x54f/0xc70 [ 2401.315464] ? __handle_mm_fault+0x5be0/0x5be0 [ 2401.315486] ? find_vma+0x34/0x190 [ 2401.315508] __do_page_fault+0x5e8/0xe60 [ 2401.315529] ? trace_hardirqs_off+0xb8/0x310 [ 2401.323655] do_page_fault+0xf2/0x7e0 [ 2401.323673] ? vmalloc_sync_all+0x30/0x30 [ 2401.323689] ? error_entry+0x70/0xd0 [ 2401.323712] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2401.340099] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2401.340118] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2401.340134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2401.340155] ? trace_hardirqs_on_caller+0x310/0x310 [ 2401.348887] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2401.348906] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2401.348927] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2401.363806] ? page_fault+0x8/0x30 [ 2401.363827] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2401.363846] ? page_fault+0x8/0x30 [ 2401.363861] page_fault+0x1e/0x30 [ 2401.363874] RIP: 0033:0x4510a0 [ 2401.363892] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2401.363900] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2401.374377] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2401.374387] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2401.374397] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2401.374406] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2401.374421] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2401.463748] CPU: 1 PID: 22552 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 08:16:19 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x3, 0x70, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b6, 0xfffffffffffff69c, 0xfffffffffffffffd, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x800000000}, 0x0, 0x0, 0xffffffffffffffff, 0x8) close(r1) 08:16:19 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f00000000c0)={0x0, 0xffffffff, 0x9, [], &(0x7f0000000040)={0x99096e, 0x6, [], @ptr=0x48e4}}) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:19 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4800000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2401.471135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2401.480497] Call Trace: [ 2401.483110] dump_stack+0x244/0x39d [ 2401.486757] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2401.491971] handle_userfault.cold.32+0x47/0x62 [ 2401.496675] ? userfaultfd_ioctl+0x5610/0x5610 [ 2401.501275] ? mark_held_locks+0x130/0x130 [ 2401.505536] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2401.510567] ? futex_wait_setup+0x266/0x3e0 [ 2401.514912] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2401.520121] ? userfaultfd_ctx_put+0x830/0x830 [ 2401.524719] ? futex_wait+0x5a1/0xa50 08:16:19 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) [ 2401.528541] ? print_usage_bug+0xc0/0xc0 [ 2401.532623] ? print_usage_bug+0xc0/0xc0 [ 2401.536705] ? print_usage_bug+0xc0/0xc0 [ 2401.540783] ? zap_class+0x640/0x640 [ 2401.544512] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2401.549635] ? futex_wake+0x304/0x760 [ 2401.553467] ? find_held_lock+0x36/0x1c0 [ 2401.557558] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2401.562162] ? lock_downgrade+0x900/0x900 [ 2401.566335] ? kasan_check_read+0x11/0x20 [ 2401.570508] ? do_raw_spin_unlock+0xa7/0x330 [ 2401.574938] ? do_raw_spin_trylock+0x270/0x270 [ 2401.579534] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2401.585188] __handle_mm_fault+0x4bbd/0x5be0 [ 2401.589626] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2401.594491] ? zap_class+0x640/0x640 [ 2401.598220] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2401.603163] ? kasan_check_read+0x11/0x20 [ 2401.607335] ? rcu_softirq_qs+0x20/0x20 [ 2401.611361] ? zap_class+0x640/0x640 [ 2401.615092] ? zap_class+0x640/0x640 [ 2401.618827] ? find_held_lock+0x36/0x1c0 [ 2401.622919] ? handle_mm_fault+0x42a/0xc70 08:16:19 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x227d, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x42000, 0x0) connect$unix(r2, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e) r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) 08:16:19 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x2, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) [ 2401.627172] ? lock_downgrade+0x900/0x900 [ 2401.631332] ? check_preemption_disabled+0x48/0x280 [ 2401.636387] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2401.641349] ? kasan_check_read+0x11/0x20 [ 2401.645514] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2401.650806] ? rcu_softirq_qs+0x20/0x20 [ 2401.654813] ? trace_hardirqs_off_caller+0x310/0x310 [ 2401.659944] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2401.665499] ? check_preemption_disabled+0x48/0x280 [ 2401.670548] handle_mm_fault+0x54f/0xc70 [ 2401.674633] ? __handle_mm_fault+0x5be0/0x5be0 08:16:19 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x20100, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x8000, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e21, 0x16, @ipv4={[], [], @multicast1}, 0x1}, 0x1c) [ 2401.679245] ? find_vma+0x34/0x190 [ 2401.682815] __do_page_fault+0x5e8/0xe60 [ 2401.686895] ? trace_hardirqs_off+0xb8/0x310 [ 2401.691330] do_page_fault+0xf2/0x7e0 [ 2401.695162] ? vmalloc_sync_all+0x30/0x30 [ 2401.699420] ? error_entry+0x70/0xd0 [ 2401.703148] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2401.708174] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2401.713115] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2401.718052] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2401.722924] ? trace_hardirqs_on_caller+0x310/0x310 [ 2401.727956] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2401.733425] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2401.738465] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2401.743503] ? page_fault+0x8/0x30 [ 2401.747058] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2401.751916] ? page_fault+0x8/0x30 [ 2401.755468] page_fault+0x1e/0x30 [ 2401.758966] RIP: 0033:0x4510a0 08:16:19 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x204100, 0x0) ioctl$IOC_PR_REGISTER(r2, 0x401870c8, &(0x7f0000000080)={0xff00000000000000, 0xda2, 0x1}) close(r1) ioctl$BLKRAGET(r2, 0x1263, &(0x7f00000000c0)) 08:16:19 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2401.762172] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2401.781086] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2401.786461] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2401.793741] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2401.801022] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2401.808305] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2401.815595] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:19 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x2, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5, 0x404400) ioctl$VHOST_SET_VRING_NUM(r2, 0x4008af10, &(0x7f0000000080)={0x0, 0x3}) close(r1) [ 2401.965754] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2401.980303] CPU: 0 PID: 22589 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2401.987704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2401.997075] Call Trace: [ 2401.999692] dump_stack+0x244/0x39d [ 2402.003347] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2402.008572] handle_userfault.cold.32+0x47/0x62 [ 2402.013265] ? userfaultfd_ioctl+0x5610/0x5610 [ 2402.017862] ? mark_held_locks+0x130/0x130 [ 2402.022108] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2402.027127] ? futex_wait_setup+0x266/0x3e0 [ 2402.031471] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2402.036675] ? userfaultfd_ctx_put+0x830/0x830 [ 2402.041264] ? futex_wait+0x5a1/0xa50 [ 2402.045080] ? print_usage_bug+0xc0/0xc0 [ 2402.049145] ? print_usage_bug+0xc0/0xc0 [ 2402.053216] ? print_usage_bug+0xc0/0xc0 [ 2402.057290] ? zap_class+0x640/0x640 [ 2402.061016] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2402.066123] ? futex_wake+0x304/0x760 [ 2402.069942] ? find_held_lock+0x36/0x1c0 [ 2402.074023] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2402.078614] ? lock_downgrade+0x900/0x900 [ 2402.082777] ? kasan_check_read+0x11/0x20 [ 2402.086930] ? do_raw_spin_unlock+0xa7/0x330 [ 2402.091358] ? do_raw_spin_trylock+0x270/0x270 [ 2402.095950] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2402.101594] __handle_mm_fault+0x4bbd/0x5be0 [ 2402.106016] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2402.110865] ? zap_class+0x640/0x640 [ 2402.114631] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2402.119566] ? kasan_check_read+0x11/0x20 [ 2402.123720] ? rcu_softirq_qs+0x20/0x20 [ 2402.127711] ? zap_class+0x640/0x640 [ 2402.131430] ? zap_class+0x640/0x640 [ 2402.135157] ? find_held_lock+0x36/0x1c0 [ 2402.139234] ? handle_mm_fault+0x42a/0xc70 [ 2402.143476] ? lock_downgrade+0x900/0x900 [ 2402.147632] ? check_preemption_disabled+0x48/0x280 [ 2402.152660] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2402.157591] ? kasan_check_read+0x11/0x20 [ 2402.161741] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2402.167021] ? rcu_softirq_qs+0x20/0x20 [ 2402.170998] ? trace_hardirqs_off_caller+0x310/0x310 [ 2402.176111] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2402.181654] ? check_preemption_disabled+0x48/0x280 [ 2402.186681] handle_mm_fault+0x54f/0xc70 [ 2402.190751] ? __handle_mm_fault+0x5be0/0x5be0 [ 2402.195358] ? find_vma+0x34/0x190 [ 2402.198908] __do_page_fault+0x5e8/0xe60 [ 2402.202972] ? trace_hardirqs_off+0xb8/0x310 [ 2402.207398] do_page_fault+0xf2/0x7e0 [ 2402.211204] ? vmalloc_sync_all+0x30/0x30 [ 2402.215371] ? error_entry+0x70/0xd0 [ 2402.219098] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2402.224120] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2402.229063] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2402.234003] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2402.238855] ? trace_hardirqs_on_caller+0x310/0x310 [ 2402.243879] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2402.249335] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2402.254385] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2402.259406] ? page_fault+0x8/0x30 [ 2402.262953] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2402.267806] ? page_fault+0x8/0x30 [ 2402.271365] page_fault+0x1e/0x30 [ 2402.274825] RIP: 0033:0x4510a0 [ 2402.278035] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2402.296937] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2402.302300] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2402.309574] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2402.316848] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2402.324129] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2402.331401] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2402.388876] overlayfs: failed to resolve './file1': -2 [ 2402.438784] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2402.452059] CPU: 0 PID: 22552 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2402.459463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2402.468826] Call Trace: [ 2402.471439] dump_stack+0x244/0x39d [ 2402.475088] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2402.480312] handle_userfault.cold.32+0x47/0x62 [ 2402.485046] ? userfaultfd_ioctl+0x5610/0x5610 [ 2402.489655] ? mark_held_locks+0x130/0x130 [ 2402.493911] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2402.498943] ? futex_wait_setup+0x266/0x3e0 [ 2402.503281] ? zap_class+0x640/0x640 [ 2402.507031] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2402.512242] ? userfaultfd_ctx_put+0x830/0x830 [ 2402.516840] ? futex_wait+0x5a1/0xa50 [ 2402.520664] ? print_usage_bug+0xc0/0xc0 [ 2402.524745] ? print_usage_bug+0xc0/0xc0 [ 2402.528827] ? print_usage_bug+0xc0/0xc0 [ 2402.532911] ? zap_class+0x640/0x640 [ 2402.536646] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2402.541764] ? futex_wake+0x304/0x760 [ 2402.545580] ? __ia32_sys_mmap_pgoff+0x1a0/0x1a0 [ 2402.550381] ? find_held_lock+0x36/0x1c0 [ 2402.554467] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2402.559062] ? lock_downgrade+0x900/0x900 [ 2402.563233] ? kasan_check_read+0x11/0x20 [ 2402.567399] ? do_raw_spin_unlock+0xa7/0x330 [ 2402.571848] ? do_raw_spin_trylock+0x270/0x270 [ 2402.576453] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2402.582114] __handle_mm_fault+0x4bbd/0x5be0 [ 2402.586588] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2402.591458] ? zap_class+0x640/0x640 [ 2402.595185] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2402.600132] ? kasan_check_read+0x11/0x20 [ 2402.604300] ? rcu_softirq_qs+0x20/0x20 [ 2402.608303] ? zap_class+0x640/0x640 [ 2402.612048] ? zap_class+0x640/0x640 [ 2402.615787] ? find_held_lock+0x36/0x1c0 [ 2402.619873] ? handle_mm_fault+0x42a/0xc70 [ 2402.624126] ? lock_downgrade+0x900/0x900 [ 2402.628288] ? check_preemption_disabled+0x48/0x280 [ 2402.633325] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2402.638278] ? kasan_check_read+0x11/0x20 [ 2402.642437] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2402.647724] ? rcu_softirq_qs+0x20/0x20 [ 2402.651717] ? trace_hardirqs_off_caller+0x310/0x310 [ 2402.656853] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2402.662414] ? check_preemption_disabled+0x48/0x280 [ 2402.667454] handle_mm_fault+0x54f/0xc70 [ 2402.671542] ? __handle_mm_fault+0x5be0/0x5be0 [ 2402.676148] ? find_vma+0x34/0x190 [ 2402.679710] __do_page_fault+0x5e8/0xe60 [ 2402.683796] ? trace_hardirqs_off+0xb8/0x310 [ 2402.688214] do_page_fault+0xf2/0x7e0 [ 2402.692017] ? vmalloc_sync_all+0x30/0x30 [ 2402.696172] ? error_entry+0x70/0xd0 [ 2402.699894] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2402.704916] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2402.709833] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2402.714755] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2402.719611] ? trace_hardirqs_on_caller+0x310/0x310 [ 2402.724636] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2402.730092] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2402.735104] ? page_fault+0x8/0x30 [ 2402.738641] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2402.743478] ? page_fault+0x8/0x30 [ 2402.747013] page_fault+0x1e/0x30 [ 2402.750457] RIP: 0033:0x4510a0 [ 2402.753638] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2402.772530] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2402.777885] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2402.785149] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2402.792406] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2402.799662] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2402.806919] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:20 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x2000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:20 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xb00000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:20 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x1, 0x2000) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r3, 0x501, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x1c, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @empty}, 0x10) r4 = semget(0x2, 0x7, 0x6fd9c8565e924945) semctl$GETPID(r4, 0x0, 0xb, &(0x7f00000000c0)=""/155) getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x41, &(0x7f00000002c0)={'raw\x00', 0x65, "f0f7355214166431f6508a3fe10f1b582be6b8ba42644c36b6fa7910dafffe5657673323f9ebdfc466e5e4b6fe9b64a8e50317a0a8a1df02d2371e4bf291f12724c90bbb594bedbbb24e04f9a5d81c84e180142f84cab0d6abf401e3c894effd77282c1497"}, &(0x7f0000000380)=0x89) close(r1) 08:16:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000000)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 08:16:20 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x5000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:20 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x8, 0x4000) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000080)=0x8, 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r3, 0x80000, r1}) [ 2402.955796] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2402.964242] CPU: 1 PID: 22612 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2402.971625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2402.980985] Call Trace: [ 2402.983595] dump_stack+0x244/0x39d [ 2402.987247] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2402.991703] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2402.992469] handle_userfault.cold.32+0x47/0x62 [ 2402.992505] ? userfaultfd_ioctl+0x5610/0x5610 [ 2403.006241] ? mark_held_locks+0x130/0x130 [ 2403.010493] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2403.015524] ? futex_wait_setup+0x266/0x3e0 [ 2403.019893] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2403.025104] ? userfaultfd_ctx_put+0x830/0x830 [ 2403.029697] ? futex_wait+0x5a1/0xa50 [ 2403.033521] ? print_usage_bug+0xc0/0xc0 [ 2403.037602] ? print_usage_bug+0xc0/0xc0 [ 2403.041680] ? print_usage_bug+0xc0/0xc0 [ 2403.045755] ? zap_class+0x640/0x640 [ 2403.049491] ? drop_futex_key_refs.isra.14+0x6d/0xe0 08:16:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r2 = dup3(r0, r0, 0x80000) ioctl$PPPOEIOCDFWD(r2, 0xb101, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x1ff, 0x80000) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) linkat(r3, &(0x7f0000000040)='./file0\x00', r4, &(0x7f0000000140)='./file0\x00', 0x1000) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) [ 2403.054608] ? futex_wake+0x304/0x760 [ 2403.058435] ? find_held_lock+0x36/0x1c0 [ 2403.062529] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2403.067134] ? lock_downgrade+0x900/0x900 [ 2403.071306] ? kasan_check_read+0x11/0x20 [ 2403.075486] ? do_raw_spin_unlock+0xa7/0x330 [ 2403.079906] ? do_raw_spin_trylock+0x270/0x270 [ 2403.084764] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2403.090433] __handle_mm_fault+0x4bbd/0x5be0 [ 2403.094872] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2403.099738] ? zap_class+0x640/0x640 08:16:20 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x2, 0x2) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f00000006c0)={{{@in=@remote, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6}}, &(0x7f00000007c0)=0xe8) r3 = fcntl$getown(r0, 0x9) fcntl$getownex(r0, 0x10, &(0x7f0000000800)={0x0, 0x0}) fcntl$getownex(r0, 0x10, &(0x7f0000000840)={0x0, 0x0}) getresuid(&(0x7f0000000880), &(0x7f00000008c0)=0x0, &(0x7f0000000900)) lstat(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f00000000c0)=0x1a, 0x4) r8 = getpgid(0xffffffffffffffff) sendmsg$nl_route(r1, &(0x7f0000005a00)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000059c0)={&(0x7f0000000a00)=@bridge_getlink={0x4f98, 0x12, 0x310, 0x70bd28, 0x25dfdbfe, {0x7, 0x0, 0x0, r2, 0x40400, 0x100}, [@IFLA_VFINFO_LIST={0x4ccc, 0x16, [{0x58, 0x1, [@typed={0x8, 0x72, @pid=r3}, @typed={0x14, 0x95, @ipv6=@ipv4={[], [], @remote}}, @typed={0xc, 0x0, @u64=0xffff}, @nested={0x24, 0x3b, [@typed={0x4, 0x18}, @typed={0x14, 0x19, @ipv6=@local}, @typed={0x8, 0x80, @pid=r4}]}, @typed={0x8, 0x67, @str='\x00'}]}, {0x2100, 0x1, [@generic="01b3550fad658e7f9ddb09d95be0acb9b8708dd0714bcd674e81d750be44382d2364b32d0c62036431bac9ae1026315cf52b1fbb51fa7e0a34ebd3a9dcf984d7424615568c5dd99ffd05bb149d83c934e091da8c2ff9e6ab99187afb707412d25c8d556af89d9eb3cdf058af4cc24e2ad7bfa4dfeb801d9518f11d49e023606ea5694a7a2b87d73584b76164fe1bd075c15930478c339c885266c8751f2fe2361855cbc1a67fe6a0bbdf06e7d7e38b3512f5408b71d7e9cc8a51365713f14f838ab8b836478fecd7a7bdf6a8c922b02fd3dedaa859437d05985489593f4aaf30198d6ee5ec36db715e3c79e73db2a03aab0c21f1ec424ee6ba0c454fdb7005e6ba7d496f2d458e76154198ffb50b65c56628d71f1a68bed96c598d58de548685d63d520de4a0d09717242dcc51a20ccc1d21dcdc5a21f9973501ed3c97782c5238ff3903265a7f1a0c0a9b4cdfe5df25d59ee69c93e9fdb64ad4d3528e343c3090ddf7922f474e82b576f6a0272220d46fc735294c5f99a2775357a7b35efdc658f165f299a5f1eb2d4d648e223ead6c104f3d127164d7209bd3a7cf0abdcfd85d12817acd916a0d6db27b6713ab0e01aa13fe8a255a140b032634a9504951b822a689425708ab103315969a879569c524cadf3d3a236426171fbf35cad2c04901ce617588cf4325a88ff7d0d6f1a654b5ba53aa831dc4f4eefec5c29df9b0227318c39656b963fa8d4e17b0dc7307f23580312903d2f0a81acacac71f2064dfaf174dc9880a9de26c750e9726ff52bbc8d571cea6f1b2d55a05e9ce918c50c397a7d9fa3155fc41759ff8a843e3ce00b6a314dee8fb8fbee1d4a25bbf145ae0d92bad930221689a9154ad2e323beef5a01ead69ddfcaf9d048cc6b5e45f4f433823f5428c4fc4ca5c400267cee5baf3f278acb7ec18af26d701f64187a716efb226a6ca704b04d42557e84452d4f1af6a389eb073b43d0326e7aeebdc257d6b8eff7df727c40de2fc5bd6816b9e742877c78675c3759ec301505e77bee7030f2e6e450bc41158e8dd7984bd519a4781a23215eda82558968c700417ffb828bea9817bf92a69be7fd4f4e59da5292ec217b3a4346e3f85ed4bc3a52ba22cf691aaeeb779b9f0a99865107293e9d04f38be8abfa70c05103637f5ce4de1d62f6c4837bb5d0581621011d4ed268132c7fcd0b999c63c803bb74dbaefd41948ca887dff1341247672a5ff7ad3586625dac009b04bc8fcc1fbd5f41fac8b83b8c0c432f22b920aad93c6c231581857f02c6d6514ff4f6386e7f9cc4a7c9adffa37f2f22b7bd2116c33bb30724ed62767ccec8d98c23ab36d014ea8f8a977798e04818c62cacef7c236f27a1c87d50dfcf9ed32c429c956c066853553038ae06964cc19ddba201ab461cc1166de81b56c53145e6c81b6709c31f3bc84498e7b2073a59323ade27e1232c54907d817c20db9d2d1a80ba1543f75c1a6099e36e6f6e15169a1f5fc3c1a4fb802e25e2cc10bf21a5c8a2cf29c1e16c1b724463c65a91a50061fff4876502ab8c52ec5a43f872ae5269ce23e7bc976510ed7978a2031543a14934fef7fa07ac805656bcc47203a0009af291614151e8c6fca41f378cb048ad7577ad3d299a3684b02b7d38ad573899aa3c1d284bc83eecbab00eaa5a8b3c3153f0f30a460c75c99c5f3bf7dadfaed96070a63cea12b148fd3ce0dea8248a6173b2bc55b1c0893a35627dcb26783a49f3acba8caa6603a7f41d16b355d4032102706b5191b8bc3c538bad16f9a5d5645c694a738cadb39cd07a86628cb5b063a0536f1027471574ba4c99b626cd0dddd32d32196bc1659adf7f2b43d407848d24f9f32656221711d7c8b09d45a1f5919ef16b872dbdd510960591c14c51a2189a195f104f506f43b3be297d7ad2bbc831b0da76dcee7b729ca46c55d6846d466a2960ca839494b46f4743cb44ff46bedb9c7be2e058dc58cab900df83eb1e4eec128e306bead839de15d2ac4c703c21497fe86d8e2d0db5e195099a9ba41bcc05600c753e6cd94c3b9d2811c6ca4837cae054cb0df17151788990c07483678eda9482eda40462b8e632b3433c54252576203288657f2fcb24fe2aa94732cb697cbccd6565e6d226cd75a295c61cba5470f766a3b0114570d42d29acba68d5082c099a6146b850cab1cddd0cdf5b7e99efd3fea5f03c31a50f41c422a66ee5c40a801cbe4cdae907534cc00b0372dab0cfc19f6f3cce757c520076b7339273837d40f306dd3a7efb8e8e10f8968d9798d0b58068d36e9c27984ca5db84b52bfe030fe8cbaa09430be01e208d2173b187c7144ea4b1dfbf054e42a5a3396a15d0ce3b603d87dbe90a8ead85219ea580e6f1ab3c5011d7f64a8e31ec3d4de180ae113df74d7039b960a24be8f20d49f6858a2957b91ca38dc6b5a43f2b371a7b916cc9d85ec2ba81d7a8354e02d4248402816c05d43f8ccb6f5d056a3ff374f1aa9d136d5c129c03dff69236d8008fcc659599d5092d94d39ce6cc2ffd20f25e0e457401bca035dae1d01015047c69424578c2467473f7f15df7a29c852169bcf25cac29b066896667177d1ceaaae0b8e960b51cc7244072dd247a0025ef0693dd213b133117e8fac8f80f27605d08f6cffcb7c47fa480c75f7604e0adae46f147fc4fc5a7aff8d346742202cc988292ff2b4519548d0f94127b0b51f484b5f0e671ca3aa4c6d8f186de0eeffb552efbb4c229c28deb6cfc7f10107ed17340ce2b0050bb8bb0711bba08a7bf670ff9b9c25efbb4c43bebac46050e91cf867a9060aefaf3db5db157ed0df97f842a8dc9473dd8bcc8a7af034c80b904d1edf26370151f9c71bf07c699752fb1a6b02f963b1a7570eb892051e574f02cd28c2c4bd1d5a21f137606e10f2a0eedf6c7693a28ee9a3f1fae2187536b60d09997d3f81cea0bafea78e6a0e780aae5c8d9468f23228f248f2f86449b653226542d664a35963e2a72adf6773052c71fc632995b04d497eed3426d69dee621abd1d9320122c987290b28054b891d5301cff92ce0e11beaf5c5e3e19de2983854b93b7e569d8f37f3563f7616f75f4b1665675f66c0a8012977633c45539744b6138dc8b268f5c5309fb86a687b0d3109056f1ae99ed090b99eea4ca8b3f6be83341c2be7bcc247b75ecd7ee78c64358bc33337f26774ed9fb5bb0cb6a62fb3aca8ee306e97829e1644a480a991fa05eaa3877ed9652b516fbe59b55244db615cff8840ddb77901c2e1253280f4316df23a1c82a1d60b2d5b2bb6f3cd96a3693a2501330aa6f2c6e901ca3ff93f88b973b4be1be67988efdfef774445fdeceaead94dcaf11c369feb472b23663b2d9c1a26e3f9dbefcf6b37481771935e0c72c430c89097a078e6448f192d4f39ef0b36184b1b7789e5100b9d032963432bb9d82329a62f4d8d35ab5c4f5a48a55fa5230fa9e457b7529bff27a6a2433b716f60f56c0b3c97fbcb4231505e054d52bea5132c8488bf20ba34e5208fb9de7feddeb75c5052d5eea6486987cd832ce6097b2bc6af2b12f1ebac346e51816297c62a0089341e7421bf92668eac8384a51faef1d7e9e530c1451c01b1910fc9a268e75de445a9d9b5e6dd203f756f6afc8ac85cf942032cb32dd5feccd1889602c32d78b4bce350c0fef8a8dd0ee0cb9012ed54a2ca8a388fbf9f90b0dd8c79f89d9b61a7219bfb8915618ef73dedcb2d9e91ab08e4060b91b78b74677d18db3b5a6e96433fcba181de8ebd5ef870bd6cfa798baa02b9863ab7f5f2a0a070baaacfa4ddfc3328518594fa8483a400e3ee0182b179a8d951dcb1c4dae283e5ade786094075f419fde57d1ead1e2de2a5f28125a38ec700113fea9e849eba3cfb7efe907e453da7524649c56cfa7c08c72181bdc7e44d316ec0d46c2c4b15a02b554ab2b6aa1d4caa4af541dbba7558e0bdbe2b916ffff4c6855b26f5a2d4002ac96b233cba9a52eaf5f1e4d46c1a0c0cfabb6e4678cde48a6a7f75c76cd82966198fbee488e0fed5746a8c936db46dfccb8e9660b0a714584e60b4a3b593b5108f3ccbcb8511520cc6a5f444116a6f768fd33112e08096b74cf8d3bb344982b92c7a9e29ebd6ab7f1d54a8a0b6f8714a392d947b18e515d6ceed0a35b11c9f2416971f7abea4a9bc5d23b9c022a9d009742e7452e9d2aca141558461c8c9a1fdded8eac08c6ac51fe1b808fffe58cf1339f1aced4a51d3e9692cc5261ea17bff28b6c1fe44266788f77479a7a1edf41bf6b516db99ccb79c6241e6c8865dbf3470f9a4d77e138acea46c30ab7683cb0fc0784a5c9b01c49f463a1cf88dfda0ca402ea3879cac87f081c78c8753a82152d97e7e5fb1434973a52ae7055425e88bfac962ca96cba3d330a2d90d84fff50f6f94ab7593b3f3f0c110aeeaf4ef1705b2e59f1f94df2b4617d0c7435039185a203e2e93b57a422351e2a7b5d5212401df673125689a5a4c9e2a19032093a47f33f4d7876bff035eace35375723f8e741d66964937fc35d6c5c795e74491e82f4703ebb24548dd396becb47a9dbf13c8970f902b8485de35c6b2e47bafa694cf8c7083f3a4827656c76d3c706d17240a6d9887f02d15f355c7e7da142e9f6ee8e992426bf10daca240fd771a581298aedbab83131eb22e3d315cc66a7c9741ad3603bb2e80576557707937233f6c31a285c9c8c050b4ffba0c54e73b1670a3a34b65c2325e9cbdb7db104c2b4180a3904179ecc38d58958fcd6a87d1716cfd1a0da8915707c83a64b7acdf1413351b5a5a224b4592d05e3ee612fc59505ddfc4b3de770f0f9995b0914ec66a175063d1c5536ae93e0865381536b713cfe13e1ecd4dada9f35d24c4bc13e175eb49f9cdfee2e960686ac487b92986b129d02c4a02a3d746f05c5484378a7b4b7af9a2675c02df70d3975593df6020d5d4fd25a3abd82270ac1b3d2b2e9a6e28c5225fc14a1a9a6fca500183bb601de368ee616d280213a0d532ecc232c21d8b20bdc3857ff90d0100aaba09d60abda9c4282c0ccd500e7ce5cb637f92b5ce9f341e85107620c437895567571f8969358c0e7f7b9422b7131224ae68d6c17af5ec926fcc6a1d641658b625b53c44c7fe09359c9a456855869044f4f7d1a4331e3f20917e03b2801f6a9296eec0e85855a7ee34dbd2a48ee647676f9479030b7a56f1181ff3576603ab979a17782dc61a1238b34d5033a31c2c778c0a630c4c1b49b87d28d8201844659720557795117675e0596952aa687d146c5b95a868048ba040d5ef3fa1c36c261b927c550ecdcb848353d2958aa684fb15baa77687160606f90f050adcfd8b1b0667db5547ad8ecc79a183c62192065eddaebe770ed58022f7627ed3be4b5bad1b09b289d8b9621d08dd0a896bbb4249ddd415f68a754b58d7f0b31c5d8b82f2c3f13a2287316e35c8ee0190fa1478c9ffbc2eb44bf9d64cb008ed042c12e429158a6640b0e5a9954b7b496eac795514056866a2a36f1010a1d47845c87b6448be822654a81eafa570cdd771cee10066dfea1758081b87b1e980caa5ab64df9b47117bf9503e21eafaa46385b589b4a0695f6537c44917aab5d904b74d073074c2074974faedbd7836c27ad17977100ca00bd7f256b934ab813aa38b9de00b4d729b31a894b164e9701599bdb6a0c305bbcc33bb1b68d52be8651925f073d48d504ddfee3d9ae5f73507cc52b876e0d83fdb23ff36bd88d8c6379076af820a61236567d80dc00f605f317522ab053ba8019f413cf514245bcf60390d58ec8ee99f71a", @nested={0xf4, 0x41, [@generic="e27ae3fef2fd480aff690959a382c2b69eec8db83679ed23f62b4ae1d20ef27dcf81705d7cd386e3c065758c0fb426bad79ffce0f3e71604d23483cbea1d84445612fac2e24dc233752ce2a91440835f66a65ce270990b13d9796315524fd6cbe86f449aff84d64561ab44ac70e70e9cbe26ad62e9bb9ffb2524d37501e6d0cc3977569b9e8fda8091cee09a4d63d5188e1a2a38edcc04aac6112e06d0d480a743762bd171444a41f0865f19008e113ba5c6a9fc3445181358b1ddf25b55cd91ca04c195aa0dc2a48d49e646deffc6afcec87f88552b900bd3369322f9a3aef1ca666bcb90dcfec996040463e7"]}, @typed={0x8, 0x37, @ipv4=@broadcast}, @generic="fa205c3a3edd794a446f82a9c2d77335773966988b9e93e161b3467721f7c6032195059ce31c8cc778a0a667452525a272cf0ef3a737a1320b85195e1c0591f34534a670dbdf757c3e3f5c8e6ab960b48efcaff53c7382510e640ac1d817d2bac3c224e1cbec06a11fceb558a878a47af2e69510040d79c7ebfe0a9231deb663f9425aaea3eefe7d34cd13f291fc30421bf95e6d8610c55f7801e811c47be9dabe116951e61efb19cbad6d4ebd26e4aa3ab12b8bcda1f7e8439007472c5fa030a6515ce7ac86ac5ba04fb08aa98d030e6d3dd02640981625352cf9bc9d7b10b60ef3f59738b098c83d087a9624568b4a3e5ab282aea6a2901fe51a2814172e065dfec27c7b92ce7137e391fc8dffc711cd8c80637887b27e2842525c57224ac4b23d64ed0699219093a0a7b250af832a7d29fffebc892ec21df62082673c2a19b9c4fabf4662b7bb271e556aa162c288f7d60a3438ca796d9776a1d3920f41486d57af9dd8b75781430cad15c042212b5d4585da80b779bfd798bbd94ed4c3864d01d813e0867ed643be84ee5396544273ae69158643eadf701be318c5c67ffc2d397da2c3990b8741c6c31c86f15d93effe94c9b88c7bdd8a64b881273689f9fd8988f6733de691e7c7674da9d8a44da08d5ff9a6d3330e455cefacb0ce617810540e9c60b7eeb2c3c5077a4d6c5cab0471c80e2553dad0b5090c255d3584911a13db5ac524d2730263305b199b774706ec0ffe21413bcaa57dfca4543fddb96d235a112d7c4848293604f6e9a10891a2b10314bcce18aae6be31b3858742a52320d7f1c923f5fa52f9f4ea196c418d00cb335b32fbd65f9a6c1e02732cddbca853114811b214bddc191f64aa0644b982d4ef3b3b6b98b8358a84ce0c874543c062e169f60c7ef25f7e0001fe747636565bf4804a82b8895c5c1da1f4e48a9a77191e45f5fcc0291fcca94ed2267a0ef9dc2eba1646ea19ec4c879c3459ab215613e05fb6bf2d9aab40bd61f9ccb17ce0929a8c04ec04d190f25a982b5f3b9e90fb3c03e7a55068db594e81a9e1117d726fc194ac251767b3abd7ccf537461bbc6ec3af2c216ca57d2257ca4b41e0bf43469ea9fcbc0c150409ab5cbbb9cb1d9862d4bc84ce9ddc1a5608a532584d4af73d499aa944a27e7523f2a272fa58168498493bc4549656b26055550910d18000d6a386986bb414df6d22090147729f8cc247aeed016d0e422b68ab013b3eab4928b789cfc4313dff2f757786f5caf6f6e6c2f6d45dfc2b58dd3cd47d8fb2c26cbf619ef225cf9be88001683d298d30fa501b3be2023ee0a8b2c7bf03b66c8270824d570f6e69579fc19f3c5d146fe866a87a06716dc82e259a6148de55840966dcee6017307e053367190c35bd53fe7db8a67b1382c3489014e0ad2f80a2ae4cf911c247d284c083bf71134728dd3eb6ef11852eb7ad592d76c85ebd53ca361951377b3ba8fef70936a37f01d53bdd49cb3c12e6e24df4dd6b56543560076caaf85b7a8fb8dde2380903b97494d15e9f05daa95298f665437c9d400ecfa55c884da66f8e9e244c5fbf85b28b8ea2eb93db3168aa6adeb67810c83ba4798f798b9cc069f029cb138b3ed0bdeadef4accea33ae506180d5a7304265f188f866ca8fafa7ec4ed07e2ea8a90c15bc035d6e344b12ac2e71f2295dd6a1ad47fb68dfb2dac4e36b961d84cc6b43aebe17314d581cb5f09242c4570bf264942a2cdf1bc56e4b5710a25fdb8a9686ecf2398446c4845e46d9522dd8333681780acf3a95a7139f0fdcc0c1fa5adb6d591ba1a19c76b3f07be07fba48d2c0d4439c237d61be4a928cb18d199a5b412fcb768742049fab1ee3a6942aa37c7979d4cb2511b70e35841feebb3dde6370382b470fe9767e6fc421fe020b93c878aac9a851143cd609a86ce6affa9111b48937755ea62ca4bfcd390fb44a16fb789d1f46b4ee53232842d24b780e2c0236d83f5709627db5f5845378e05e56a94e402153829ecea173ee429a896827e65a6985a71a60a05f235bfd25b43ba4240df9ad12c4035ac86ca499577fcff8fb8e66c62471e435042dc9a4fa4c7a404b572b5752a8cbc3d8d0a9b243a612c74e636ad3f0c98c4d77f4cb8136d367edaf47ee6fd82e60504cde7370a3d310b5e849ba6400ddceef975ac1cf33bacb4d16c6db98bfe3c8a9c15c24e76275e9b652d696a59a8ab9e7f95eb1b959447f73306fdf0513b71dbfc375bc81eb96e751151d3cc5a9fb0ced4165f6bc4c23344f2c7e43303561f4b9079a94414a4a1a378ae9ad2d577c4c732dfe6c83e7bc32d1fd97905e6418b04b302c7387c8ff24ed713368aa72f4997b06e446a1072ab5d4e1778a2e4fcdc412037d9e8fd14713eef6d4d5897e697c8f1c4c1917c200edafe1ca5b46800cd2f57ac61c35ef6a8a279c8f36a287418d411ddee74b4742d750f58f38be5f1c1a9df11abcdc31bb852e3d5735d946ad65b60787211b33195d4309b454f3cc57941bed2fd11a51b5021086bb6d9a63258c949b6f7aa1f295fc7e8c89f7025f79bd81ba5c4e3d55514f97b85a7589bfe13110c6775cb72a26dce5a8c77ab0c279a67f4634b5d26bb9100a19c74cc14ea80dd24411cc85e4197f2a97a6853784e480a3f0d075d37d0e1d8f1a99c76ed1d70e7b6cf80684b10482ed085f2d4950c4edfacdc07b2e1101568e132d6306e5a62d5fe64f102a1be392a156eb0823cf84bb97b09b04355c4509194519a2d13e39343271d79f9c81dcdadc57a19e7dea82a64298c4b90fb7cc91ff547af1d095262987b5480f1bfa298175a029ae7d6775a4a06950b132b3456ee997cdce8fb7b199c093756e35bc90122e7c7d88995bd56c0729e5c9bb949b3143ad6339fc0e3cf7e33f491cf6de8d59262e7058806e768044f13ff8d211c29ef80cf3402b8433bec1af84014889cf919afee3b1c8228bb519f17029906d4cee2b49139b6b7a5eb71e7401b5fcb5c396cf51f83724ffaef85ab0c792606904cf5774420a961553c4280ec29fa99e385b3445f63287429a80cfd791ef690aaabae5b39f04b7d40abcd7598f89d462908496fdf23286ce0365f0d592d0fbc0f344b7be83b0b22ecc71fd0da7474058908435979859d83332e24bcd1618e9d69c1465b604dee5fa3705c440f558a0cbea9e9f96e4d965f9456159a428cfc80b2f1702a908d41171f0e0bb94a001c86d791a405111fc0e5d7bc3ad3e32053f8cc07f08f34206f702c864885342fd9bbc723b230e08a9b9f8e12272b95b8f0c6158b4e5b55522efc1ebb79e23e88b3014f913947735a19f479ed1afdc6c5032f40efddee224bd08759831bc91128b6ca9ca9ff7dfae1767b30e7aa44e451c17a1b7e41d7abf92aa5a7c3383ba3b69950665834bd16b545a1fc2d58e844cffe50addd0139ecb7fe26873bb47472459198fd78063ad3e4fd7218a89f31c1f51e58d729a9e6e3ac3712ecbe5aa129228b515302ddc5e43cb3596af7062cd737ac45e761faecf5ef73baf41ae5f43d39ad9ee59892cb4e35e3fbad821d394cc1369a22268b1bcf9fbbf1c169547a8b452dbbbadc06dfdb13c93962d98914698e56e0d76826f6a03f32a3781be4584ddce871c679cc6aa91cff179a91afd5d0c52a5585e718f9e0fd94ee02268d7bab8777925f2ce551f63d29a55669c20fee52b4e8583e2ab6235c56950e16f75253aa20cd3062d6a4c6abe18dde1af6ba26ade1ff7eb0e3d5b19aa1594aaf1b9ed6b4beaa4faee029dd3300110dab134c3b30d8b67a55d804f2196d89dce848502858579b49c78cef75083a26e1d8dacb760b4b6567df2d9773899ca35e8a90df4d20c07a91441ec96956fb31017269661a50281c9d487922e58e9d0996ad77f356d2d090cb9aa659501d649c6301175f1333c9574a93f4ccbb99b323a67bf8b531e9075fa36b956a3ef70b9c272177aea79b013def0558ef1ae635b60081a96488de93dfe91ac29f7c3dc265d29dd8b5b9db7952330cd52cb8977ba288f7d6bf2a5bd1e9ff6fe08747765c284418c1cf08a7072984cf5776de375448b362220d0f0ad88b79fd433cd5e3412e5249e9da72a7a2edd420f20bc5351c0d14269f2ae9ff69a92331e1c4604c3a306b72dab056c67bd4369e09357c0b301ecd878e52d4ee322747b39c4b5f0c0de677f7e60f162c87988a26b5ae3a459094a9fda2ecf42cd6e80f665d2878e904cc8a08ce74310e9adcf8d31bc9c393fca2f53aae0d1db4a18e74d20690d72b309a36ee95bbc355227e6dccd492114e44ecd818758aa4a4ccc7d050cec7b0b90ccbcc45acb9ab4f41df894d5179167609f85a81c2a1d033ec543fcdcb3d2bce40a0ad07ae809b35247b41e307b88feff8b780b89215ef677a5febc5d723619b932925a630228061f6f3108a8aaf2602671e9299924d153562c2068baf328aa871b7223d768c9b65ebaff4a0f3e47b0787ba4936a137b75a186867a18b9b27c44db69fc4fb70ef1455ee903c2ac1c1f43b3c57f8ee8537cd59da001cefff72a5b1878890967da488d68a657269c0a8b5a21cfc6e4939b937f9b8fa60cb7c5a1bd36eae9fb7c899d52c5599f23c0ec21a434f7ca6a6a429f0b9e98ad8fdf8fdc3a5094e0986e93ef56a1ce44dd6f9a945b50d837e3ebe141bf06c46f9bb499b4c7526c5b3e3ec96f00a34a6fee741504d5c6b555c25fad96ccad323a717bbd011a80b6ac4e8ddf1f9508a9db8f0b0cbc8d7d64d25fb05526cc5ef15e83d57d6f48c5bb89817a549b9bec4f3df9193bd14bf39a51d5c610b88c0995fa6f5c9a7329f8e3f09473ae9167352c85f7aca18c05e7239cba1ff6b2f45d5cab6406f213e6c595722ec5b1331ad4b743cce4333a366d6ad758326cbc1fe545d70c371371e1d7f5418c8f62d3ff7ddaa5892cd37c7ee64e9aa9da5887c145087a9af3ea4e9e3f465e649bbe05c24ced9ed6b90b27629e7944ecaa1c7027f4f867ab69c5bfc4aaec25656fc6ba4c4ef88930e7a042de27291dc5b5bd7701db2cf80993506b72b2d04698d55ea9cb37a93fca8f68e2be01f2367a0d8196cd8199a0426602b5519e77323d157087348c3a73f71db4eccb49e4618d205919387c45ca449c8dcfc630ec4e3e1be5b74eb32bce97b4ea61ae065732e22bb4915808e14c1a6424ccadf8c7f52d607b14d6749e6b1200b40b12afa1001ab186ed66bb320939ca69859600c7ae74b3d348faa86b9d26ecf5f1af6ec11ea37dbc28d9098114c5f2fdfc7cd8b7cde980487c1b50edfe820ea749f3cb019e766de2c9001fd685a8a1d76a87f10a25f37390b742c08f07b8d2a462ba42d2a061d0116f9c48b6f64899355002dc9ab90bfbab51df10f8cb13c78919639a1a7b0dc8ecac47fc50b7793811fb5b56a02275affe4aefb8225394141eba8d3289c4da2478ce454aedb5e780311619a8fbedb3039ad46c2720cd612e97a6ea4958d1ac8fa47c25dd29ca4386f9ef3d602a7cc0210fbfcaf6b12339ef20d9209e68d03a1f5d94be0312c7733169b1b41a618571bb8ab5349278cfc03f78fa93534e8a54cb0747b218bf1fd6cf01de8bc95bff9df9c11be60096c1044686e7030ae3175ed9ea9f97fc06ef62944c4eb75ae84298f809580528377a2e01d449e0172a9d840a48c485b14b4d4b2c71c142e7bba61224ff49fe3c95de324a3ddd41bb8db435fa2695049f7bf30ebaf69b384fc4f17613132c44539c83da8bc36bcd6da3e2fb78b7bb3714e804f237496ae158dba70a60acdc1a2291d9e45cb490e1a9e15a0cd"]}, {0x260, 0x1, [@generic="822cd478e52bcf9c390fe50983a3b0b22d9b47ef2b793b492ede897cf83b2c9548edc3736de6c51d66ece317339f0cb1e566aa1e3c9d816667df0228d98018af7fecab69a4aa38bf0e4f1b588c918cc6732ed46ec1427b3a650eb92f3425846de42bb35c2f4ca990a958bafc5524bc3ec8ca63d9bbbdd18603ae91ff71309983bdaeb5d92065d27ff49212344812952c3baaea45cf5fa550e9dda7e4d896150f67451ee42de7242a80c480e0f1f1f49241c6d4dff279460e3f7d657990256053045df989bcfc3ee195a02780933113d702c92d004ac95f9f96e687f324bfc25c5686276d8783034853b9d7333e4c30c25137a0399813d35e2f75204ed29acf", @generic="a8bcbb73c81ebcfe4cd9d856a901effebaffbe10cffdc73f2de71f7d683c219224da442ba604f5bf9d4332152c3c21f9293b04031f67c416c871e2f81ed2bd5dfa2c3ef252ec698f39020c887b9bd4b92eec554d7e615b5cf262e570e63ba2d2a6d78023dc0af9403ef2dd7ae7f679bb3d9cd79ef13e1dc320b54417818fdb6d02d277", @typed={0xc, 0x21, @u64=0xfffffffffffffff8}, @typed={0x4, 0x24}, @generic="58b3dd00e0eba04b6941f85f902ce03c9c63481573d61c5913261130546d137f833f33c5fddb36dbcd385c028b4f8669bf15a162f82d2ced130b8dc52a8db0d446f9f272c5363f0e24bf750888a51146d4f86645b1268476f12cf97bbf86a7457725e96856ac424f1890977043727e991ceea74b9a908f80fa005dee42299fa0c020ea69687195cb4cdea15e19e3c2a1045f3be11100028143247628bee6877bbc711d9ed2b319ad2235bdd33fa39a48f05ca2c5754c0cf001095c1c7e0587fec7a931131724e9"]}, {0x16fc, 0x1, [@generic="7606952214d6e9c2d251bb6c0be882bd362e0a1030e33c2eaa829dbb572b01db545451c967f5858c3f6ff915fbb330f88a21121d5ff2405af1521e727d082751bf9a9a5a67f52d219f435c26055922712c851599c46750c077611c66c6b2cd23665410acdb", @nested={0x178, 0xc, [@generic="ce3225d2431875eec2c7caac217f253fd6d8c0b9ec7f303ec2d16a8628ebcba44e9e9db4788bf3dd942cd650053b710cea6db418e90c4b04", @generic="ba81cc7e0a2896a3c582f616776447d87124212181f1205600a269ed213533c8112cb2d4d2c51ddc4018282cccc3651449553a1a57b575efa8d8b25dabb5b2a512482242838f6e0e63a5cc98185e393e6bc9ee4ee33572280677fd81a8f024e721b1f69d2885f36ed244a7fbc406fdf8c061cb86c6ef4b5b4732290d7833aea204806ef472bd4c722487c4f0b2ca31c1e67e8bed3204129dadf11820", @typed={0x4, 0x60}, @generic="05a1c220661f4697144ea76c0b137fa5ec9815525b848ad382687ed6a087494cba909d16a28f093a00323b122b6834641dd4753682b81ab32e4d6acc87129f5d301fad72b5ef6ae32b357a7fda51dcd408506a492f632c4ca1605780349c293f1102b7177888ba298096771c0d859798786f9174c68430aee7ac7ed12b469b5c60e66b72d636ec27dc5a6b2f2215108f717ee9ea8a3a813496173b1d"]}, @nested={0x11cc, 0x1f, [@generic, @generic="02eca7809373e3b2eec8bf65ca4c3d265f11c8c698e7eb1162bab36e9098fc4169b510d6a4e3dcd507ff7a038642ae85d6d2d703a447ab4be7c74f27b52bc7b261e7ba14e367b527173eb2e788e809b109999c759a4a3444d42787f00e3e7190cc5295ace6fb6e575d2f2b4fa203ce4359b89cef50ae506f36d1aa87856527d7ba483d960cd58c298ab31256c001c4224559711ea88f556ff3e7b38ae06c73c8e8c4337d40c0fc747bd3780f12db10b04a144342a19d4c6a6dd10fe2314fb3f671035c7e8342", @generic="185102e7f2f8b2bc495f25fb855a40393e9546aa6f84bf6c38beaa76da1f3150f19bc20191767bf820a8ae08ed239e5539f0c5ab8d1e03cb5407416b0278a89e1c75c1a9e4e2496ac86e9e970ad82b8b60ede0874b3d5e7c60b432b4b91c1fd973e66542625e191da9cd380370a642e95054b51eddf724747fab89614ffc5df0f910726939bb35c0c58c86adfcc5ef668207a1366b1e7bd90f1199f7433a592bf5d97e8e36c464ff9f973da7aa026c501d91f7d668f3199ea0eac6fcc8e2fe113b52197bf8237449decf0286bea0bdeb70329d44f305d7bff24a8a3fd53e934073b48c856aa2a349bec16d1a4562bf94e2f3bea72729b81d5628c3e78e3661bdc95699b5b4b831cc118aa5cb3dd2cbab73a85a3de72434c5e7b2948a1859d076bcf7b0f9d9bcef8cf44a5d07a7f9cda406e105a62dc6f0fad3718582103e8ee7859d1c124dee768400f030807d042fc017a42feb297b5965784d063610796a9f51e51d8f6ef7bc2fa7a74f8e14a08792b0a9d28d1ebdc9493fbedec775ef902c748bd6e9b5f53341a99fa82627515e51e525ea2c1d00bd2168451ffa91aeb4b825e8d2ed73917d8da2d6a981e3559c13de6369168b772d190f753b20847f0a6bca21173984edc9ec76a48f0da813cac56162074542aa845b04f3b3693ce6b7fb9e58ba854da50f715b67e5d4731a12bbc764c2cbf6fb6ff6df6aa768889dbfeec03195c1756a8370b945787237fd6c336850dbffdc8b727a09a8977b57675d7fbdca685b0209698d37065a23df884db72946d71c6ca1a5b4bf718a1e031c74a01c15f3e0b6dd11053e151322ce7bac5ff667cf6cc544607ae07e7472ae12d548111a8c22e4dc37a3c59d498c9150b3a83597908d142e64f4ed521e29ae46f1792d73ab63039ab5e9f1eec7cceb1345ca1c3a376408b8c18748ea0aab9ecfef7ac7a7cece0f666a859007dd2ad3bc3915a505701d2bd10ede42d48a639d022f10f944a6cc74a595d7e74879acc6c6695bc08040f531a8624897ff05de0a0604c3d6d3cc4100786b49e88ba0af2f2b4c3a033f8e26a3c97e1f82f55f290fcc46089545f3f98f5bfa0e8d1c12526bf4eddd7fb808feb58f09235b80424155350fa78581ccd42251d450490b2e561b1453cdb15a0e5b61d9c95cd8c145306273c9c06cb5cc42bf10eb63752c8cd080c3b15694dabd1b0a6ffa672d02fda159303975b5901c8324f71072058649b1457abd49f16b57734618a11f555a2762e661c66f9fe591694a03ba583f4b5ac6227beaf75a3319d82af494885a7670d80a79faca67394c85527e3cc178786b88afce90071ff793f84968cce2d3973eeda43d5c8bfac394df15e801b68591639e032594dfbaccd1c5893eeed596c610ee9c57f2dde79669f5eb65ea0be740262d306858eae8c000e941be9ad48f0885325de4e47223d52d02b8215721f52b76427eacdf256cfe5c7e71bc750a84c93c96d17660b7ff97f28ceb7e7c7fc7ea8eeb551ffb71098dc60e7fa6add943fc756b3dd210f1266ce05c01714a25c4bd96b84b742f90242f81c23e2e06cacd1d95146d40b171882a9c32858ddfb4aca674349fc663a1c6918ff90e96711a1a9d01a019a2f97a1359c7597cb0a5d825b07d07eb3319f0b67701fe0befb77acaca695ee2971c060d4e14d0b63bf9d39e6e993f53b7d8f13136a511c9b3f81d3feceb199a8516a121ab1977d4810c92801c23cf3d57e691238b50a80d79ddef09a4bb11e4f59fc252662fd45f3f27dfc35d92fb01e1210f171efa71aeacec32f6f2ebc4fd20e32091b78f0f50ac442adb6c3259ee97f9897793f358d4c7ff99f67f8f1444adbdd96912cad12306935c52fe76035d3ad221373f8d24354dc7147fcdc999f15ae3d244d6cec786eaf09564e4aca4978a0d1431b49383258090cd1a23e7a585917dc4d61828101d383d94e7df6f01095a1e312a902851c28fb13b35efe7c96aaf6ee8239266b24ae3e7bb2549f31cb56d70abd521b52933460d7d996ae1df7bb4f385a682b9c00ef6522da6569bea2193edb0e0ca691e3fb1a327d59b0ff26f8c2c8e824ebaca08d925fea3899e309457ce070d791e608f75a062eca87f093104c68676b5f49babc8d11d3a636add8cceecfaf66c3f5ac8f4c8825533359c74fcab894863a34df0ea6e65ab617a9b928d27021725afd9781c8f17c21959d6974a23f44d0c720841d57e852b5a1e933ad98d77a53bd7540f12db2a2262ec125a5017b9b7a13578891f59af54a5fbf9014a44cb9345bf108520bf7f9dea170a887bfc30e95eb74ca57da185f99165665164b7e9c3339699cd9242c25e247640776a121dc91c1d14d03e0f7925c3da3de966207876eaa1e558f7bc2bb79bb431efc55e9618b67eb69a7e6bd13b30232c54aa4518b42744f8ef15c1204a3c6b092bd20576da7cfdefac1f654fcd4ad0afb9d22ef3201147c8607af33f9ba42ab8d38ed2e161d5d39b11344dc61269af6a3d4af57cfe78b3008a63439be7a4c14d75a8d5fa480a3cf596c2c766f0ef7388534deeddbfee756c01e907ad51977b1521a92f49ae319c835a85ae0f34e5e9972e7ddc477f9eb480811ec58729e66b0288d99ce0ded510369336f19f87b45deef47b5f2fd7b213e32476524fa1406af81ae56ad68322550fbcc94b9aecd04305a1820574c3dcb68b13a417970588a5aa130f3e21fc8d04baa061ef95c0d427d47b4a8b4a5d5640536297528e47ee5ccc97cc38654e44b128d0498d200f643f4bbbfcd98f4bab3aa3362b4b85f522d5a8bed26f1b30dc3862302da9a900ba3d756449042f0703cebf7f5d5a9a3fb5143b5e27bb518586c391ab483519888fc0df254339a80317fe06e11eb2e730f3492a1e30d09bffb839c1f7dd90eaf1838ee2e06359b5c5b2287ba639e99d0200e1e21580dc702b79b87d4626e7ab37efc80f6defb13cc2cd912cf9fae79bb7b3ef1b9cf40453fc74396049523b00ea93c4f8d175d3924c1d2fd92b5bb947d3bc51d2eaa004a8937b0003ce93dbfeb11cdcfd8641e881fc32fbce2c4be10eb445a6da50c576528036e5f760912942f2231bdf83a186e35cd3e114cc7c8b12f7ade78224930343eb93cec973bb47a73442e85e16dc98ccaa0d5437488fc82b0a266ec8c6b82cc3ee02f8df21d8b144165b88270d75bb324fc77605f573ef08cd77fbb5df7667cd4c24179efd8ed77f5e19f2fda17e9f313c266c1c896873edb43dc0b0a584d9525e81ce99844df0ed1754209ed5634984c344b028d6b8fddb265d8cb9b5e6d93432c2a2d59b0c89b7e7d2af9ab54473fd82734219f73a66824f61a79b9d3fd013119569a26147c0fa05671e2c66917102cbaf74c4c48cee23a4abe039a1a66f1b9c8912c59bf3c1aa364645a51fd87dc49708e801edd5402c952c32fda7b58b96b298b65653db5a16f49eddd4582c0cf6f035b66616261953285e26a3b81f8264b86d0a754bbe1b12c6559bdbfd84c2dbf6ff76f33fc50be9e89e3b034480b21bee001d1001942ab4fb4d2c0f4acb2cf0a0a48d0b843870b6ccbc059c364b96b7bf54811766e508afdcf44b76ff6bc1c5238c787936501c1e6ebbe68ac9dae3ed76ed4e3c6517888351f4887cac7f1424fd982505c4cfd2e610edfcde70447f7a61fba6e0558062fe9564d2f003b916e13701812132f5a7c86dfb0d0dc27196f9844605ee612d53ef121041cddfd7e8d42a109b4bc1132ff1ed4e913c5d362d70ba04716ca25476e0a6338ec19cfb5c34cec405b9ff8590c4aa18285b26fc48a93e50862f28d580781c5d3c9fec58f24d6444c5b0503b7612c9e3ba79c95c7f096b2996ffb9512603e6ec56f7198bb1ce82e84635d00405efcf1827867b022d5557f60345861ac3bc06c59bc1452c01ae4eeace495ce3a2dffaa1287dd5c11eac26859ced9dae7a62dae89b893ebd2ff38ba1684e93f1f7005cc3766f0903aead58f156eb357ef85160571afc6661a68efacb2597cc2e4293aabfbc4f34d9430227f67846dd7614e94199150a542c76cf41d7019c5444882f75901ab1676a8663054f9f7faf097505e25ff8af8b61a3d220f0628e56d41a082cd2c0e751b9294655f9a92098b20146450eed67a0a7baf1b46a2d4724a02f9d3d33ed43a8762f8ef77099a0c5883c789659b3dea09af9cb1c81697e698e58d0dac4f8d9dfbd6b03e2cde626f711357b79e810200b3b5f4bb8e0ee5a8ca774cbaec726f89e89a74d5794aee12892ae3b3515be475ff8c7c45e3ff8f01ac74758e938c24377d0c3b44705402124b6f9967dd77680aae1b70ee2ddebb314b601a3c0008c54a8c022e7609616b30caf04be55f89f74f3ccdea4accfe596b04067e1ef9b5b5e7c197d958e18dc272cf6e33de1d6cf071b61cae3a7b401fc7f4d2de1a546364b56eae43623c3ee67815df46523c006191d2830aaf07dc8d6d0cc27e4c1c8eac2896f4e19c06e2dc8a6df586bfcb54e6d6765de27df7afe6ef06b98113442ec5dab20211bec5b4b82c8879ec4020f24f0fcbe57668f7991cc956c50a973a366754f36937d11216fcbabbc7e6ae11b91d7b1c79196137e18a83a260323ca0b246e5638ac194f294c90af03871bfe3d88c2f3fabd75125c4dad67b95658545e70e443a8a20614e46e20c69b3f63b525d8af9b691d27f80db5915c9ac9c27a385140dc29ea233878dda4043abae88f17f8a5e05a8fa4d0a6cbe7b8119ed3d67c7e1a772022359baf146bb173fd6da68b5da08a7ec7cb805d61380acfd5dddf0954a4c8390df16943a29faaf9b007ca41d0740985de6fd78b118259785d51299a2f101dcbd5889b4669fd54c91d883cdcc5502430fe49e4e606f9f6e872022bb8058347aa67051d57c1dbe40454daab494d408a22ef62f3eef8a0c751b613551cc18b5b83225db52ff941d60b7233096c53f2d6f209b36d73b0c59fc5c4ab3ca103e290da0ee78fbd9eb15b3b6d4931b772c515112961847d717130dea1c44eec8031392288b5e6acfd1235a431edb2073c107f3c73bf877d62d7af1e6c1a27aeffb76d076dfff4df33ada3911642ab8b585c7b3b75a30326d26a4c790569afb610962e87a8e6397e88f479664dd3e895c3dd133ee5817593a02f33f8cce7a569ced5704d330fd1c07e86ef036653b5558afe868048efcf54f6b656ac9c7008569579352b6c3f05ee3f1e315d37b34ac80f23ddfb70825881dd193ebcaa0d24973a426aa1c58d61c00d33efda2554d9fabf20e4118d0eb91f54402911e6f921e195a32b6e581226e25579fdbcb6dad45c36deb48b2d12db7e06c90dfeef33fcf42fdc62240cc9229b3c56a4f731c0608b0f6a476e02ee628d2b8f1cf34da28c1d151ee5362c16bdd0003af8cfa3a3d473dc7cf09089182e7879937f864ea591197c8b4712b984e0f6490d942e884d35b985b07fff9e817e0d886ed4a7b5e04dcffaaf942855c5cd4fb7816dd49404a638790390ecfdbb43872cefaed0bfa131597a0785b544f965e3b466cb725c820c7d186a3f8e752c1c8752db21b8c6e18b0695662871a38068acf9fbf010942c8801fc75d3c4d03de5d1d5f730d0310e2fc8e2864400310b316dec8e8d3b2950998237c5c0326d46eac2f91702c5b7055e2d9f885af203f6525bbfff3ada19b03bf1569e280ade309e3764aff25b0edf74036d53a98a14c958447c5b922b862c0fc145530c616df1af2994333f17fa5c79650e5614af731f462469109370cdf9ebd95e9f40d4992004b571c78baee2f9c095fe380012ee3f", @generic="4f9ef1ba5811e40c537d50c627f891bce9d259d9c5ef389b168b8de72d3e1cbee3aa42f0e697bf9510c0be89da423fc0e8600f99e3f02669b22619a2e368409a6194dfbd72a96d6af943f874cb77c7bb6484378c84300c358672ad8e690b5034f66d37fa716de46211a29d15a7a73a164674f67943e298972bfd7cab0abb6ec64f5e7da31aa3f3a6f6c42981a79fd29d1f875a22cfba6857a813f4413e066949e81a69196d5ae82b2608a2e2d24b491115abd74b2206d06a8b", @generic="e41fdd56960d2a0e58a883274a4f1a0c6d4a355eba173d38aac34a03aff5d2eecfb1bd5c840d656cd3573986f368a2bd2d3f9a6593217a6aefdb817c8a0e99e7bf025a2f6f844188b7"]}, @nested={0xfc, 0x93, [@typed={0x8, 0x6a, @pid=r5}, @generic="61e0041a3950fea3e3858d7b49bb6aabdbd7f8e47d04acde7a46edd546ab4279b8b704b26d56cda35943b032d05ce2d419e8e2854e8b26f9b10cfd7d55c2c0d550930d85c23eb6bdb485102e0c7794bf099d221747416793f739f862e2f65fbc841a09fa1f7b5b9c2817fa38ef91e75e74201d1fd5741efa2cac0922e68b54386892e4dc2f4dd3d2963688205ec559446aa0e04aa473f04f5398ac234a7e454402253f04d32303463e509bd22fb5f4d486663e383e208a0a6b4b81253dda37c4ebf5408ed12dfa10c4e16218d891abd45f49c56aca00f6c1e0e56b991088fe9a9f6d3b2aa5e03120", @typed={0x8, 0x6e, @u32=0x40}]}, @nested={0xc4, 0x51, [@typed={0x14, 0x43, @ipv6=@ipv4={[], [], @broadcast}}, @generic="672878db60939f5f54b792f9adc26d257a3f4ca5f1cf56634c1e4fe00ddafb1c09056799fd73025505a36b31ef7af81531720aa23a963297797702d32575e77ea9a8aa6cd274fbd9cd49426c3e6d293677694b8e08af07", @generic="b6c2d2a422b6471d93b3edea45e50ec341b9dea0302b49f254dd8fc943de173e2520d59aae47b9bda01f690c3c82594444c4f22caffa4fb1a19b51b788d602f1f0ad53cb85958bb9f89f83e76cbb2e43bbfba5"]}, @generic="4433040a59db32c780cf94cd28c51077574b451810483a84a323b823a11f41da93eec86232c5b22c1cca83c73de55999134577b85e31764bbdea3addd0e8624efe164cd9eac981e20d9a38494541b26cf3c1c12a7f7d7f7a4189a0beb42d8770db758de4aeb7cd2552bc5a5026ec5dd3b99cb9b694cc51d3ed5ab837", @nested={0x110, 0x45, [@typed={0x8, 0x12, @uid=r6}, @generic="f306f0011cbde8a9d0df8aacc4a623729ebd52d6beb6f9d7d4114e622f0b0d5ce651be418b097de69c6ffe22462044b8e93e5173738a3a82044532d5d92c1bef3c90243ca276985b83974ccb25e2a7c2f937df5472d06ac06e03edd4b9e3921e1ccd3be95290492a4219a6c3f2befe4308e3453ef3ea3676fcf1645124dfcef92df32cd9b7b4b31a48e0ea2f21485d1b0c1bd9acd9826779864534cf1307a6b5017fb476a612bb2a9e9c39847b8c8134bd890e860d0c86dd37d4645584180b548b4d581b5d8720787657e9024ffcac788f3e23ecb99646d8", @typed={0x2c, 0x84, @binary="f360afeaf77326d7e45c74fe7178824681bc98773e4d562068ed0b15b49445a2c70c09e5736dce55"}]}]}, {0x1214, 0x1, [@typed={0x8, 0x8f, @str='\x00'}, @generic="58650c584683c7564f4c8480241f52145df353ff6270a804a19e4e66059af0a1d69820b92399bd8caa8362ee8250b4764fd50f705eb268b392f761175e17042b41b99d99de809043794b92e0f9a037d84f7bdd68eb69967083febcf7b2007260ad59b0dd04e351cc25ff1d941a62c0ee4642e1ed23ac116b184dae5262fad4068009992e84e074515f9d9e053162c838e6cf20ca907cb8f37062ca729751b65894d80763f83c620145092c9caa02226ad86faf604ad2d55be22544239798d0c29d02139736311bb2f7468ed9d8216c4a99876dbc61daca58890065d8b949fe3ceadf3615d3c0bc5cb360166a1fe6755599300b326eee234e", @typed={0x8, 0x8b, @uid=r7}, @generic="6e411a86853d14c3256bd584b0a07371ddf7d8eece14872050365d03bdd83f5e9b30267ee8c6e973239aa2875d397e0fb76b2c35777f2e964852b959b5afb549c12ef68fd80660c10c7d3de21937028cb8ceb2863a7e87eac5d1ba54b10f0739dd4e707082f47af596ed22a33f998957171fa7f3c31f6efcdc5f3c35a7bbc447ade69220d1a6ec40f17e1753a6d26e08c5a066b50c9fb3b3e9ac4af3dcc3f2149dda6b5c1b879706a601", @typed={0x8, 0x38, @str='\x00'}, @generic="7d5a77c502349ad9f83ee078baf2bf4a70b3434df45fd0c9f5525f66a019ac8e1372635a7fcf2f12210358e537c1666cb74a9149cae2c16c9d4857badaab1e481687fa3b7b6a2a15088235cec338", @typed={0x8, 0x17, @fd=r0}, @generic="113fc07decc271b3710eaca400235bd46affc6b271fc1ec1afdf493f95d7d6da7d7c9f51b3f589d82ee729254688f52bd9fa8a33e3feaeb5138f2f31978588d3274ff5e45ea644d3d38d2f9eb826ac0ae310798d7ee95a6dd65bf3ff750dd4ceef4709a2ad9e8e537acc26a2870ca7cc95f7c8d390cdaf4513cf2d09d2235eb212d4da6f40cac081c1919f39b267a9fd78b531ea089e1c7f1ccdf298baa5150f3a18b6cc659beaf7cd45a85ccd0fc5d2953ac89cea72296be3de50e2ec3cf312e6f9c48bedcf502794ac92fed6fa571b974d7039771e902a56cae299a2aa72bab07910c9c964f4ac928fd30e5d179f6ac293495a7e92e85c551ea1af4dada152f86bc54b162cb3cd2581c371f404f3ee14aac72e3a4e9d3c0cfa0e117dba6c5a1155dffcc845bcda1d623f60a9b5bd4c2f17acaa8421e3ac27fa76122e04ffcf6108f45f6cc64808ac7523badc05c6a359ac8d09a884111a57842ea30f961e85f8b12401aecf1fb8709334325e113dfa4dd80df216d13831dbd706a5b23f78d4010d76f669d91f689ec87fe25294525541eada3a304c47fe64dbc8a2c66a365b83b234b8d4cd6fd7d4cdddfad298f38580bc0d31c1fb890d9a0ddf32b4e52e6dc559593799c7d166a18b99152999228533b8a0b0cbde4d687b3a7f00079c9abdd0a4ed23ed60cbda1e328ed4ad3f84dd17cb01a7d06f661555d1c7c8716fbe93f17e9098d7d80aae5f89b87ba78b8d1a0cea2b10bcc97000c284528c6647635a8f2d565541acb1f8bcdb2a203281125292d2bb4bb412d606a40023acfdf20c7827da35f5c00b1b1f2892248c1bb13acd929a87eae11e39d2858f904e8c5ed0d8e31a2979cc1a38832803282ec66b6a8985be6496fecc90ce98bad2c90a35ebbb76ec29c0e8a0aa661804fd4c2ea76b52ce8b405af4188f32f7cefa1668db6779a437ce39e1751f1b8c937981c97274196cfd40b2a22f3b4632c7cd5207a667e3cc895fbacf504f03d9c1b0663e5bb1c4648e2cea04480ce436cf946c38884c35590d27e07b8c600ff91b743268b0991372028ef5c10ae0e7a811cb4979c24fbef6ce986643ba67345afd2e95d8364253cdba1b7b0a0144ed8cb06ca5b79a9e7314d07518df0df105ad55822887be62fba7ff67cd74d2d707c39e75cccba53bc2cca29c85b0a8bf6896780f81c49d5cce0b7035b487a968713ec9417239bc03323957e59e1794ec5e5349008553804de482aa4863c86a57447d3715a6e932c57bde64bb2cdbbba7ae31d81b7c7ec7811ad32397aee2cc4dd1618f162c512d77cc5ac3ebad213d203ba81a88d61c2f7fc126314077bdf38f779fba368917e7f86dca91ffef81c1e8acd966fa2b6445a0b4bbda7c768c07812adbdf6662a6b72fb2d2db8496c423b0abadb6b2e7008bdd8e1f3348582cc38bc4eac2bd3a9c9f0c1dc6a7ba63c331e1b4b5850b9ee16d48cf7b03ff5961cdc80242392fe27a07a308ad27f1b442dc68e67926c5953eda1fd12cb48141f72c756d3f2d5689c4227c33a09422552e40acf63a5173230c4f83528ecd4a6cf417bd143a5e4180f082304e4c9c090d8c9158c8faf644e8fec6d6101c6467a2678795afe2a5d667ccb6dadc12d9008a1079621320a7574827fc85584e99b06f3eb1c24caf5585196e8b3fa8f5081858b9feeb7563851b31dd8bfa0966e2adcccc5a10a6cb39691535ec0763dc4fab0c91f576b87ac8e9fdf482707d2c2f27fdbb12908067ac3005614f0117a1e59b6516366d9a2fd82c950a1109fe3e123579ae5356a879a7cc1ac2680481c5ee6c29cd4bde1758644386ac11b8781a07595c92ff77147c82d8124548511559dabecea9b1d1a1c3f3a06d3e2bcb0896da11f5fc4fc19fb60d92fe1d8b0f79de5394fdcd583c6f88b35fbf3a5e35ef352e8ae45f0e285407069aede65b0e7a2126348e275c4b181168f319b733d6fe086717140ed17fe478669bfc839c3aeae1927d47af598c430465ce5d262eb281db7aa6755ce88125b2967422ed62bf51fbeb1f6118fd1a58c4bed64ab6cb594b192abca001226f293fa5f854eee0be33614c80c461b9b963efccbebc9582d1890e24b37376e83af3ef906ed330bafe4ee2e75b03b963c1c2598228afcce26ad43b38937d316308ce2946047dc281de63c129c057b7cf8efec3027ee949422a2ab305652a1d5dc37ed28fee5b6ea47f83091af6db1e7bab507b77ae3c58e5fd0cefd6504bd62bdbac812a5646256ede9de31b70d619adfa6e5568f49389fb192ead27abc0c0581c273146eefb5e467bfc96ef924e1540c3ddda12a47c5b2e2b897e2080965bef5e8e52404b6d215b3b8325fa1c59f177b8f80b3dfcdad6a36d669f62d3747325c6cc705bee9380a3615216fdcfd5b608dfbc7726b9817271b54d1e45571378d51154b6063ec7cce719a6e72337493259ea6920848df71bc5f0db98c8efe84bf7699b09c6338a736f5ee4620eafc4edd9fc5b9b47d895cfb5124ce8925699b47baf7018df9b963a0c8b60dd54904d7c1cd96c544578e209bd8b45466ff68db1c77659372d17b3d651a5067a5f12f72093153d46bc8ce2ddde22abb23117b2edaffc12fcab7c0f8b59fd9ef28a3b678243c50a85adc060582e6d1db019951f29705573162283b7fc8e7cde1d1a51780c9f70748b75cd9a0d17bf9603f04b254d8c554060b225eac5ac4485633def29472c912281f3ae8a99ec63d25d37f019a9b2176e069d3c1a66e51c4cb9335fa1ccb0944f80cf1a29f1b6929780a1e12ee4de5de6c212149fdd80ebd67452d47f70c4ee23bca91ff6fba3e5220efe38461bb23e62d0bc80119456afd16e150f9e41d73a6d01d8235ab925f13a5e09840bad6effaff1106ac6f88e060e3707f46e97cfd3732eef2952629457a48a9af5926feb4618114d9a66c2c7f1ec91c63357476a2b6625f6e9ad36a8dab32b2ed388e05a8705ceb48fbc9ddb2d04930e34d015ae715595255a49f2f62d39d786086cca8a12ef508a2a82e236922f4771704cefb86f1975940bcdfa26b830e382446ed5cf1d43037ad03c3f8c9bc8b0facb6aa0f8ddd0b80fef7dd0c2b9335bb488c55522d9124dd73ad3f8788a47eece0d09c6a3206cd7fa31c5157f14c97365f420fae9d7c5966ecb796f6db2298613eff76fa8bb38f9678e6fce080969f7f4e82f6ece5241640817405136260a1c2a5829bed3ab49a0cc9757b402bc4e34428983c308a4abc9f06ba3fd1b7708382ede3a148c2a76d6ab91dc37aedc25548f1b6c44a9238a796db6f5397b3b3fc8c2e427ec5a55679d9f45b52bb3a389b581ae7e4eb006352c59815d1c958c3dc2daf3c062ddb6234da64a5f71b0271697e9a8e94cc41f8a3431bc94567d560b8d68d38489a4f66735c86c34406d7bd89e3dff22136611a7468d48e11e9f2d3390f57a6401eb0d63ff905cad1b62384ef9c8acb9199c0bda7b351f7bd7cd61abbe971b0a081b2d5ec00d38920266963b6183ee367a1c17378e5ab22d54915d31e3c5de01bf6b5d633a6408d9902e04b619d2383c84c4e81ceb1f51541b128e6da6e61e305cfff0d4341392b12db50984410c4401dbd542b1e7dce6fd3cd04e768294e356345858247be3195c5a90b2f8a91a5cc3187273ed89ea4b6e5d22855078280e8b3133cce0349964b1991f9e493d0009ffda2abd25241eb0d90cdb85119ec51ff056891e080d50b43b830ecfeb4647e5a02f618ca833b76c42ee78be5f1d8b583fb81f384e795e831e29ae22e1a582fa4370d0bc08b5cf2f2ffb325a0d9ed194468d3ecc379d303a7e89f9535861637e5abf89f0dc188f4cfa884866cb5c2d99c1688bf1a000d67e127104063932c603e6951b0b7ee9ea8f1bc89495ddacd2cfdeeee9358dcb9a28ac530dc241b42833b4d1dcae61dd0ba048652cf7b5b0e53cd8356294a12cda9d2117d546ea222fab735235123eab6ee78a2ab8fdf7534f160aa4fc4219ac18a2fb7d519ac2dc76b4dd400b1dee92465c89ca0cb9390b9811cc6bd4aa6d54185a1a77678c7c4561577d5a847430e84cdab6e8c029ba749629c8d385745df2bb7564dbc82ab9532849e3f8fa34e7f878f4b256fa1607192581fa2c59d76353c594a3f1ca9d12ef39f79de8dbaab2bb3054bd9a64edeaa489aae69ec6375aa7fa855ae29fbb0f8e4d50e3f79473f9911e8d5713163615325424e03876ac3d8263eebeaab05efdb40417e586871526d1bc6bd48fc71094a1054b8d8a8b834047561ed089436c341aacf4e24400917b1a137b464c804052372e8d359fdf40aef13ab8bbaa9d7bf17d5c9e5675403c10d64b5575ef798004813e39b48e8094d24be400e9f1c0f35e7a42859127bc33d0745e45f68dda827d87ba7874499e6e58539b20edb7cec2d30b44d5969154f1958da66c762d05d533626391b47d4b58a9437afd086bf2446bc7b897059d15365b3ad8b9b2352a3fac4d377f7d3b501eafcb11d54e4209f3bf2176e89a6ca047604d9f34f1c6761b153afdc429d1b5bcde4c1fe2eddc38ad2bebae8984115bec5b7858d4913567b05ad4ae3da76c159c8049465a1065e2017d5c18f55342c51ee0f5efa6dd3669107c890d44cf05bed58f8455da9482b2a9b5179c49bc5d4793391076851a02e3510b06aff2822110382eab549205409fd9a2b6b6894dbe90bb593e3e3441041168d81f171d06e166e13ce6555dc779f6b2b2cb8525ced09afe7dbddbffc97d869ea0304a20747a5d49ff6a9c0a99034f1c36a5bb6e4950f7ff4c64f4e3861aaf8372b8481c0af825f51d702bc8834b73f0f7620ed7e4e98f8904182a0528c069ea98baddc33c01df2ee274dcd33603cfec1b230215bf89593fb1f6289a9f5afc42ff583342546f170d9b78a7b9ab5953f26076927b1ead45e5a52a26d6cbad05f322c114765c0a86b9de17eebcaf5a602104831e9136a2a0fc94f93ef8b00b7cea1aa3de1222ad192872a68a9397a7d47bffb581ab2cabaf7191bfd81275f8709d4d3fc183e88294a23b3396d068b9bef2df595692e916950aca4d39aba51b77b50bf7da97c1c36bce3ebc2cfcdff1620f1ddd36fca48ef78db2f95129ed8f8a8a54b81612af5a53da45d4dcab880deabab94c252d64750bd96313e6e3571a44a2536533f00d2891a5f1861caf8e2495a001cf569f914b3536cb69c5a0b7fccc7871369cc266647e62d4e81913f7e8b3c865da406febf835b0a241b9d36011864d74d59b765e5df7b1924c1615526e1dcf4e432dc9d3a861ad9b42e51de6b12e8655c40847f86905ef2920282f41bdf271badb581a137140e2f3b6d1a1f2da990c6f3b029bcc87c150c8a6ce8c3abaff3c0c908c797fc2f47a7612da7b590dc3eab6fd79aa7ce1688ebdb1a1c6eeaea69b88fbc84695436ff01b93072806d06a18c78e96feffffb2165310a74a11881cf51124ec2dd986e24cc42d620a334802df982b2105016364861207d4e5aca0383fa1f002d370f7ee8ceabb59f7ae6b5ef5c1683fa74e75ad3a85b8a5eb23f6f3e6580aef80af9ee4eae32fbb5eb4a08d6dbf19ed5d80f82c721c20c78d1aaeaf7e43f75b6b920063fb1fafe8e2917d8654f9affab4e94841351b3e4c53d7b02dbdf32f44e4c7555d441586309d3001f19087976038c2f99d7e1dc60a69695aa125e9639cec3088f30a07542550efaba78a2c989f941bf39f2356d08a07a4c1c7b52f7250c22425c67247f0416de737fdfe9440d3e0e996d090f31dcb86d5ad00246149789857c2c70db9e4876c73f4a1c85c"]}]}, @IFLA_IFALIAS={0x14, 0x14, 'syz_tun\x00'}, @IFLA_IFALIASn={0x4}, @IFLA_EVENT={0x8, 0x2c, 0x6a}, @IFLA_AF_SPEC={0x2c, 0x1a, [{0x4}, {0x4, 0x1e}, {0x4, 0x1c}, {0x4, 0x1e}, {0x4}, {0x4, 0xf}, {0x4}, {0x4, 0x1c}, {0x4, 0xa}, {0x4, 0x2}]}, @IFLA_PORT_SELF={0x234, 0x19, [@typed={0x8, 0x93, @fd=r0}, @nested={0x220, 0x37, [@typed={0x98, 0x1d, @binary="ec7886de6b6e4ab41ca43803375a090ac6e6daa8d0fc5a70ef7b383fa01edc5f29f522a5480122a36d1b5381222620520d58fb4eca3236bfc1c5a2f35fde36f183f72f69e8e366c16535d2135b86260251afeac7f321681d39a3730d656c078a8d51a4426410a3eb192b0e3b8acbe9af201cd759bf5e0694db04064b42c20aa6884a436bd2d83bb238033356e869907102"}, @typed={0x8, 0x88, @pid=r8}, @generic="aa42921c7361aa9e81ec5462f0c4eede1e431355ca7fc7256ab6d1ce6d2566cdca1a0874f27bfe0ec35330193f92a7e7b108f884b7c58146a9092ec5f5b4bdc8a993921b8526cce516fa2871fad287300975d32390bd23cb607a372567314f091a5fe251f647d66cfb17f450ff99e63f54f75454e3daf43a2d7a02b473c56429f308dc4e71f9a8dfc62bd4d730a75deeed45996102ac8b11a6cff0f143df7d8690eb5f4e33610d4c3cb7eaaf694c89af70806f15b4160ab6f1b802b4aa0a76db03f99abff76cbc6021f1d3cf86bf81b1637b9b47e8016bcfb0", @generic="60ede0effb3696cd958ee2a2fbcca026c96131dc41a40dda291db98456c1f9f567b94553320374d1f092f54449d27935b553c08ee14f0359d1a3d3fb61a5121bd437b4304c057a10545fc09b05534ca15f614332549fc7089854c477a71b16f826f9772e5324fd9a4d1362f36bfa242b12fdbe0d802cfa858a210cecb3", @generic="b80a6490895f03475a28ae5ada3b6de67a597f1003cc67a7538a61adbaadc9c846458400"]}, @typed={0x8, 0x2a, @u32=0x7fffffff}]}, @IFLA_IFALIASn={0x4}, @IFLA_PHYS_PORT_ID={0x20, 0x22, "09840f534eb966c139f4e04460e1df2dc2eae95d14e9f0a920e0020e"}, @IFLA_LINK={0x8, 0x5, 0x2}]}, 0x4f98}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000) r9 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r9) [ 2403.103467] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2403.108410] ? kasan_check_read+0x11/0x20 [ 2403.112574] ? rcu_softirq_qs+0x20/0x20 [ 2403.116574] ? zap_class+0x640/0x640 [ 2403.120301] ? zap_class+0x640/0x640 [ 2403.124051] ? find_held_lock+0x36/0x1c0 [ 2403.128138] ? handle_mm_fault+0x42a/0xc70 [ 2403.132392] ? lock_downgrade+0x900/0x900 [ 2403.136557] ? check_preemption_disabled+0x48/0x280 [ 2403.141595] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2403.146538] ? kasan_check_read+0x11/0x20 [ 2403.150709] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2403.155996] ? rcu_softirq_qs+0x20/0x20 [ 2403.159986] ? trace_hardirqs_off_caller+0x310/0x310 [ 2403.165111] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2403.170665] ? check_preemption_disabled+0x48/0x280 [ 2403.175704] handle_mm_fault+0x54f/0xc70 [ 2403.179783] ? __handle_mm_fault+0x5be0/0x5be0 [ 2403.184393] ? find_vma+0x34/0x190 [ 2403.187958] __do_page_fault+0x5e8/0xe60 [ 2403.192038] ? trace_hardirqs_off+0xb8/0x310 [ 2403.196471] do_page_fault+0xf2/0x7e0 [ 2403.200294] ? vmalloc_sync_all+0x30/0x30 [ 2403.204474] ? error_entry+0x70/0xd0 [ 2403.208204] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2403.213241] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2403.218185] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2403.223127] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2403.227983] ? trace_hardirqs_on_caller+0x310/0x310 [ 2403.233304] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2403.238777] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2403.243810] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2403.248845] ? page_fault+0x8/0x30 [ 2403.252411] ? trace_hardirqs_off_thunk+0x1a/0x1c 08:16:21 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000040)={0x7, 0x9, 0xffffffffffff0e6e, 0x4, 0x1, 0x3e6, 0x0, 0x5866}, &(0x7f0000000080)={0x81, 0x6, 0x1, 0x7fffffff, 0x10001, 0x100000000, 0x9, 0xbf}, &(0x7f00000000c0)={0xffffffffffff8000, 0x5, 0x44, 0x5, 0x40, 0x9, 0x3, 0x101}, &(0x7f0000000140)={r2, r3+30000000}, &(0x7f00000001c0)={&(0x7f0000000180), 0x8}) close(r1) [ 2403.257269] ? page_fault+0x8/0x30 [ 2403.260827] page_fault+0x1e/0x30 [ 2403.264301] RIP: 0033:0x4510a0 [ 2403.267520] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2403.286431] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2403.291806] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2403.294855] IPVS: ftp: loaded support on port[0] = 21 [ 2403.299085] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2403.299096] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2403.299105] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2403.299116] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2403.308477] CPU: 0 PID: 22618 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2403.318291] *** Guest State *** [ 2403.318949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2403.333481] Call Trace: [ 2403.333506] dump_stack+0x244/0x39d [ 2403.333527] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2403.333555] handle_userfault.cold.32+0x47/0x62 [ 2403.333582] ? userfaultfd_ioctl+0x5610/0x5610 [ 2403.333611] ? mark_held_locks+0x130/0x130 [ 2403.333631] ? find_held_lock+0x36/0x1c0 [ 2403.344276] ? userfaultfd_ctx_put+0x830/0x830 [ 2403.359820] ? kasan_check_read+0x11/0x20 [ 2403.359839] ? print_usage_bug+0xc0/0xc0 [ 2403.359858] ? do_raw_spin_trylock+0x270/0x270 [ 2403.368255] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 2403.370201] ? print_usage_bug+0xc0/0xc0 [ 2403.370221] ? print_usage_bug+0xc0/0xc0 [ 2403.370242] ? zap_class+0x640/0x640 [ 2403.379057] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2403.379074] ? futex_wake+0x304/0x760 [ 2403.383324] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 2403.387712] ? find_held_lock+0x36/0x1c0 [ 2403.387739] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2403.395943] ? lock_downgrade+0x900/0x900 [ 2403.409360] ? kasan_check_read+0x11/0x20 [ 2403.409377] ? do_raw_spin_unlock+0xa7/0x330 [ 2403.409392] ? do_raw_spin_trylock+0x270/0x270 [ 2403.409415] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2403.441179] CR3 = 0x0000000000000000 [ 2403.443024] __handle_mm_fault+0x4bbd/0x5be0 [ 2403.443051] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2403.443071] ? zap_class+0x640/0x640 [ 2403.443086] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2403.443102] ? kasan_check_read+0x11/0x20 [ 2403.443119] ? rcu_softirq_qs+0x20/0x20 [ 2403.443143] ? zap_class+0x640/0x640 08:16:21 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x2, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2403.452668] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 2403.456005] ? zap_class+0x640/0x640 [ 2403.456029] ? find_held_lock+0x36/0x1c0 [ 2403.456055] ? handle_mm_fault+0x42a/0xc70 [ 2403.456074] ? lock_downgrade+0x900/0x900 [ 2403.480126] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 2403.483716] ? check_preemption_disabled+0x48/0x280 [ 2403.483738] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2403.483755] ? kasan_check_read+0x11/0x20 [ 2403.483770] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2403.483785] ? rcu_softirq_qs+0x20/0x20 [ 2403.483802] ? trace_hardirqs_off_caller+0x310/0x310 [ 2403.483821] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2403.483841] ? check_preemption_disabled+0x48/0x280 [ 2403.492499] handle_mm_fault+0x54f/0xc70 [ 2403.492521] ? __handle_mm_fault+0x5be0/0x5be0 [ 2403.492542] ? find_vma+0x34/0x190 [ 2403.492564] __do_page_fault+0x5e8/0xe60 [ 2403.492592] ? trace_hardirqs_off+0xb8/0x310 [ 2403.492623] do_page_fault+0xf2/0x7e0 [ 2403.492639] ? vmalloc_sync_all+0x30/0x30 [ 2403.492655] ? error_entry+0x70/0xd0 08:16:21 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x80000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:16:21 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5c, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2403.492675] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2403.501476] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 2403.504500] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2403.504518] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2403.504534] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2403.504552] ? trace_hardirqs_on_caller+0x310/0x310 [ 2403.504569] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2403.504586] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2403.504610] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2403.514293] ? page_fault+0x8/0x30 [ 2403.514314] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2403.514332] ? page_fault+0x8/0x30 [ 2403.514363] page_fault+0x1e/0x30 [ 2403.522643] RIP: 0033:0x4510a0 [ 2403.522661] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2403.522670] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2403.522683] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e 08:16:21 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x7400) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:21 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5c000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2403.522693] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2403.522703] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2403.522713] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2403.522722] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2403.621935] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 2403.762979] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 2403.770985] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 2403.782459] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 2403.791731] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 2403.800516] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 08:16:21 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x4800, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2403.814362] GDTR: limit=0x00000000, base=0x0000000000000000 [ 2403.822730] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 2403.830870] IDTR: limit=0x00000000, base=0x0000000000000000 [ 2403.839401] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 2403.847960] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 2403.874965] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 2403.896265] Interruptibility = 00000000 ActivityState = 00000000 [ 2403.925528] *** Host State *** [ 2403.939797] RIP = 0xffffffff812047de RSP = 0xffff88818361f390 [ 2403.957046] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 2403.965790] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2403.970478] CPU: 1 PID: 22655 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2403.977848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2403.977862] Call Trace: [ 2403.977891] dump_stack+0x244/0x39d [ 2403.977917] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2403.977951] handle_userfault.cold.32+0x47/0x62 [ 2403.977985] ? userfaultfd_ioctl+0x5610/0x5610 [ 2403.978009] ? mark_held_locks+0x130/0x130 [ 2403.989960] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2403.989976] ? futex_wait_setup+0x266/0x3e0 [ 2403.990007] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2403.990025] ? userfaultfd_ctx_put+0x830/0x830 [ 2403.998828] ? futex_wait+0x5a1/0xa50 [ 2403.998858] ? print_usage_bug+0xc0/0xc0 [ 2403.998882] ? print_usage_bug+0xc0/0xc0 [ 2404.008119] ? print_usage_bug+0xc0/0xc0 [ 2404.008138] ? zap_class+0x640/0x640 [ 2404.008156] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2404.008173] ? futex_wake+0x304/0x760 [ 2404.017424] ? find_held_lock+0x36/0x1c0 [ 2404.017453] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2404.017472] ? lock_downgrade+0x900/0x900 [ 2404.026983] ? kasan_check_read+0x11/0x20 [ 2404.026999] ? do_raw_spin_unlock+0xa7/0x330 [ 2404.027014] ? do_raw_spin_trylock+0x270/0x270 [ 2404.027035] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2404.035415] __handle_mm_fault+0x4bbd/0x5be0 [ 2404.035441] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2404.035461] ? zap_class+0x640/0x640 [ 2404.035479] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2404.043585] ? kasan_check_read+0x11/0x20 [ 2404.043604] ? rcu_softirq_qs+0x20/0x20 [ 2404.043631] ? zap_class+0x640/0x640 [ 2404.043650] ? zap_class+0x640/0x640 [ 2404.051424] ? find_held_lock+0x36/0x1c0 [ 2404.051450] ? handle_mm_fault+0x42a/0xc70 [ 2404.051472] ? lock_downgrade+0x900/0x900 [ 2404.060380] ? check_preemption_disabled+0x48/0x280 [ 2404.060401] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2404.060416] ? kasan_check_read+0x11/0x20 [ 2404.060435] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2404.157044] ? rcu_softirq_qs+0x20/0x20 [ 2404.161030] ? trace_hardirqs_off_caller+0x310/0x310 [ 2404.166144] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2404.171689] ? check_preemption_disabled+0x48/0x280 [ 2404.176717] handle_mm_fault+0x54f/0xc70 [ 2404.180799] ? __handle_mm_fault+0x5be0/0x5be0 [ 2404.185401] ? find_vma+0x34/0x190 [ 2404.188955] __do_page_fault+0x5e8/0xe60 [ 2404.193021] ? trace_hardirqs_off+0xb8/0x310 [ 2404.197442] do_page_fault+0xf2/0x7e0 [ 2404.201257] ? vmalloc_sync_all+0x30/0x30 [ 2404.205411] ? error_entry+0x70/0xd0 [ 2404.209131] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2404.214155] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2404.219089] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2404.224026] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2404.228892] ? trace_hardirqs_on_caller+0x310/0x310 [ 2404.233918] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2404.239385] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2404.244414] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2404.249435] ? page_fault+0x8/0x30 [ 2404.252982] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2404.257830] ? page_fault+0x8/0x30 [ 2404.261382] page_fault+0x1e/0x30 [ 2404.264837] RIP: 0033:0x4510a0 [ 2404.268039] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2404.286945] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2404.292308] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2404.299585] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2404.306866] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2404.314154] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2404.321428] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2404.330803] FSBase=00007f59dbda6700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 2404.335761] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2404.339164] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 2404.347331] CPU: 1 PID: 22657 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2404.349500] CR0=0000000080050033 CR3=00000001c5db3000 CR4=00000000001426e0 [ 2404.356518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2404.356524] Call Trace: [ 2404.356548] dump_stack+0x244/0x39d [ 2404.356570] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2404.356599] handle_userfault.cold.32+0x47/0x62 [ 2404.356632] ? userfaultfd_ioctl+0x5610/0x5610 [ 2404.363796] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 2404.372998] ? mark_held_locks+0x130/0x130 [ 2404.373021] ? find_held_lock+0x36/0x1c0 [ 2404.373051] ? userfaultfd_ctx_put+0x830/0x830 [ 2404.373074] ? kasan_check_read+0x11/0x20 [ 2404.373092] ? print_usage_bug+0xc0/0xc0 [ 2404.375782] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 2404.379285] ? do_raw_spin_trylock+0x270/0x270 [ 2404.379303] ? print_usage_bug+0xc0/0xc0 [ 2404.379323] ? print_usage_bug+0xc0/0xc0 [ 2404.379349] ? zap_class+0x640/0x640 [ 2404.379369] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2404.379385] ? futex_wake+0x304/0x760 [ 2404.384703] *** Control State *** [ 2404.389252] ? find_held_lock+0x36/0x1c0 [ 2404.389285] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2404.389304] ? lock_downgrade+0x900/0x900 [ 2404.394021] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000c2 [ 2404.400544] ? kasan_check_read+0x11/0x20 [ 2404.400560] ? do_raw_spin_unlock+0xa7/0x330 [ 2404.400575] ? do_raw_spin_trylock+0x270/0x270 [ 2404.400599] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2404.404957] EntryControls=0000d1ff ExitControls=002fefff [ 2404.408893] __handle_mm_fault+0x4bbd/0x5be0 [ 2404.408920] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2404.408941] ? zap_class+0x640/0x640 [ 2404.413653] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 2404.417646] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2404.417662] ? kasan_check_read+0x11/0x20 [ 2404.417680] ? rcu_softirq_qs+0x20/0x20 [ 2404.417707] ? zap_class+0x640/0x640 [ 2404.421859] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 2404.427821] ? zap_class+0x640/0x640 [ 2404.427844] ? find_held_lock+0x36/0x1c0 [ 2404.427874] ? handle_mm_fault+0x42a/0xc70 [ 2404.432575] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 2404.436489] ? lock_downgrade+0x900/0x900 [ 2404.436509] ? check_preemption_disabled+0x48/0x280 [ 2404.436527] ? rcu_read_unlock_special+0x1c0/0x1c0 08:16:22 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='map_files\x00') getdents(r0, &(0x7f00000000c0)=""/47, 0x2f) socket(0x10, 0x803, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1ffffd, 0x20) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) epoll_pwait(r1, &(0x7f00000038c0)=[{}, {}, {}, {}, {}, {}], 0x6, 0x3, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) fstatfs(r1, &(0x7f0000003c40)=""/210) sched_getaffinity(0x0, 0x8, &(0x7f0000000140)) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000500)={0x1, 'ip0\x00', 0x2}, 0x18) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000280)=0xfffffffffffffffb) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) unshare(0x40000000) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000300)={0x904c48a8e9bc8f45}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000003800)) sendto(r4, &(0x7f0000000000)="120000001200e7ef007b0000f4afd703", 0x10, 0x0, 0x0, 0x0) fsetxattr$security_evm(r1, &(0x7f0000000180)='security.evm\x00', &(0x7f0000003a40)=ANY=[@ANYBLOB="02981e54bf917bd3c2d77539f93a0f775cbbd703f73e1580888d7f3be8c85bf1f3000000487cdd654d7084e8e7aa6d6be8df2e633cfaf5017b6399908f3d40e6f85c2ea487fd63b32204e0763e971c1f2bab71cf0876d68cb267d1c1b45ed436b3528dd7ae4fd8a7030000000000000000000000000000000000000047cb6a9c8d927eb0d4f6549853b2e90755501797f602003f73bea913d5c9adfae742a1a020764c851271d969aa2bb3c4288f9e41545e78815392749e20757e334ce526fa4b8d7317f13f3287855e2514e15a9e81"], 0x1, 0x1) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000003880)='/dev/ppp\x00', 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000237fee)='/dev/input/event#\x00', 0x0, 0x0) syncfs(r6) setsockopt$inet_mreq(r3, 0x0, 0x0, 0x0, 0x0) getdents(r0, &(0x7f0000000040), 0x88) 08:16:22 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x700, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:22 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_misc(r0, &(0x7f0000000040)={'syz0', "9cfcf0857fc0fa615aa6279e31f60926d6e96f370d18700284ac3fa8fa10518f64f20b090332f856cfeb523ad2792f0a74140ecbb9e008830d269e8ec46c12a3c2a4f9da2841e6cda77852c49322189dd2beaee8ed32999b551cce5a11b04cdf49b1b1020e0a2f99ce41aad07e2d2d1c1961b4180ebc8ef6f83b9598895c1bee3335dea60b2c9e559bb51fefa3a5abddf8cac7de15426313002b1f6eafff22d8568390f05af69f103f381c96e2b467f23e0e7c23f267cb1819051417e19fdf822ea60d8e6c4f7af6ec3611ecf2364175dba5b7b9536b1a11ba2f2133eb23edc19dd734884eac092c86bd536b5d4c693d4f147ce9f214d9afe7c9404017e3ed02d21c805b071b03dfb94e14e2967f5b710fa97c1c80044a1b6e4659de3956ae148b6772cf3a547399b0de867a16e18aab0e74f6d771aa8583b77da6ff039bc0748f759d40df4bba6ac1754b220d604b46eab3919e4f64cfa7df4b81d7d3e770d10493f7a3c932937a7a82dfb8446fc436d0f3d292051c03aef1f11fd200f0bb02d7edc5413cb7d579670cfd4d3767b996f40581d11cde2b36e134756ad7991a7b9e9b1f9975040b6e3b8b4cdd77afcb4ef86d324ded93b7947d58cc9b5ab2431836d6ac24fed25550bcf98cbb88c65d3a5ddb167a35552ecff4e905e81110ad5bd93f1fb2346500778077daa3f5d5988157579b5c93d0089f4e50ffe109ee599a77cef9098bee735b6d3db1eab8e0cc41dd5d14fde56b12f5a7d3c8146eb89a724879f98f65eeeb7fdbfb1f61f7c33e56fc0d3b0e84081b96e7c8ee3184f1ed6cd2589f0118cccdd71cdd7f91c60cf6ada0c57f1ef7aba21613a9e79f6b81b1e742db39105e49c6294d07e9b2cddd0e47ba74ca05bc3a341727b92ad9c895fe2829dbfcd5c4fe73d399432cf14c2ffa3016e5b97e21453ae2a0059ac1b94a0b7b3beedfaa1303acd2ae33f8098cef36ec394d840ccb0f9f608b09e65e8dc48f15ffaa7040571c2c86d627284bc987ce5d79ebefbbe18cc84d8c52911617a4b491703b8221a6d4abc98514d9a88ebceda625a11e35f4977901a2a0e689a218adef05e848f65232e048d86be7e19670e098a8f4f1eb7157068c618154938a9862fae7ebec814d5f61ff2bb9bfba4bb02e761800324dfa7f00a5aefd2f0a85e585dc2d30968abb8e34a2543a344b7eee2f3c804f419215f27bb4a15d1d9674b30fc9ca2020863afa8a5c65278c7e1ec7f3c091bff7b914a8653470a7e622087cf199ae2d43055a30d3e4f6ad3440bb53400d9d1fb36e804a812b513f43308d0ca389a6b32699c9dcaffc58eb28a8210590f52fcc8c2f0fe3aa8b1e2f0bccf0fdc13b8030f14e3f5f891ae26ac22ace51fb5f08d13c755c5bcb1e78f5fa283b8589a54a3f2c2c72b6062f59899fc97ed13ba996f20d9e00d10a8cfdfa7fb041a8378b42453a943a0005b48cef7d5d386e66a65c373535890ac75ea0a5064294da89166f5518efbdc6a7c385ee3ddd59e7d3bfd6fe6522d77b2f56e930a2d0cbf80b08b638b366b3fbf6811d89a024e01e67dd34c98d295ac42e83f3531c3d39d888a70a7959cd80884ee8f15347d67741f5ec27de1e06f24df032302d3cfb37b9393c398b4e5ca8ff2741308f09dee647d2eea7ea3cc80d75c6baade4dfb932a8bf13653d21cc3a4d229e08d0d10a3d83ba434f25d21e446cf2c3a6408a942ad2ecd2d169ddea78d50cf89208e2d8aaff457caf4b36ad887477b1d30d448ac0cc7a243b05a70174d02f6461a4e7475836b59f8b04be4e71ad99a635f44a5913894d7697769d21a1ada4b9c0f6040ca0789570d9c75106a3da6090be724e0a22c8836651cd778d52b6919d86c9f0cfc9623703025e10f97c86133416170455810e7843fb58200bf68245b56ac2d8308db89e31aad56da8fd2cfc99210312433d8d0d6cc57cbfe05c3b0c06eeda35b2ae1a71319bfc65ca248715af6a46e7d26fd93cdcd713606b66534c1becf0e787ab6630523d6cd849dca9a5d63e5f998ec36c24001f3d74f75642171af5e1305ea761e44062a7cf36bfb502c3fb256746be4c4d846470ac0d18cfc958eb32bea95b1e937d91c823f193de097c9f792beb559b98f4a9f25090dd5b586d5e084effde01da1744ee74274bf5fb80a4a5d57453fbc05c53b29d882a20a9f1915e9c6c5ea37e7d4324a5ac044b38c2e9cbc3f50a61b315a1ca1591652df443fb809d1c5c1d288c388d43d4e81ed4099380f22c54530882422f8b83b082b56dbdb6e08226bcb70f3509f721dd010f43b0ea731ad9c544e176e469a8a803e189899f614bb2a3346aa3fab249ea2399adabf51cc98c3730e187b4eb2390cc4b9a9da82341b9429912db3c3637e796a9364c8ec1b280b66fe68af0d28c44d32bc35fdf837aad2b4958c9ac67cebb84c50a6e111f6a373008eeb9bb7450bf0d9ef31643fcde87b338746383769e5a0802f985282df663955acd08df25ccf1bb1f390ba9571132288a3fdee5bb5e05a41606523ec180a89d14405565bbae756d94035175b012f70d3f0f8126d0e2f41de44f311cf2c73f4b764fe6200f1d811144cbcbcba46df44fdd6260d7789d05dddec751400b5de9d6426392e08eb7a4188336ae7ac84a630af39386007dfc314928eb61080ff40b74334f85d32b98ce81bbcf39b4f613926f351da8c7ea0c8209949ffcd7a98413350a85371a8705ff7bc120769cc5e62cc33b334098ad68a9a30061b1a2fda44f3286956bfc482cba2c4b14f824bf4e6b1fe719bbf899d0b8416c4cc67223c007ba970ed5898cc30ac88bb4e5a4c4ce84a862a4ea1f8699d7d4bc093afd156bb7c4900f87c4efdcf2a724eee96db0d95c93e89839e128027596925d98a5381b7e5628a97d52dc12a01dbf0be7839c68e28cde77e7259b7a6477318f29b8bb6e5e4492a37f2e33e9b2be75cf82f0c54de5d3c807180912a3fb8b8de444f6b6fa098c448655b16856f95e4a3dcf9f40e95ec3ee86520608daad9f9927db83ee1b45236647452488a81ddb3bba49fe756e988af176732a7f2fe40744a49bfca900744685d7e8bd595039764c90209af406a23cc243137bef7023d38554a168c91a3a34467d62cb1c5eea5f10be17922524610641bc9e621e252ec970fcfe6b3f9913af005dfd25a041d39acbf6ec28bdd5643c253b0887d276e7a47537aa026e5106b589e958d6421666236f5ab15d3ecfae51d66c4cbdfbd6729cdd707daa20308fcb7a72890c6d6dd5a059f13c1c1fe546c7aff155e421989766282e1d07eed498eb7b98335c755b87036b47d32696432196b9f527f6cd8df2b4b7fbf7afe628e340a0d1e73ed5035e1ac5998d9b08e92293cc226c110f6efb10649d7b911fe887730343eb0db57d4841a3ea9d8b95e6298433e86d16077dc6012b6cd63bc5b4ba0edad7978348004029d30f70406a9d5051a9e5af605b5e2d183e9dd02bf8dddce4a05523a2329388a70934cf69b32c252dc8cc7edfc74da7124a72c7278731989456c68fc9fbeda7e998a9b1f47ed10849cda925e831234a673ac8ce95add10a6fc25d56908dd1f2a8c4ecd36fe89a1441e8ca81063eecba668420fcae028e0135e6426895eab503beb0d6953cf98b5077e4366b22dc26af42ed206360dd27a0ded6847be2a72b61221b0ed3e1d5727cfa8f66b7b9f54d30440ca545e8924d07b1a640b916d2bf3516a2a168a78843bccbd8d9b210414b9af0785e3fc5b686404a3c49754923b08bba1c4c2018f9027565ebeb68878819f479d1cca259faf42bbb28b317a0ffb93b3cd1ad5d9c89ab878215f3e1a926438cce0d1706263a732a94d8ff9717b755bd78550e3c111457a1cb6bf35b2b7cdf3222cee5b7bd84f8508c740df10688e528e2cd94713c961fbb890ac9f10ef9e0f4eb8d34a65af5f3188d20b6667e386b9a97f75a62c29b4f0dcdb2d5d84500b1a577fd65559c8923cf5abe4b959e64294ccb259cb322d3639543f184a587bb197f73baae42d4d50c3b51d4e25b0c63afc07a38d94921354264c51adf0c4d598fd0d659c5104132db2806e4e83dfad05b709f9ebd0284b8409ede1ef3feb5ec455b12871f4c88d8180f363e61e51f7d16ecf4e2b57a5faafd4ef03c922d97e2ba16b4e939530eec92edf0fd1e47dee30f1c5fc0a4f3389c1b8ae4b14fa9e42df16df337c85d43c56ceb2854fd32b7ad845e51679ab30e105c06f6b74510a785b2652116d09f5cf99bcaa50f570110a9c421d50c6c714da4ae7d8374e124f8834ee6544fa3cf37f1502d9661a24d390f3a09c7fbfd7411f84645c173cf16c2dd6684d935c8855aa07834ad22d6780bd88958afabcccf08c9ae5097273c2b5deb0b3c973decc33a536bf7eb0a814ea0746202181d6ba3c0a6de5609fafaca8c30ae17fa43066ff6f240b12622706f991f4b3794c22d34f9dc471c11d066ee7ce78ac2f5c09b6c0412ba7685208789e96bf0030ce81d5c4514288ff46ca983c2452d59da15461558864adb2474b774d5c243dc32c2bc1a2981698d7d56b4d83c2b13542904068d8586a3cd31256b657ba4630810949f70e6878137c302060d73024774d7afa7606a9551a7433f2d8e3457116c816e37e9995e6f00b69077de892a9e3ef2a2aec56c41cf69a6368c8123b2bf8bb801ac4058e278d34389424b737d9b0816df0124af8423db1ec00be7cd179bdfd9e772d999b241449fa07e02f5eb0bab2795638a5401193ac5a51843b34214ee092baf285a590ef502b5fb8f4881694e904cc4c699b4be6b77bf617903f8ca460f55a5c90b46ff0d64fcfab6704bc4c335fa18c9be1caca2db5c660452a53356e79173be3f67a7fd670ac50e4402ea64bdbb2af132524f7964d6c7b6e77205a891b45e674a9aeb10f5048004ce64931a36f7d3fe4d04aa70716594afa8989cb3f3e6078b45c52582eb25242052c000758f30e02848ff96b77525e8268a8aee3c578c2a060b67e341e3d56dc471ee6ec556bbc246d52c4c5ffed4d855c29946feff9795e76187ccb41bf6df71af151fb2c2805ff005c4cda12740bbf9f9f7dbed70b19210350c8b199263d1b26c807dbcf6aa87ced3357de753f7a18facba0ce1b79307b12e027e9cafa7c911c70229683dadfae619aa87a556a402359f828a30498ec1d5bfdff980df47d623576a7ca37bd8da0069847aad303b74058ff9a3746f01ca20926d6d43ca1787c3ef5ee1cb94d455ae11ab5f9308e8586682a6050281295eeb9811a859735ea154e6968900eb9823555a8a4c113266731a24199c28dd632cccdb9521bb41d8541096335a91738f530c9dff3baaa272ae0e8c43c40d5eac8c253c718e8a231ea8aa6bb8e3c8519da2828d564308b69a4a4287b4cba08812d6ebc73fb9c9b6b3ad1481d5ed6f0305241a6d0555feda865c5b16121d2f4662f0457786fc91a32e4e2ffc406cb39c1712fca587b3ce59bff2050a7eedff2b2d93212d42363377cad52ab94af8ff84665973f3fe6c25d33c28edc3868de169e9ed53c8927ecb2e99ef75b23b8ba10f4bb3715ae2ba1741ea2ea43bf24a558beeb174b2abc81a4eae3e69f09ba4cb09d38c1e21aba832e8e35b3b05044debf643fcaf0820a061480478a1e7ebf4954f46eff8a0577d2018d4d8a44cb0dc995590612f9b5998b10d2c1de366e8ddd122f52deae98737fc17a7dca7b5ca8a4222e74d937445fda3b46881f21176a782c8899ebf788ceaf261ebd5901c7160757db004ed1d7866390c369f18a71acf01985b1123f071af2b2f4a62"}, 0x1004) close(r1) [ 2404.436547] ? kasan_check_read+0x11/0x20 [ 2404.440705] reason=80000021 qualification=0000000000000000 [ 2404.444304] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2404.444320] ? rcu_softirq_qs+0x20/0x20 [ 2404.444338] ? trace_hardirqs_off_caller+0x310/0x310 [ 2404.444367] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2404.444385] ? check_preemption_disabled+0x48/0x280 [ 2404.444407] handle_mm_fault+0x54f/0xc70 [ 2404.449584] IDTVectoring: info=00000000 errcode=00000000 [ 2404.453292] ? __handle_mm_fault+0x5be0/0x5be0 [ 2404.453313] ? find_vma+0x34/0x190 [ 2404.453335] __do_page_fault+0x5e8/0xe60 [ 2404.453359] ? trace_hardirqs_off+0xb8/0x310 [ 2404.453384] do_page_fault+0xf2/0x7e0 [ 2404.456943] TSC Offset = 0xfffffaf6f64e8611 [ 2404.460882] ? vmalloc_sync_all+0x30/0x30 [ 2404.460899] ? error_entry+0x70/0xd0 [ 2404.460917] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2404.460933] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2404.460953] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2404.465665] TPR Threshold = 0x00 [ 2404.469662] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2404.469681] ? trace_hardirqs_on_caller+0x310/0x310 [ 2404.469697] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2404.469715] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2404.469735] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2404.476532] EPT pointer = 0x00000001b4d2001e [ 2404.480535] ? page_fault+0x8/0x30 [ 2404.480555] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2404.480573] ? page_fault+0x8/0x30 [ 2404.480592] page_fault+0x1e/0x30 [ 2404.489562] RIP: 0033:0x4510a0 [ 2404.489580] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2404.489589] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2404.489602] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2404.489612] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2404.489626] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2404.500677] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2404.500687] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2404.507915] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2404.655431] CPU: 0 PID: 22659 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2404.683385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2404.683392] Call Trace: [ 2404.683415] dump_stack+0x244/0x39d [ 2404.683437] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2404.683466] handle_userfault.cold.32+0x47/0x62 [ 2404.683495] ? userfaultfd_ioctl+0x5610/0x5610 [ 2404.683517] ? mark_held_locks+0x130/0x130 [ 2404.703389] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2404.703405] ? futex_wait_setup+0x266/0x3e0 [ 2404.703435] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2404.703455] ? userfaultfd_ctx_put+0x830/0x830 [ 2404.703474] ? futex_wait+0x5a1/0xa50 [ 2404.718849] ? print_usage_bug+0xc0/0xc0 [ 2404.718867] ? print_usage_bug+0xc0/0xc0 [ 2404.718886] ? print_usage_bug+0xc0/0xc0 [ 2404.740976] ? zap_class+0x640/0x640 [ 2404.760876] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2404.760894] ? futex_wake+0x304/0x760 [ 2404.782709] ? find_held_lock+0x36/0x1c0 [ 2404.782737] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2404.782755] ? lock_downgrade+0x900/0x900 [ 2404.782780] ? kasan_check_read+0x11/0x20 [ 2404.794627] ? do_raw_spin_unlock+0xa7/0x330 [ 2404.794643] ? do_raw_spin_trylock+0x270/0x270 [ 2404.794662] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2404.794689] __handle_mm_fault+0x4bbd/0x5be0 [ 2404.794714] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2404.810576] IPVS: ftp: loaded support on port[0] = 21 [ 2404.815440] ? zap_class+0x640/0x640 [ 2404.815455] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2404.815471] ? kasan_check_read+0x11/0x20 [ 2404.815489] ? rcu_softirq_qs+0x20/0x20 [ 2404.815516] ? zap_class+0x640/0x640 [ 2404.815532] ? zap_class+0x640/0x640 [ 2404.815554] ? find_held_lock+0x36/0x1c0 [ 2404.815580] ? handle_mm_fault+0x42a/0xc70 [ 2404.815604] ? lock_downgrade+0x900/0x900 [ 2404.824848] ? check_preemption_disabled+0x48/0x280 [ 2404.824867] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2404.824883] ? kasan_check_read+0x11/0x20 [ 2404.824898] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2404.824913] ? rcu_softirq_qs+0x20/0x20 [ 2404.824930] ? trace_hardirqs_off_caller+0x310/0x310 [ 2404.824952] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2404.834190] ? check_preemption_disabled+0x48/0x280 [ 2404.843684] handle_mm_fault+0x54f/0xc70 [ 2404.843705] ? __handle_mm_fault+0x5be0/0x5be0 [ 2404.843727] ? find_vma+0x34/0x190 [ 2404.843748] __do_page_fault+0x5e8/0xe60 [ 2404.843764] ? trace_hardirqs_off+0xb8/0x310 [ 2404.843789] do_page_fault+0xf2/0x7e0 [ 2404.860282] ? vmalloc_sync_all+0x30/0x30 [ 2404.876947] ? error_entry+0x70/0xd0 [ 2404.893857] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2404.893873] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2404.893891] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2404.893907] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2404.893923] ? trace_hardirqs_on_caller+0x310/0x310 [ 2404.893938] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2404.893954] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2404.893970] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 2404.893984] ? __switch_to_asm+0x40/0x70 [ 2404.893998] ? page_fault+0x8/0x30 [ 2404.894017] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2404.894035] ? page_fault+0x8/0x30 [ 2404.903017] page_fault+0x1e/0x30 [ 2404.903031] RIP: 0033:0x4510a0 [ 2404.903048] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2404.903056] RSP: 002b:00007efdea14d7a8 EFLAGS: 00010202 [ 2404.903069] RAX: 00007efdea14d850 RBX: 0000000000000003 RCX: 000000000000000e [ 2404.903079] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea14d850 [ 2404.903088] RBP: 000000000072bfa0 R08: 00000000000003ff R09: 0000000000000000 [ 2404.903103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea14e6d4 [ 2404.913121] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2405.546997] IPVS: ftp: loaded support on port[0] = 21 [ 2405.752710] device bridge_slave_1 left promiscuous mode [ 2405.758246] bridge0: port 2(bridge_slave_1) entered disabled state [ 2405.794273] device bridge_slave_0 left promiscuous mode [ 2405.799868] bridge0: port 1(bridge_slave_0) entered disabled state [ 2405.964019] team0 (unregistering): Port device team_slave_1 removed [ 2405.983768] team0 (unregistering): Port device team_slave_0 removed [ 2405.996769] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2406.011141] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2406.066568] bond0 (unregistering): Released all slaves [ 2406.715812] bridge0: port 1(bridge_slave_0) entered blocking state [ 2406.739299] bridge0: port 1(bridge_slave_0) entered disabled state [ 2406.752907] device bridge_slave_0 entered promiscuous mode [ 2406.830425] bridge0: port 2(bridge_slave_1) entered blocking state [ 2406.851913] bridge0: port 2(bridge_slave_1) entered disabled state [ 2406.871876] device bridge_slave_1 entered promiscuous mode [ 2406.947429] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2407.014269] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2407.150431] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2407.198661] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2407.243378] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2407.250233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2407.296713] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 2407.303651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2407.436420] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2407.444130] team0: Port device team_slave_0 added [ 2407.487185] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2407.494694] team0: Port device team_slave_1 added [ 2407.537323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2407.586693] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2407.616557] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2407.623908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2407.632154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2407.656798] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2407.664162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2407.672384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2407.934692] bridge0: port 2(bridge_slave_1) entered blocking state [ 2407.941075] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2407.947777] bridge0: port 1(bridge_slave_0) entered blocking state [ 2407.954157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2407.962382] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 2408.172203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2409.452372] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2409.541631] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2409.629977] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2409.636248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2409.643800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2409.730644] 8021q: adding VLAN 0 to HW filter on device team0 08:16:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) fcntl$getown(r0, 0x9) r2 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000140)="e7e1683496d80b20fc18f8adb8bc5e3504b6375a40ad190e57920eb6a078763733ea9d308ec658780a732190e12aa4b166b30ba50346f8cdaa7fe6b07c4ac97c1b8c5454143479a9478e21b59fcaae1c7514d5002b366df44b050a3e72e7bd825e0150e1996cf04a0f7c908da3cb80f95a0851b946964a011e3d81c53fd9f87a8b397ee539a58b6ff47a909b3dc50db76af00d6d8e0e3e093156450dbe1003acf93bac2048a2ac298ee2d2b6", 0xac, 0xfffffffffffffff9) keyctl$revoke(0x3, r2) 08:16:28 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4800, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:28 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x300, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:28 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x2) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:28 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x16f342, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000080)={'ipvs\x00'}, &(0x7f00000000c0)=0x1e) close(r1) fcntl$setflags(r2, 0x2, 0x1) 08:16:28 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='map_files\x00') getdents(r0, &(0x7f00000000c0)=""/47, 0x2f) socket(0x10, 0x803, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1ffffd, 0x20) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) epoll_pwait(r1, &(0x7f00000038c0)=[{}, {}, {}, {}, {}, {}], 0x6, 0x3, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) fstatfs(r1, &(0x7f0000003c40)=""/210) sched_getaffinity(0x0, 0x8, &(0x7f0000000140)) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000500)={0x1, 'ip0\x00', 0x2}, 0x18) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000280)=0xfffffffffffffffb) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) unshare(0x40000000) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r2, &(0x7f0000000300)={0x904c48a8e9bc8f45}) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000003800)) sendto(r4, &(0x7f0000000000)="120000001200e7ef007b0000f4afd703", 0x10, 0x0, 0x0, 0x0) fsetxattr$security_evm(r1, &(0x7f0000000180)='security.evm\x00', &(0x7f0000003a40)=ANY=[@ANYBLOB="02981e54bf917bd3c2d77539f93a0f775cbbd703f73e1580888d7f3be8c85bf1f3000000487cdd654d7084e8e7aa6d6be8df2e633cfaf5017b6399908f3d40e6f85c2ea487fd63b32204e0763e971c1f2bab71cf0876d68cb267d1c1b45ed436b3528dd7ae4fd8a7030000000000000000000000000000000000000047cb6a9c8d927eb0d4f6549853b2e90755501797f602003f73bea913d5c9adfae742a1a020764c851271d969aa2bb3c4288f9e41545e78815392749e20757e334ce526fa4b8d7317f13f3287855e2514e15a9e81"], 0x1, 0x1) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000003880)='/dev/ppp\x00', 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000237fee)='/dev/input/event#\x00', 0x0, 0x0) syncfs(r6) setsockopt$inet_mreq(r3, 0x0, 0x0, 0x0, 0x0) getdents(r0, &(0x7f0000000040), 0x88) [ 2410.362729] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2410.367317] CPU: 1 PID: 22938 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2410.374693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2410.384064] Call Trace: [ 2410.386683] dump_stack+0x244/0x39d [ 2410.390340] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2410.394676] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2410.395570] handle_userfault.cold.32+0x47/0x62 [ 2410.395606] ? userfaultfd_ioctl+0x5610/0x5610 [ 2410.395630] ? mark_held_locks+0x130/0x130 [ 2410.413605] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2410.418636] ? futex_wait_setup+0x266/0x3e0 [ 2410.422979] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2410.428192] ? userfaultfd_ctx_put+0x830/0x830 [ 2410.432789] ? futex_wait+0x5a1/0xa50 [ 2410.436617] ? print_usage_bug+0xc0/0xc0 [ 2410.440690] ? print_usage_bug+0xc0/0xc0 [ 2410.444770] ? print_usage_bug+0xc0/0xc0 [ 2410.448850] ? zap_class+0x640/0x640 [ 2410.452588] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2410.457707] ? futex_wake+0x304/0x760 [ 2410.461541] ? find_held_lock+0x36/0x1c0 [ 2410.465626] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2410.470227] ? lock_downgrade+0x900/0x900 [ 2410.474396] ? kasan_check_read+0x11/0x20 [ 2410.478555] ? do_raw_spin_unlock+0xa7/0x330 [ 2410.482975] ? do_raw_spin_trylock+0x270/0x270 [ 2410.487576] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2410.493225] __handle_mm_fault+0x4bbd/0x5be0 [ 2410.497657] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2410.502512] ? zap_class+0x640/0x640 [ 2410.506240] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2410.511189] ? kasan_check_read+0x11/0x20 [ 2410.515366] ? rcu_softirq_qs+0x20/0x20 [ 2410.519380] ? zap_class+0x640/0x640 [ 2410.523112] ? zap_class+0x640/0x640 [ 2410.526849] ? find_held_lock+0x36/0x1c0 [ 2410.530938] ? handle_mm_fault+0x42a/0xc70 [ 2410.535186] ? lock_downgrade+0x900/0x900 [ 2410.535205] ? check_preemption_disabled+0x48/0x280 [ 2410.535224] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2410.535240] ? kasan_check_read+0x11/0x20 [ 2410.535255] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2410.535270] ? rcu_softirq_qs+0x20/0x20 [ 2410.535287] ? trace_hardirqs_off_caller+0x310/0x310 [ 2410.535309] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2410.544465] ? check_preemption_disabled+0x48/0x280 [ 2410.544489] handle_mm_fault+0x54f/0xc70 [ 2410.544509] ? __handle_mm_fault+0x5be0/0x5be0 [ 2410.544530] ? find_vma+0x34/0x190 [ 2410.544551] __do_page_fault+0x5e8/0xe60 [ 2410.544566] ? trace_hardirqs_off+0xb8/0x310 [ 2410.544590] do_page_fault+0xf2/0x7e0 [ 2410.603242] ? vmalloc_sync_all+0x30/0x30 [ 2410.607406] ? error_entry+0x70/0xd0 [ 2410.611132] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2410.616163] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2410.621105] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2410.626047] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2410.630902] ? trace_hardirqs_on_caller+0x310/0x310 [ 2410.635929] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2410.641394] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2410.646422] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2410.651455] ? page_fault+0x8/0x30 [ 2410.655008] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2410.659875] ? page_fault+0x8/0x30 [ 2410.663436] page_fault+0x1e/0x30 [ 2410.666894] RIP: 0033:0x4510a0 [ 2410.670104] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2410.689015] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2410.694386] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2410.701669] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 08:16:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r2 = request_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f00000000c0)='-\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0}, &(0x7f0000000180)=0xc) getgroups(0x3, &(0x7f00000001c0)=[0xee00, 0x0, 0xffffffffffffffff]) keyctl$chown(0x4, r2, r3, r4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) 08:16:28 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={0xffffffffffffff9c, 0x28, &(0x7f00000001c0)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={r2, 0x7a8, 0x8}, 0xc) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-monitor\x00', 0x400000, 0x0) truncate(&(0x7f0000000280)='./file0\x00', 0xffffffff00000001) ioctl$LOOP_SET_FD(r3, 0x4c00, r1) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)) openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x402300, 0x0) fsetxattr$security_smack_entry(r1, &(0x7f0000000140)='security.SMACK64EXEC\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', 0x1a, 0x2) r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsetxattr$security_smack_transmute(r0, &(0x7f0000000040)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x2) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r3, &(0x7f00000002c0)={0x90002006}) close(r4) 08:16:28 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x1400, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2410.708946] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2410.716230] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2410.723514] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2410.730818] CPU: 0 PID: 22946 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2410.738201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2410.747562] Call Trace: [ 2410.750166] dump_stack+0x244/0x39d [ 2410.753811] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2410.759041] handle_userfault.cold.32+0x47/0x62 08:16:28 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xffffa888, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2410.763740] ? userfaultfd_ioctl+0x5610/0x5610 [ 2410.768337] ? mark_held_locks+0x130/0x130 [ 2410.772604] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2410.777641] ? futex_wait_setup+0x266/0x3e0 [ 2410.781988] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2410.787199] ? userfaultfd_ctx_put+0x830/0x830 [ 2410.791797] ? futex_wait+0x5a1/0xa50 [ 2410.795417] IPVS: ftp: loaded support on port[0] = 21 [ 2410.795638] ? print_usage_bug+0xc0/0xc0 [ 2410.804892] ? print_usage_bug+0xc0/0xc0 [ 2410.808973] ? print_usage_bug+0xc0/0xc0 08:16:28 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x86ddffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2410.813056] ? zap_class+0x640/0x640 [ 2410.816783] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2410.821895] ? futex_wake+0x304/0x760 [ 2410.825726] ? find_held_lock+0x36/0x1c0 [ 2410.829810] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2410.834413] ? lock_downgrade+0x900/0x900 [ 2410.834438] ? kasan_check_read+0x11/0x20 [ 2410.834457] ? do_raw_spin_unlock+0xa7/0x330 [ 2410.847144] ? do_raw_spin_trylock+0x270/0x270 [ 2410.851748] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2410.857417] __handle_mm_fault+0x4bbd/0x5be0 [ 2410.861855] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2410.861876] ? zap_class+0x640/0x640 [ 2410.861895] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2410.875627] ? kasan_check_read+0x11/0x20 [ 2410.879793] ? rcu_softirq_qs+0x20/0x20 [ 2410.883791] ? zap_class+0x640/0x640 [ 2410.883807] ? zap_class+0x640/0x640 [ 2410.883829] ? find_held_lock+0x36/0x1c0 [ 2410.883852] ? handle_mm_fault+0x42a/0xc70 [ 2410.891273] ? lock_downgrade+0x900/0x900 [ 2410.899555] ? check_preemption_disabled+0x48/0x280 [ 2410.899575] ? rcu_read_unlock_special+0x1c0/0x1c0 08:16:28 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x806, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2410.899595] ? kasan_check_read+0x11/0x20 [ 2410.917803] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2410.917819] ? rcu_softirq_qs+0x20/0x20 [ 2410.917835] ? trace_hardirqs_off_caller+0x310/0x310 [ 2410.917860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2410.932197] ? check_preemption_disabled+0x48/0x280 [ 2410.932222] handle_mm_fault+0x54f/0xc70 [ 2410.932242] ? __handle_mm_fault+0x5be0/0x5be0 [ 2410.932262] ? find_vma+0x34/0x190 [ 2410.946868] __do_page_fault+0x5e8/0xe60 [ 2410.959034] ? trace_hardirqs_off+0xb8/0x310 08:16:28 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x200000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2410.959062] do_page_fault+0xf2/0x7e0 [ 2410.959085] ? vmalloc_sync_all+0x30/0x30 [ 2410.971416] ? error_entry+0x70/0xd0 [ 2410.971433] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2410.971453] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2410.985107] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2410.985123] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2410.985144] ? trace_hardirqs_on_caller+0x310/0x310 [ 2410.999930] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2411.005395] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2411.005413] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2411.005432] ? page_fault+0x8/0x30 [ 2411.018997] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2411.023851] ? page_fault+0x8/0x30 [ 2411.023867] page_fault+0x1e/0x30 [ 2411.023881] RIP: 0033:0x4510a0 [ 2411.023898] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2411.023906] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2411.030900] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e 08:16:28 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x2, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:28 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xf0ffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2411.030911] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2411.030920] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2411.030929] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2411.030943] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2411.171740] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2411.184111] CPU: 0 PID: 22977 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2411.191520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2411.191528] Call Trace: [ 2411.191556] dump_stack+0x244/0x39d [ 2411.191583] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2411.191615] handle_userfault.cold.32+0x47/0x62 [ 2411.212383] ? userfaultfd_ioctl+0x5610/0x5610 [ 2411.212403] ? mark_held_locks+0x130/0x130 [ 2411.212424] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2411.221750] ? futex_wait_setup+0x266/0x3e0 [ 2411.221781] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2411.221801] ? userfaultfd_ctx_put+0x830/0x830 [ 2411.221815] ? futex_wait+0x5a1/0xa50 [ 2411.221839] ? print_usage_bug+0xc0/0xc0 [ 2411.231587] ? print_usage_bug+0xc0/0xc0 [ 2411.231607] ? print_usage_bug+0xc0/0xc0 [ 2411.231625] ? zap_class+0x640/0x640 [ 2411.231643] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2411.231660] ? futex_wake+0x304/0x760 [ 2411.241190] ? find_held_lock+0x36/0x1c0 [ 2411.241218] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2411.241238] ? lock_downgrade+0x900/0x900 [ 2411.249617] ? kasan_check_read+0x11/0x20 [ 2411.249634] ? do_raw_spin_unlock+0xa7/0x330 [ 2411.249649] ? do_raw_spin_trylock+0x270/0x270 [ 2411.249672] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2411.257792] __handle_mm_fault+0x4bbd/0x5be0 [ 2411.257818] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2411.257841] ? zap_class+0x640/0x640 [ 2411.265603] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2411.265619] ? kasan_check_read+0x11/0x20 [ 2411.265637] ? rcu_softirq_qs+0x20/0x20 [ 2411.265666] ? zap_class+0x640/0x640 [ 2411.274580] ? zap_class+0x640/0x640 [ 2411.274602] ? find_held_lock+0x36/0x1c0 [ 2411.274628] ? handle_mm_fault+0x42a/0xc70 [ 2411.274646] ? lock_downgrade+0x900/0x900 [ 2411.274668] ? check_preemption_disabled+0x48/0x280 [ 2411.283291] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2411.283307] ? kasan_check_read+0x11/0x20 [ 2411.283323] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2411.283338] ? rcu_softirq_qs+0x20/0x20 [ 2411.283371] ? trace_hardirqs_off_caller+0x310/0x310 [ 2411.283393] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2411.291671] ? check_preemption_disabled+0x48/0x280 [ 2411.291696] handle_mm_fault+0x54f/0xc70 [ 2411.291716] ? __handle_mm_fault+0x5be0/0x5be0 [ 2411.291735] ? find_vma+0x34/0x190 [ 2411.300717] __do_page_fault+0x5e8/0xe60 [ 2411.300733] ? trace_hardirqs_off+0xb8/0x310 [ 2411.300760] do_page_fault+0xf2/0x7e0 [ 2411.300779] ? vmalloc_sync_all+0x30/0x30 08:16:29 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x9) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:29 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x1, 0x2) ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000000080)=0x7) close(r1) [ 2411.310799] ? error_entry+0x70/0xd0 [ 2411.310818] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2411.310834] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2411.310851] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2411.310876] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2411.319416] ? trace_hardirqs_on_caller+0x310/0x310 [ 2411.319434] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2411.319452] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2411.319470] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2411.319488] ? page_fault+0x8/0x30 [ 2411.328558] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2411.328577] ? page_fault+0x8/0x30 [ 2411.328594] page_fault+0x1e/0x30 [ 2411.328612] RIP: 0033:0x4510a0 [ 2411.336280] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2411.336289] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2411.336303] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2411.336313] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2411.336322] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2411.336336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2411.344103] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2411.528229] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2411.546232] CPU: 0 PID: 22991 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2411.556910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2411.556916] Call Trace: [ 2411.556939] dump_stack+0x244/0x39d [ 2411.556960] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2411.577695] handle_userfault.cold.32+0x47/0x62 [ 2411.582395] ? userfaultfd_ioctl+0x5610/0x5610 [ 2411.587000] ? mark_held_locks+0x130/0x130 [ 2411.591240] ? find_held_lock+0x36/0x1c0 [ 2411.595299] ? userfaultfd_ctx_put+0x830/0x830 [ 2411.599888] ? kasan_check_read+0x11/0x20 [ 2411.604030] ? print_usage_bug+0xc0/0xc0 [ 2411.608086] ? do_raw_spin_trylock+0x270/0x270 [ 2411.612670] ? print_usage_bug+0xc0/0xc0 [ 2411.616735] ? print_usage_bug+0xc0/0xc0 [ 2411.620786] ? zap_class+0x640/0x640 [ 2411.624502] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2411.629608] ? futex_wake+0x304/0x760 [ 2411.633402] ? find_held_lock+0x36/0x1c0 [ 2411.637459] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2411.642034] ? lock_downgrade+0x900/0x900 [ 2411.646174] ? kasan_check_read+0x11/0x20 [ 2411.650317] ? do_raw_spin_unlock+0xa7/0x330 [ 2411.654743] ? do_raw_spin_trylock+0x270/0x270 [ 2411.659324] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2411.664989] __handle_mm_fault+0x4bbd/0x5be0 [ 2411.669409] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2411.674247] ? zap_class+0x640/0x640 [ 2411.677953] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2411.682871] ? kasan_check_read+0x11/0x20 [ 2411.687016] ? rcu_softirq_qs+0x20/0x20 [ 2411.691000] ? zap_class+0x640/0x640 [ 2411.694716] ? zap_class+0x640/0x640 [ 2411.698423] ? find_held_lock+0x36/0x1c0 [ 2411.702475] ? handle_mm_fault+0x42a/0xc70 [ 2411.706713] ? lock_downgrade+0x900/0x900 [ 2411.710877] ? check_preemption_disabled+0x48/0x280 [ 2411.715891] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2411.720810] ? kasan_check_read+0x11/0x20 [ 2411.724945] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2411.730219] ? rcu_softirq_qs+0x20/0x20 [ 2411.734205] ? trace_hardirqs_off_caller+0x310/0x310 [ 2411.739298] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2411.744841] ? check_preemption_disabled+0x48/0x280 [ 2411.749853] handle_mm_fault+0x54f/0xc70 [ 2411.753910] ? __handle_mm_fault+0x5be0/0x5be0 [ 2411.758484] ? find_vma+0x34/0x190 [ 2411.762031] __do_page_fault+0x5e8/0xe60 [ 2411.766083] ? trace_hardirqs_off+0xb8/0x310 [ 2411.770573] do_page_fault+0xf2/0x7e0 [ 2411.774386] ? vmalloc_sync_all+0x30/0x30 [ 2411.778570] ? error_entry+0x70/0xd0 [ 2411.782287] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2411.787323] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2411.792256] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2411.797178] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2411.802010] ? trace_hardirqs_on_caller+0x310/0x310 [ 2411.807080] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2411.812535] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2411.817540] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2411.822569] ? page_fault+0x8/0x30 [ 2411.826101] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2411.830941] ? page_fault+0x8/0x30 [ 2411.834469] page_fault+0x1e/0x30 [ 2411.837909] RIP: 0033:0x4510a0 [ 2411.841097] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2411.859987] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2411.865339] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2411.872617] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2411.879878] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2411.887133] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2411.894399] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:30 executing program 5: ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f00000001c0)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) flock(0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) ioctl$VHOST_GET_VRING_BASE(0xffffffffffffffff, 0xc008af12, 0x0) getsockname(0xffffffffffffffff, 0x0, 0x0) close(r0) mkdir(0x0, 0x0) ioprio_get$uid(0x0, 0x0) syz_mount_image$vfat(&(0x7f0000001800)='vfat\x00', &(0x7f0000001840)='./file0\x00', 0x0, 0x1, &(0x7f0000000440)=[{&(0x7f0000000380)}], 0x0, 0x0) lseek(r0, 0x0, 0x4) io_setup(0xe125, &(0x7f0000000500)) open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000140)) 08:16:30 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8906, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/29, 0x1d}, {&(0x7f0000000140)=""/193, 0xc1}], 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) r2 = dup2(r0, r0) ioctl$VT_DISALLOCATE(r2, 0x5608) r3 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x1, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x9) 08:16:30 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x7a, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:30 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a31ee5c2d023ccc5690d93ba7074358e8b564a26db170126285718070") r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x8, 0x1) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x3f, 0xc75}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000100)={r2, 0xff}, &(0x7f0000000140)=0x8) r3 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) 08:16:30 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x2000000000000000) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:30 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xd00, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:30 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) [ 2412.930288] FAT-fs (loop5): bogus number of reserved sectors [ 2412.948551] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2412.953874] CPU: 0 PID: 23009 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2412.961255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2412.970624] Call Trace: [ 2412.973236] dump_stack+0x244/0x39d [ 2412.976894] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2412.979853] FAT-fs (loop5): Can't find a valid FAT filesystem [ 2412.982120] handle_userfault.cold.32+0x47/0x62 [ 2412.982155] ? userfaultfd_ioctl+0x5610/0x5610 [ 2412.982179] ? mark_held_locks+0x130/0x130 [ 2412.982207] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2413.006593] ? futex_wait_setup+0x266/0x3e0 [ 2413.010941] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2413.016151] ? userfaultfd_ctx_put+0x830/0x830 [ 2413.020752] ? futex_wait+0x5a1/0xa50 [ 2413.020777] ? print_usage_bug+0xc0/0xc0 [ 2413.020794] ? print_usage_bug+0xc0/0xc0 [ 2413.020813] ? print_usage_bug+0xc0/0xc0 [ 2413.028677] ? zap_class+0x640/0x640 [ 2413.028696] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2413.028711] ? futex_wake+0x304/0x760 [ 2413.028741] ? find_held_lock+0x36/0x1c0 [ 2413.053522] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2413.058121] ? lock_downgrade+0x900/0x900 [ 2413.062298] ? kasan_check_read+0x11/0x20 [ 2413.066463] ? do_raw_spin_unlock+0xa7/0x330 [ 2413.070885] ? do_raw_spin_trylock+0x270/0x270 [ 2413.075491] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2413.081141] __handle_mm_fault+0x4bbd/0x5be0 [ 2413.085575] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2413.090440] ? zap_class+0x640/0x640 [ 2413.094168] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2413.099110] ? kasan_check_read+0x11/0x20 [ 2413.103272] ? rcu_softirq_qs+0x20/0x20 [ 2413.103301] ? zap_class+0x640/0x640 [ 2413.103316] ? zap_class+0x640/0x640 [ 2413.103338] ? find_held_lock+0x36/0x1c0 [ 2413.103376] ? handle_mm_fault+0x42a/0xc70 [ 2413.111068] ? lock_downgrade+0x900/0x900 [ 2413.111088] ? check_preemption_disabled+0x48/0x280 [ 2413.111107] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2413.111127] ? kasan_check_read+0x11/0x20 [ 2413.141330] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2413.146639] ? rcu_softirq_qs+0x20/0x20 [ 2413.150629] ? trace_hardirqs_off_caller+0x310/0x310 [ 2413.155758] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2413.161318] ? check_preemption_disabled+0x48/0x280 [ 2413.163278] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2413.166392] handle_mm_fault+0x54f/0xc70 [ 2413.166414] ? __handle_mm_fault+0x5be0/0x5be0 [ 2413.166435] ? find_vma+0x34/0x190 [ 2413.166456] __do_page_fault+0x5e8/0xe60 [ 2413.187170] ? trace_hardirqs_off+0xb8/0x310 [ 2413.191604] do_page_fault+0xf2/0x7e0 [ 2413.195423] ? vmalloc_sync_all+0x30/0x30 [ 2413.199586] ? error_entry+0x70/0xd0 [ 2413.203329] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2413.208398] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2413.213336] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2413.218292] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2413.223147] ? trace_hardirqs_on_caller+0x310/0x310 [ 2413.228175] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2413.234122] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2413.239155] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2413.244183] ? page_fault+0x8/0x30 [ 2413.247739] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2413.252599] ? page_fault+0x8/0x30 [ 2413.256326] page_fault+0x1e/0x30 [ 2413.259797] RIP: 0033:0x4510a0 [ 2413.263003] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2413.281921] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2413.287303] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2413.294581] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2413.301965] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2413.309244] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2413.316630] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2413.323950] CPU: 1 PID: 23012 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 08:16:31 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x800e000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:31 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x100000890e, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) 08:16:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) fsetxattr$security_smack_transmute(r0, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000040)='TRUE', 0x4, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) 08:16:31 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x700) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2413.331334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2413.340705] Call Trace: [ 2413.343323] dump_stack+0x244/0x39d [ 2413.347093] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2413.352311] handle_userfault.cold.32+0x47/0x62 [ 2413.357026] ? userfaultfd_ioctl+0x5610/0x5610 [ 2413.361628] ? mark_held_locks+0x130/0x130 [ 2413.366322] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2413.371364] ? futex_wait_setup+0x266/0x3e0 [ 2413.375708] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2413.380917] ? userfaultfd_ctx_put+0x830/0x830 [ 2413.385517] ? futex_wait+0x5a1/0xa50 [ 2413.389357] ? print_usage_bug+0xc0/0xc0 [ 2413.393444] ? print_usage_bug+0xc0/0xc0 [ 2413.397534] ? print_usage_bug+0xc0/0xc0 [ 2413.401609] ? zap_class+0x640/0x640 [ 2413.405333] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2413.410458] ? futex_wake+0x304/0x760 [ 2413.414294] ? find_held_lock+0x36/0x1c0 [ 2413.418438] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2413.423038] ? lock_downgrade+0x900/0x900 [ 2413.427228] ? kasan_check_read+0x11/0x20 [ 2413.431392] ? do_raw_spin_unlock+0xa7/0x330 [ 2413.435822] ? do_raw_spin_trylock+0x270/0x270 [ 2413.440428] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2413.446081] __handle_mm_fault+0x4bbd/0x5be0 [ 2413.450517] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2413.455388] ? zap_class+0x640/0x640 [ 2413.459120] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2413.464070] ? kasan_check_read+0x11/0x20 [ 2413.468231] ? rcu_softirq_qs+0x20/0x20 [ 2413.472232] ? zap_class+0x640/0x640 [ 2413.475973] ? zap_class+0x640/0x640 [ 2413.479709] ? find_held_lock+0x36/0x1c0 [ 2413.483794] ? handle_mm_fault+0x42a/0xc70 [ 2413.488046] ? lock_downgrade+0x900/0x900 [ 2413.492215] ? check_preemption_disabled+0x48/0x280 [ 2413.497251] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2413.502194] ? kasan_check_read+0x11/0x20 [ 2413.506372] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2413.511668] ? rcu_softirq_qs+0x20/0x20 [ 2413.515671] ? trace_hardirqs_off_caller+0x310/0x310 [ 2413.520796] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2413.526358] ? check_preemption_disabled+0x48/0x280 [ 2413.526384] handle_mm_fault+0x54f/0xc70 [ 2413.526404] ? __handle_mm_fault+0x5be0/0x5be0 [ 2413.526425] ? find_vma+0x34/0x190 [ 2413.526453] __do_page_fault+0x5e8/0xe60 [ 2413.547703] ? trace_hardirqs_off+0xb8/0x310 [ 2413.552137] do_page_fault+0xf2/0x7e0 [ 2413.555967] ? vmalloc_sync_all+0x30/0x30 [ 2413.560133] ? error_entry+0x70/0xd0 [ 2413.563871] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2413.568906] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2413.573848] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2413.578798] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2413.583672] ? trace_hardirqs_on_caller+0x310/0x310 [ 2413.588714] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2413.594181] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2413.594201] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2413.594218] ? page_fault+0x8/0x30 [ 2413.594237] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2413.594256] ? page_fault+0x8/0x30 [ 2413.594272] page_fault+0x1e/0x30 [ 2413.594284] RIP: 0033:0x4510a0 [ 2413.594302] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2413.594315] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2413.604375] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2413.604385] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2413.604395] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2413.604405] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2413.604415] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2413.607779] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2413.689658] CPU: 1 PID: 23040 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2413.697039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2413.706398] Call Trace: [ 2413.709015] dump_stack+0x244/0x39d [ 2413.712673] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2413.717898] handle_userfault.cold.32+0x47/0x62 [ 2413.722602] ? userfaultfd_ioctl+0x5610/0x5610 [ 2413.727207] ? mark_held_locks+0x130/0x130 [ 2413.731466] ? find_held_lock+0x36/0x1c0 [ 2413.735551] ? userfaultfd_ctx_put+0x830/0x830 [ 2413.740158] ? kasan_check_read+0x11/0x20 [ 2413.744327] ? print_usage_bug+0xc0/0xc0 [ 2413.748422] ? do_raw_spin_trylock+0x270/0x270 [ 2413.753020] ? print_usage_bug+0xc0/0xc0 [ 2413.753040] ? print_usage_bug+0xc0/0xc0 [ 2413.753057] ? zap_class+0x640/0x640 [ 2413.753076] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2413.753093] ? futex_wake+0x304/0x760 [ 2413.761229] ? find_held_lock+0x36/0x1c0 [ 2413.777893] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2413.782493] ? lock_downgrade+0x900/0x900 [ 2413.786673] ? kasan_check_read+0x11/0x20 [ 2413.790839] ? do_raw_spin_unlock+0xa7/0x330 [ 2413.795275] ? do_raw_spin_trylock+0x270/0x270 [ 2413.799888] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2413.805524] __handle_mm_fault+0x4bbd/0x5be0 [ 2413.809932] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2413.814776] ? zap_class+0x640/0x640 [ 2413.818494] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2413.823420] ? kasan_check_read+0x11/0x20 [ 2413.827562] ? rcu_softirq_qs+0x20/0x20 [ 2413.831535] ? zap_class+0x640/0x640 [ 2413.835248] ? zap_class+0x640/0x640 [ 2413.838972] ? find_held_lock+0x36/0x1c0 [ 2413.843029] ? handle_mm_fault+0x42a/0xc70 [ 2413.847252] ? lock_downgrade+0x900/0x900 [ 2413.851398] ? check_preemption_disabled+0x48/0x280 [ 2413.856404] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2413.861332] ? kasan_check_read+0x11/0x20 [ 2413.865484] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2413.870748] ? rcu_softirq_qs+0x20/0x20 [ 2413.874713] ? trace_hardirqs_off_caller+0x310/0x310 [ 2413.879821] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2413.885363] ? check_preemption_disabled+0x48/0x280 [ 2413.890380] handle_mm_fault+0x54f/0xc70 [ 2413.894435] ? __handle_mm_fault+0x5be0/0x5be0 [ 2413.899011] ? find_vma+0x34/0x190 [ 2413.902553] __do_page_fault+0x5e8/0xe60 [ 2413.906606] ? trace_hardirqs_off+0xb8/0x310 [ 2413.911025] do_page_fault+0xf2/0x7e0 [ 2413.914829] ? vmalloc_sync_all+0x30/0x30 [ 2413.918979] ? error_entry+0x70/0xd0 [ 2413.922697] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2413.927704] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2413.932631] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2413.937552] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2413.942384] ? trace_hardirqs_on_caller+0x310/0x310 [ 2413.947410] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2413.952867] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2413.957888] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2413.962894] ? page_fault+0x8/0x30 [ 2413.966426] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2413.971260] ? page_fault+0x8/0x30 [ 2413.974790] page_fault+0x1e/0x30 [ 2413.978234] RIP: 0033:0x4510a0 [ 2413.981418] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2414.000308] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2414.005660] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2414.012919] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2414.020181] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2414.027454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2414.034709] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2414.072565] FAT-fs (loop5): bogus number of reserved sectors [ 2414.078505] FAT-fs (loop5): Can't find a valid FAT filesystem 08:16:32 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fe81007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000009000000b7050000020000006a0a00fe000000008500000032000000b7000000000000009500040000000000"], 0x0}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="de009b8db770076a6337ccd9e871", 0x0}, 0x28) 08:16:32 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xb00, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:32 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x40, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000080)={0x20000008}) 08:16:32 executing program 4: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x8, 0x40000) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000140)={{0xffffffffffffffff, 0x2, 0x6, 0x0, 0x6}, 0xa6, 0x8, 0x3ff}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000040)={0x6, 0x14, [0x6e, 0xfffffffffffffffb, 0x1f, 0x5, 0x10001]}) r2 = shmget(0x3, 0x4000, 0x801, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_RMID(r2, 0x0) 08:16:32 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x8000000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:32 executing program 0: r0 = syz_open_dev$sndpcmp(&(0x7f0000000540)='/dev/snd/pcmC#D#p\x00', 0x7, 0x10000) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000580)=0x7, 0x4) openat$rfkill(0xffffffffffffff9c, 0x0, 0x100, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x7, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:32 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f00000001c0)=0x4, 0x4) listen(r1, 0x0) connect$unix(r0, &(0x7f000066fff4)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") accept4$unix(r1, &(0x7f000046f000)=@abs, &(0x7f00000000c0)=0x6e, 0x0) 08:16:32 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:32 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x7, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2414.309786] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2414.326535] CPU: 1 PID: 23075 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2414.333922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2414.333930] Call Trace: [ 2414.333958] dump_stack+0x244/0x39d [ 2414.333985] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2414.334022] handle_userfault.cold.32+0x47/0x62 [ 2414.334057] ? userfaultfd_ioctl+0x5610/0x5610 [ 2414.364567] ? mark_held_locks+0x130/0x130 [ 2414.368810] ? futex_wait_setup+0x266/0x3e0 [ 2414.373135] ? __switch_to_asm+0x40/0x70 [ 2414.377219] ? userfaultfd_ctx_put+0x830/0x830 [ 2414.381808] ? futex_wait+0x5a1/0xa50 [ 2414.385629] ? print_usage_bug+0xc0/0xc0 [ 2414.389694] ? print_usage_bug+0xc0/0xc0 [ 2414.393771] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2414.398706] ? print_usage_bug+0xc0/0xc0 [ 2414.402777] ? zap_class+0x640/0x640 [ 2414.406496] ? trace_hardirqs_on+0x310/0x310 [ 2414.410912] ? futex_wake+0x304/0x760 [ 2414.414736] ? find_held_lock+0x36/0x1c0 [ 2414.418817] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2414.423432] ? lock_downgrade+0x900/0x900 [ 2414.427598] ? kasan_check_read+0x11/0x20 [ 2414.431762] ? do_raw_spin_unlock+0xa7/0x330 [ 2414.436181] ? do_raw_spin_trylock+0x270/0x270 [ 2414.440776] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2414.446425] __handle_mm_fault+0x4bbd/0x5be0 [ 2414.450862] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2414.455718] ? zap_class+0x640/0x640 [ 2414.459434] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2414.464377] ? kasan_check_read+0x11/0x20 [ 2414.468532] ? rcu_softirq_qs+0x20/0x20 [ 2414.472519] ? zap_class+0x640/0x640 [ 2414.476240] ? zap_class+0x640/0x640 [ 2414.479963] ? find_held_lock+0x36/0x1c0 [ 2414.484039] ? handle_mm_fault+0x42a/0xc70 [ 2414.488282] ? lock_downgrade+0x900/0x900 [ 2414.492436] ? check_preemption_disabled+0x48/0x280 [ 2414.497458] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2414.502409] ? kasan_check_read+0x11/0x20 [ 2414.506559] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2414.511895] ? rcu_softirq_qs+0x20/0x20 [ 2414.515880] ? trace_hardirqs_off_caller+0x310/0x310 [ 2414.520994] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2414.526542] ? check_preemption_disabled+0x48/0x280 [ 2414.531575] handle_mm_fault+0x54f/0xc70 [ 2414.535652] ? __handle_mm_fault+0x5be0/0x5be0 [ 2414.540247] ? find_vma+0x34/0x190 [ 2414.543797] __do_page_fault+0x5e8/0xe60 [ 2414.547872] ? trace_hardirqs_off+0xb8/0x310 [ 2414.552301] do_page_fault+0xf2/0x7e0 [ 2414.556110] ? vmalloc_sync_all+0x30/0x30 [ 2414.560261] ? error_entry+0x70/0xd0 [ 2414.563983] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2414.569002] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2414.573941] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2414.578882] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2414.583729] ? trace_hardirqs_on_caller+0x310/0x310 [ 2414.588747] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2414.594203] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2414.599223] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2414.604251] ? page_fault+0x8/0x30 [ 2414.607801] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2414.612650] ? page_fault+0x8/0x30 [ 2414.616194] page_fault+0x1e/0x30 [ 2414.619652] RIP: 0033:0x4510a0 [ 2414.622867] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2414.641772] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2414.647144] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2414.654413] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 08:16:32 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x3ff, 0x200000) recvmsg$kcm(r1, &(0x7f0000000380)={&(0x7f0000000080)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000100)=""/188, 0xbc}, {&(0x7f00000001c0)=""/172, 0xac}], 0x2, &(0x7f00000002c0)=""/161, 0xa1}, 0x100) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r2 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) [ 2414.661685] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2414.669307] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2414.676581] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:32 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x81, 0x0) 08:16:32 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x8}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={r2, 0x10001}, &(0x7f00000001c0)=0xc) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:32 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x1, 0x2) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000080)={0x100, 0x7, 0x2000}, 0x4) close(r1) 08:16:32 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4888, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:32 executing program 5: syz_open_dev$loop(0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x118) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000300)={{0x0, 0x2, 0x93}, 0x5721e7f, 0x80000000, 0x7}) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f00000002c0)={'bcsf0\x00'}) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000180)=0x0) perf_event_open(0x0, r1, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x400000000008) r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x0, 0x7fffc) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = semget(0x3, 0x1, 0x0) semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0)) getsockopt$IP_VS_SO_GET_VERSION(r3, 0x0, 0x480, 0x0, &(0x7f0000000140)) semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0)=[0x8, 0x2, 0xffffffff80000000, 0x8]) mlockall(0x4) preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000) 08:16:32 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x2000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:32 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x2bf6070b9224d23f, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000080)=0x3ff) r2 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000180)={r3, @in6={{0xa, 0x4e23, 0xfffffffffffff000, @empty, 0x7}}, 0xffffffff, 0x1000}, 0x90) r4 = perf_event_open(&(0x7f0000014f88)={0x1, 0x137, 0x8, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7f, 0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x9) close(r4) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f00000000c0), 0x4) [ 2414.981759] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2415.007914] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2415.019379] CPU: 0 PID: 23110 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2415.026768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2415.036124] Call Trace: [ 2415.038732] dump_stack+0x244/0x39d [ 2415.042400] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2415.047622] handle_userfault.cold.32+0x47/0x62 [ 2415.052326] ? userfaultfd_ioctl+0x5610/0x5610 [ 2415.056944] ? mark_held_locks+0x130/0x130 [ 2415.061191] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2415.066220] ? futex_wait_setup+0x266/0x3e0 [ 2415.070571] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2415.075776] ? userfaultfd_ctx_put+0x830/0x830 [ 2415.080383] ? futex_wait+0x5a1/0xa50 [ 2415.084204] ? print_usage_bug+0xc0/0xc0 [ 2415.088279] ? print_usage_bug+0xc0/0xc0 [ 2415.092368] ? print_usage_bug+0xc0/0xc0 [ 2415.096443] ? zap_class+0x640/0x640 [ 2415.100171] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2415.105279] ? futex_wake+0x304/0x760 [ 2415.109111] ? find_held_lock+0x36/0x1c0 [ 2415.113193] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2415.117802] ? lock_downgrade+0x900/0x900 [ 2415.121970] ? kasan_check_read+0x11/0x20 [ 2415.126130] ? do_raw_spin_unlock+0xa7/0x330 [ 2415.130547] ? do_raw_spin_trylock+0x270/0x270 [ 2415.135138] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2415.140785] __handle_mm_fault+0x4bbd/0x5be0 [ 2415.145219] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2415.150080] ? zap_class+0x640/0x640 [ 2415.153813] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2415.158749] ? kasan_check_read+0x11/0x20 [ 2415.162907] ? rcu_softirq_qs+0x20/0x20 [ 2415.166905] ? zap_class+0x640/0x640 [ 2415.170634] ? zap_class+0x640/0x640 [ 2415.174377] ? find_held_lock+0x36/0x1c0 [ 2415.178456] ? handle_mm_fault+0x42a/0xc70 [ 2415.182707] ? lock_downgrade+0x900/0x900 [ 2415.186867] ? check_preemption_disabled+0x48/0x280 [ 2415.191901] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2415.196844] ? kasan_check_read+0x11/0x20 [ 2415.201003] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2415.206290] ? rcu_softirq_qs+0x20/0x20 [ 2415.210275] ? trace_hardirqs_off_caller+0x310/0x310 [ 2415.215400] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2415.220955] ? check_preemption_disabled+0x48/0x280 [ 2415.225993] handle_mm_fault+0x54f/0xc70 [ 2415.230069] ? __handle_mm_fault+0x5be0/0x5be0 [ 2415.235164] ? find_vma+0x34/0x190 [ 2415.238728] __do_page_fault+0x5e8/0xe60 [ 2415.242800] ? trace_hardirqs_off+0xb8/0x310 [ 2415.247237] do_page_fault+0xf2/0x7e0 [ 2415.251056] ? vmalloc_sync_all+0x30/0x30 [ 2415.255215] ? error_entry+0x70/0xd0 [ 2415.258947] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2415.263974] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2415.268914] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2415.273860] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2415.278717] ? trace_hardirqs_on_caller+0x310/0x310 [ 2415.283745] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2415.289210] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2415.294239] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2415.299280] ? page_fault+0x8/0x30 [ 2415.302842] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2415.307701] ? page_fault+0x8/0x30 [ 2415.311254] page_fault+0x1e/0x30 [ 2415.314968] RIP: 0033:0x4510a0 [ 2415.318175] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2415.337079] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2415.342450] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2415.349728] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2415.357007] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2415.364476] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2415.371754] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2415.379164] CPU: 1 PID: 23115 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2415.386547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2415.396076] Call Trace: [ 2415.396099] dump_stack+0x244/0x39d [ 2415.396121] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2415.396148] handle_userfault.cold.32+0x47/0x62 [ 2415.396173] ? userfaultfd_ioctl+0x5610/0x5610 [ 2415.416824] ? mark_held_locks+0x130/0x130 [ 2415.421086] ? find_held_lock+0x36/0x1c0 [ 2415.425175] ? userfaultfd_ctx_put+0x830/0x830 [ 2415.429772] ? kasan_check_read+0x11/0x20 [ 2415.433937] ? print_usage_bug+0xc0/0xc0 [ 2415.438009] ? do_raw_spin_trylock+0x270/0x270 [ 2415.442606] ? print_usage_bug+0xc0/0xc0 [ 2415.446683] ? print_usage_bug+0xc0/0xc0 [ 2415.450759] ? zap_class+0x640/0x640 [ 2415.454500] ? drop_futex_key_refs.isra.14+0x6d/0xe0 08:16:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x8100, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) sendmsg$netlink(r2, &(0x7f0000000700)={&(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0x40020}, 0xc, &(0x7f00000006c0)=[{&(0x7f0000000140)={0x2c8, 0x1e, 0x500, 0x70bd2a, 0x25dfdbfc, "", [@typed={0xc, 0x2a, @u64=0x1}, @nested={0xd0, 0x1f, [@typed={0xc, 0x7f, @u64=0x600000000000}, @generic="36cedbb0246d9778258c78e52cee51b99393803c6029314fe48178f2caec5f67e61d7f71230f1ae577f59216a700c364676be6be8c4b7607b4649484f6575a05b8c72ca8c3327d6f00d61d5257712d3602", @generic="1780a92d2c8fe09b4405d6fc21057c4b3cba7e11f8ca5608bdc61900690fa29b038f6e59f20b299bfa38e7e4a0ddbed7eca2706b932d2a35f0eba97a0f17b4a89256ce666fe9782d5fd21846b2ac5043a63423f3d5e18539fc330f84d1a68e68904ad20cc3390b2fea535c80", @generic]}, @nested={0x1d0, 0x8e, [@generic="201cb067dc583aa1cf2ae1ab5ffd3f46a278b577cd08901a92f0fe9dfd459f6f9f73084133fcabafadd844f1eb506d5fac199ebd54b715d0beb9b286fce226bb5180c411017eec65441f165bdf7cd12922969d424f3fdc2d252102e4c664bc826433ba94da377a909ad60076712fbc2fd1dc1118aec35c4b9621a5c9c42f80d14e5a35f8c7c51fd5fd49d27eddb98db6431d32b174c2b2c4f213b4c9b4b31f49fcac790f1b58b65817ba1d4297a8843e5807e64d485b275dd9a10155bf92fc640a3f627e6d9e20e98795a302f6", @generic="68eca191863f89033eb973376d11f1ff857c24cbe8bfb1630f5eb912ad712e2aacdc0edf11dd86744651c6b50890ea08e80f1e75efe81a412eae0c2e1a5d4a379ff7f94498933a41bc98813625143ce1f6f39c652ab0c9247ec309bfec6f971ea9d02421210bdbf84b0a4a0d97576d49020fd3bdf7b921e8ef16d384ee24eb1107887f7071ff88a038935259af899337ba299467a3fedefc20cde496242631b1f07fc829225e5e91ee309c3ff2a4c29897564a64015a59a225dac5403fb281b7a02a0b59655e3e4561752efe6c2f73214ac45a92daa61297456a067eb5131b06667c1e9d1f353e2e4ea9d1c5425b0cecaa3fc67299be63dcc26e26f8ad"]}, @typed={0xc, 0x3a, @u64=0x2}]}, 0x2c8}, {&(0x7f0000000440)={0x264, 0x1b, 0x600, 0x70bd2c, 0x25dfdbfd, "", [@generic="7298394e78116f7f37797f6fecc1edf0748be5a7e60a176053ad6f59e3fc1ac4d8594f549f8c9b66f9a92a35c6e1083e5aef8e473743994ea39e0603fc05f3fcf468c43739b46cf4189f3156393460f4d7e988939e54f005f847257b2a62e89cf10c2eb8ef5bc9aba057ca193fb157eecf35af70a06170331870ed1e6ae1dcc496d025f8c0fb25cd0d0b693321888f5f036fb236139f1b172b185cd761c223666dd237643c0dd751c4826478d10e7b3d5995b8e707a9d1b7d337b9484fcce272957f392111f9d4", @generic="044e2042f4fe8adec9bb577436f509f9fd6738eb272debe610612fafecd0c00b6a9222c5b401dab0c39282cd7cc4f460ca46e7096b5b8d0bbf7e11e3ba3cbfe8644ba8fe1e5d05cb9f1f9bc06c96dd111a81c5ab54ea557eca482554a93849db43135cda32bdc14046f1e526cc256937639e6c33f2fa3ddf6cb31220034bb1b3fdbf15aa762126a045d2174a92f2685ef0f80c42c44bfcc0f8a6098e3c0a4627f531a944bf32d3910327fc88ee03ed5df04c5064c593d0c6284cd5cb1239579733f6dd575173e240a1491ae20701c65916b340b8dffda805", @typed={0x8, 0x6f, @pid=r3}, @generic="0c60f2fc16b7d181970e7513bf4c4eaaa8afb4f3049ddf73f2132486fe014a3357322bb408a18e13e6b6972134142058cf90982ed4c3a7789da8e58b101cbb940d2b15228199918ff5272224751d245d738e5b3acbd0c49d1d8662f387dd1b3119f96a0e923510eb5a2b4ab00a6692357fd0739f7f417972c5eba081b5b26fd53fb75a09802a0ed0fe9f6421119faaf65639dbfc56b956a877000d43e134149887d4f5de1a6435ef72e9ba5fee"]}, 0x264}], 0x2, 0x0, 0x0, 0x1}, 0x4000000) clone(0x200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) [ 2415.459622] ? futex_wake+0x304/0x760 [ 2415.463453] ? find_held_lock+0x36/0x1c0 [ 2415.467537] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2415.472139] ? lock_downgrade+0x900/0x900 [ 2415.476309] ? kasan_check_read+0x11/0x20 [ 2415.480479] ? do_raw_spin_unlock+0xa7/0x330 [ 2415.484900] ? do_raw_spin_trylock+0x270/0x270 [ 2415.489498] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2415.495150] __handle_mm_fault+0x4bbd/0x5be0 [ 2415.499582] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2415.504442] ? zap_class+0x640/0x640 08:16:33 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) close(r1) [ 2415.508168] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2415.513118] ? kasan_check_read+0x11/0x20 [ 2415.517283] ? rcu_softirq_qs+0x20/0x20 [ 2415.521289] ? zap_class+0x640/0x640 [ 2415.525022] ? zap_class+0x640/0x640 [ 2415.528784] ? find_held_lock+0x36/0x1c0 [ 2415.532885] ? handle_mm_fault+0x42a/0xc70 [ 2415.537134] ? lock_downgrade+0x900/0x900 [ 2415.541298] ? check_preemption_disabled+0x48/0x280 [ 2415.546334] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2415.551288] ? kasan_check_read+0x11/0x20 [ 2415.555445] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 08:16:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000240)={0x2, @time={r2, r3+30000000}, 0x7000000, {0x6, 0x9}, 0x8, 0x2, 0x100000000}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x200001, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000040)=0x3000) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) r5 = fcntl$dupfd(r1, 0x406, r1) r6 = semget$private(0x0, 0x4, 0x0) semctl$SEM_STAT(r6, 0x1, 0x12, &(0x7f0000000140)=""/208) ioctl$SG_SCSI_RESET(r5, 0x2284, 0x0) [ 2415.560735] ? rcu_softirq_qs+0x20/0x20 [ 2415.564717] ? trace_hardirqs_off_caller+0x310/0x310 [ 2415.564738] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2415.564755] ? check_preemption_disabled+0x48/0x280 [ 2415.564778] handle_mm_fault+0x54f/0xc70 [ 2415.564798] ? __handle_mm_fault+0x5be0/0x5be0 [ 2415.564817] ? find_vma+0x34/0x190 [ 2415.592652] __do_page_fault+0x5e8/0xe60 [ 2415.596730] ? trace_hardirqs_off+0xb8/0x310 [ 2415.601167] do_page_fault+0xf2/0x7e0 [ 2415.604983] ? vmalloc_sync_all+0x30/0x30 08:16:33 executing program 1: ioctl(0xffffffffffffffff, 0x1000008915, &(0x7f0000000040)="0a5c2d023c126285718070") r0 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) [ 2415.609151] ? error_entry+0x70/0xd0 [ 2415.612904] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2415.617939] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2415.622898] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2415.627839] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2415.632706] ? trace_hardirqs_on_caller+0x310/0x310 [ 2415.637739] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2415.643205] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2415.648243] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2415.653280] ? page_fault+0x8/0x30 08:16:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'gre0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xffffffffffffffde, &(0x7f0000000300)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x36f, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) [ 2415.656884] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2415.661744] ? page_fault+0x8/0x30 [ 2415.665475] page_fault+0x1e/0x30 [ 2415.668941] RIP: 0033:0x4510a0 [ 2415.672145] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2415.691061] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2415.696442] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2415.703724] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 08:16:33 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x700000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2415.711004] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2415.718290] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2415.718305] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:33 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:33 executing program 5: syz_open_dev$loop(0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x118) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000300)={{0x0, 0x2, 0x93}, 0x5721e7f, 0x80000000, 0x7}) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f00000002c0)={'bcsf0\x00'}) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000180)=0x0) perf_event_open(0x0, r1, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x400000000008) r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x0, 0x7fffc) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = semget(0x3, 0x1, 0x0) semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0)) getsockopt$IP_VS_SO_GET_VERSION(r3, 0x0, 0x480, 0x0, &(0x7f0000000140)) semctl$SETALL(r4, 0x0, 0x11, &(0x7f00000000c0)=[0x8, 0x2, 0xffffffff80000000, 0x8]) mlockall(0x4) preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000) 08:16:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r2 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x1, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, &(0x7f0000000140)={{0x0, 0x80000001, 0xa2c7, 0x8000, 0x6, 0x18}, 0x1000, 0x3, 0x7, 0x5, 0x1f, "4f27b3946d26ba4a9aa5433ec3c204040cccc1f218cfd447bd5929c263534c78b45a7f8a7f511da7db876993880ee487b7a12b8d345a59386bfbc9ddb36081cad8d214cac980bd592011b6feea2053e0ffef121f8093baca6ad51cb0db72f27ae722798f2590793f7e90f0bb92adeca977dfd7a2ac16ef577979563f9d5277bf"}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000040)=0x4) 08:16:33 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2415.838890] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2415.866959] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2415.918854] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 08:16:33 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x6, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:33 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x2000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:33 executing program 1: seccomp(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6}]}) mkdir(&(0x7f0000000280)='./control\x00', 0x0) set_mempolicy(0x3, &(0x7f0000000080)=0x7fff, 0x4) rmdir(&(0x7f0000000000)='./control\x00') 08:16:33 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x20}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r4 = syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) fsetxattr$trusted_overlay_nlink(r4, &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f00000001c0)={'U-', 0x1000}, 0x28, 0x2) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x3, 0x1}}, 0x30) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl$int_out(r4, 0x5462, &(0x7f0000000040)) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:33 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x88a8ffff, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:33 executing program 5: r0 = socket(0xa, 0x80002, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={"62726964676530007a011800"}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000280)={"6272696467653000001d16e747a700", 0xfffffffffffffffd}) syz_open_procfs(0x0, 0x0) 08:16:33 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x1, 0x90400) setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000180)={{0x1d, @empty, 0x4e22, 0x3, 'wrr\x00', 0x4, 0xffffffff, 0x72}, {@local, 0x4e20, 0x2003, 0xffc000, 0x6, 0x80}}, 0x44) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000000)) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x0, r1}) [ 2416.166688] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2416.173001] CPU: 1 PID: 23179 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2416.180389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2416.189752] Call Trace: [ 2416.192380] dump_stack+0x244/0x39d [ 2416.196040] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2416.201269] handle_userfault.cold.32+0x47/0x62 [ 2416.205975] ? userfaultfd_ioctl+0x5610/0x5610 [ 2416.210577] ? mark_held_locks+0x130/0x130 [ 2416.214832] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2416.219874] ? futex_wait_setup+0x266/0x3e0 [ 2416.224222] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2416.229427] ? userfaultfd_ctx_put+0x830/0x830 [ 2416.234022] ? futex_wait+0x5a1/0xa50 [ 2416.237848] ? print_usage_bug+0xc0/0xc0 [ 2416.241931] ? print_usage_bug+0xc0/0xc0 [ 2416.246002] ? print_usage_bug+0xc0/0xc0 [ 2416.250075] ? zap_class+0x640/0x640 [ 2416.253795] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2416.258906] ? futex_wake+0x304/0x760 [ 2416.262727] ? find_held_lock+0x36/0x1c0 [ 2416.266802] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2416.271487] ? lock_downgrade+0x900/0x900 [ 2416.275657] ? kasan_check_read+0x11/0x20 [ 2416.279811] ? do_raw_spin_unlock+0xa7/0x330 [ 2416.284230] ? do_raw_spin_trylock+0x270/0x270 [ 2416.288819] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2416.294478] __handle_mm_fault+0x4bbd/0x5be0 [ 2416.298902] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2416.303756] ? zap_class+0x640/0x640 [ 2416.307482] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2416.312421] ? kasan_check_read+0x11/0x20 [ 2416.316579] ? rcu_softirq_qs+0x20/0x20 [ 2416.320566] ? zap_class+0x640/0x640 [ 2416.324282] ? zap_class+0x640/0x640 [ 2416.328006] ? find_held_lock+0x36/0x1c0 [ 2416.332079] ? handle_mm_fault+0x42a/0xc70 [ 2416.336320] ? lock_downgrade+0x900/0x900 [ 2416.340483] ? check_preemption_disabled+0x48/0x280 [ 2416.345510] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2416.350447] ? kasan_check_read+0x11/0x20 [ 2416.354693] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2416.359974] ? rcu_softirq_qs+0x20/0x20 [ 2416.363958] ? trace_hardirqs_off_caller+0x310/0x310 [ 2416.369073] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2416.374620] ? check_preemption_disabled+0x48/0x280 [ 2416.379651] handle_mm_fault+0x54f/0xc70 [ 2416.383723] ? __handle_mm_fault+0x5be0/0x5be0 [ 2416.388317] ? find_vma+0x34/0x190 [ 2416.391886] __do_page_fault+0x5e8/0xe60 [ 2416.395954] ? trace_hardirqs_off+0xb8/0x310 [ 2416.400383] do_page_fault+0xf2/0x7e0 [ 2416.404190] ? vmalloc_sync_all+0x30/0x30 [ 2416.408345] ? error_entry+0x70/0xd0 [ 2416.412076] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2416.417113] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2416.422053] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2416.426986] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2416.431839] ? trace_hardirqs_on_caller+0x310/0x310 [ 2416.436880] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2416.442344] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2416.447391] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2416.452416] ? page_fault+0x8/0x30 [ 2416.455963] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2416.460810] ? page_fault+0x8/0x30 [ 2416.464369] page_fault+0x1e/0x30 [ 2416.467825] RIP: 0033:0x4510a0 [ 2416.471033] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2416.490233] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2416.495605] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2416.502881] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2416.510150] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 08:16:34 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xd000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2416.517423] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2416.524704] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:34 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8848, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:34 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x800, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2416.600852] bridge0: port 2(bridge_slave_1) entered disabled state [ 2416.607690] bridge0: port 1(bridge_slave_0) entered disabled state [ 2416.615102] audit: type=1326 audit(1544688994.447:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=23172 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4da code=0x0 08:16:34 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 2416.664388] bridge0: port 2(bridge_slave_1) entered blocking state [ 2416.670838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2416.677643] bridge0: port 1(bridge_slave_0) entered blocking state [ 2416.684076] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2416.692863] device bridge0 entered promiscuous mode [ 2416.701702] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 08:16:34 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xd, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2416.735164] bridge0: port 2(bridge_slave_1) entered disabled state [ 2416.741724] bridge0: port 1(bridge_slave_0) entered disabled state [ 2416.749721] device bridge0 left promiscuous mode [ 2416.757935] bridge0: port 2(bridge_slave_1) entered blocking state [ 2416.764475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2416.771197] bridge0: port 1(bridge_slave_0) entered blocking state [ 2416.777653] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2416.785207] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2416.789776] CPU: 0 PID: 23203 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2416.797154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2416.800589] device bridge0 entered promiscuous mode [ 2416.806530] Call Trace: [ 2416.806571] dump_stack+0x244/0x39d [ 2416.806599] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2416.806635] handle_userfault.cold.32+0x47/0x62 [ 2416.806672] ? userfaultfd_ioctl+0x5610/0x5610 [ 2416.812488] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 2416.814260] ? mark_held_locks+0x130/0x130 [ 2416.814278] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2416.814294] ? futex_wait_setup+0x266/0x3e0 [ 2416.814325] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2416.814343] ? userfaultfd_ctx_put+0x830/0x830 [ 2416.861962] ? futex_wait+0x5a1/0xa50 [ 2416.865774] ? print_usage_bug+0xc0/0xc0 [ 2416.869842] ? print_usage_bug+0xc0/0xc0 [ 2416.873930] ? print_usage_bug+0xc0/0xc0 [ 2416.878025] ? zap_class+0x640/0x640 [ 2416.881758] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2416.886880] ? futex_wake+0x304/0x760 [ 2416.890697] ? find_held_lock+0x36/0x1c0 [ 2416.894776] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2416.899382] ? lock_downgrade+0x900/0x900 [ 2416.903546] ? kasan_check_read+0x11/0x20 [ 2416.907703] ? do_raw_spin_unlock+0xa7/0x330 [ 2416.912138] ? do_raw_spin_trylock+0x270/0x270 [ 2416.916725] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2416.922376] __handle_mm_fault+0x4bbd/0x5be0 [ 2416.926813] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2416.931669] ? zap_class+0x640/0x640 [ 2416.935392] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2416.940323] ? kasan_check_read+0x11/0x20 [ 2416.944492] ? rcu_softirq_qs+0x20/0x20 [ 2416.948484] ? zap_class+0x640/0x640 [ 2416.952202] ? zap_class+0x640/0x640 [ 2416.955931] ? find_held_lock+0x36/0x1c0 [ 2416.960006] ? handle_mm_fault+0x42a/0xc70 [ 2416.964247] ? lock_downgrade+0x900/0x900 [ 2416.968404] ? check_preemption_disabled+0x48/0x280 [ 2416.973427] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2416.978381] ? kasan_check_read+0x11/0x20 [ 2416.982548] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2416.987826] ? rcu_softirq_qs+0x20/0x20 [ 2416.991814] ? trace_hardirqs_off_caller+0x310/0x310 [ 2416.996924] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2417.002468] ? check_preemption_disabled+0x48/0x280 [ 2417.007513] handle_mm_fault+0x54f/0xc70 [ 2417.011588] ? __handle_mm_fault+0x5be0/0x5be0 [ 2417.016181] ? find_vma+0x34/0x190 [ 2417.019744] __do_page_fault+0x5e8/0xe60 [ 2417.023814] ? trace_hardirqs_off+0xb8/0x310 [ 2417.028235] do_page_fault+0xf2/0x7e0 [ 2417.032040] ? vmalloc_sync_all+0x30/0x30 [ 2417.036192] ? error_entry+0x70/0xd0 [ 2417.039916] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2417.044934] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2417.049874] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2417.054808] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2417.059661] ? trace_hardirqs_on_caller+0x310/0x310 [ 2417.064703] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2417.070157] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2417.075184] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2417.080209] ? page_fault+0x8/0x30 [ 2417.083755] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2417.088605] ? page_fault+0x8/0x30 [ 2417.092150] page_fault+0x1e/0x30 [ 2417.095609] RIP: 0033:0x4510a0 [ 2417.098824] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2417.117735] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2417.123099] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e 08:16:35 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x60000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:35 executing program 5: socket$inet6_udp(0xa, 0x2, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000480)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000001940)={"a523fb9656eb871ffcd7ffeb51d84e738a55eba841ae487e33cdd921e8a51ce6c924020f0ac3562dd8cdeb31deac16f46da4ac16ee8165bce439eddce671c5b0a1103ea3f86a43cbb78504f6f9c77c2f09dc27632ec6036ee52a87e321e707c0cfe15576c26d52d0334c8d4693e127b3a046a5ed7796c9c5017cfd58ec871ed76369846fea9ebfa2f7f96496abf4ef57ed1ecd930eb9e13396875f01e932804ffe8a34c8fbedd97cdfb3176ec59fbbfd20a6ff17795431c341a35eb0f5f703480a5211cc6a7e2084e4a9b6aedf60b7b8084b00ca2cbed255b4cc4679c967432fea5e95119f9635e94794aab6ef54f290677fa08d0ee2cc8eae468efd02417055d3f3ccc86b629dfb878c4d115c16c75fe352cffa93648cf49577256b5d2faf0634335c97ffff966ae90cbf81250df3613c25d2789c869c9cc95a6e9d364c4c684059c593f9950e66cf81cd9f36d73fade4f0cbb795010364d13ff32c12efd91d0ebb6533700945f2db6113a630bd521eec89a74c46e1733b72d6e4d2ccee3b40f99809a9a4fb5fc2d1c53e1366d455bcbe81893100ab56b2556b55c1a0c5787356b464c3bf7011488e55f587a6d4420d46d69a74ee5bbfbcb0d6cb00aae8c3dfd6dd2e9f76d7a542f20553207b668dce69f1b463ee9166e81bb109f461b8885f15c9e525d72260ccdbd69e3345612158114780b9409ea856cb724faa6ed27ba836b35c10e7c7d43f2fa34f98f16a00f31565e16a213eaf4a7f438c89733ebe6d16328b930fd942bc64d631dd1f2aa1cc2ccdaff2324076c83e1ba4d2a0e40e010c96b42e7a4a76cd7a89ef592b9b3030f62d9fbd565ee5908ab90b42620b61e5d1e08621a31d21003cd12a450461636472fa64a7e1b98778bfb482fb4b4da31b42ee98b10f9c0f4c085d08c37ee2e3a9e4a5aff72a0ab844fcbfa224842c85f6cdfd25829c44760e3859624f891df4824f7d17938ac2dee1412cf3083e1d5ee2d29b63267ccba535409da7bef05d3fa79a3ef037ee609e01ad345ee17f48b5e8510f767de35df4dfb856f7533ad88866c6b01fe345107ba7191a8809e2e014492acf9c4f35cad664198a65c55f884490f4b30b4526324be842c393f336f16bea2bf6c6b917fdb751e12ff689ab4ffa44625a8b2bc1de4e88682abe5ce9d1942792747681ad23c31046d825140987f19a9cf10323c3f50a20f35a6d1dd8ca6758296b4537a0da1a853011b777623c8774b3689897cf9264a7782470847f36a8093f04000000663438ab39d8a777fb3e10cb4a2402a939a98d387087c5ca5fd8fbc4d96ae698b5bb84a0a8484e2b85743e623a033eb5b1889ccfb4b95885bc69d4c1cb819b95e7923e557c9ec9ec10e94d1e1295fc2f256fa095036f6cfc04c414fc57fc72c120614a586089c93741e97a61c46600"}) getsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, &(0x7f00000002c0)="b9ec090000b808000000ba000000000f300fc76b07dc920080000067260fc7ac0b000f3808580026660f3880a100400000c4c2659f5d0d0fc7af0e000000660f01c80f01cf", 0x45}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2417.130380] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2417.137652] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2417.144922] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2417.152191] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2417.201588] audit: type=1326 audit(1544688995.027:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=23172 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4da code=0x0 [ 2417.247444] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2417.271202] CPU: 1 PID: 23216 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2417.278594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2417.287955] Call Trace: [ 2417.290565] dump_stack+0x244/0x39d [ 2417.294222] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2417.299572] handle_userfault.cold.32+0x47/0x62 [ 2417.304273] ? userfaultfd_ioctl+0x5610/0x5610 [ 2417.308880] ? mark_held_locks+0x130/0x130 [ 2417.313165] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2417.318197] ? futex_wait_setup+0x266/0x3e0 [ 2417.322545] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2417.327753] ? userfaultfd_ctx_put+0x830/0x830 [ 2417.332358] ? futex_wait+0x5a1/0xa50 [ 2417.336181] ? print_usage_bug+0xc0/0xc0 [ 2417.340256] ? print_usage_bug+0xc0/0xc0 [ 2417.344337] ? print_usage_bug+0xc0/0xc0 [ 2417.348431] ? zap_class+0x640/0x640 [ 2417.348450] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2417.348467] ? futex_wake+0x304/0x760 [ 2417.361090] ? find_held_lock+0x36/0x1c0 [ 2417.361118] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2417.369984] ? lock_downgrade+0x900/0x900 [ 2417.374149] ? kasan_check_read+0x11/0x20 [ 2417.378302] ? do_raw_spin_unlock+0xa7/0x330 [ 2417.382720] ? do_raw_spin_trylock+0x270/0x270 [ 2417.387309] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2417.392967] __handle_mm_fault+0x4bbd/0x5be0 [ 2417.397396] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2417.402251] ? zap_class+0x640/0x640 [ 2417.405968] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2417.410919] ? kasan_check_read+0x11/0x20 [ 2417.415074] ? rcu_softirq_qs+0x20/0x20 [ 2417.419065] ? zap_class+0x640/0x640 [ 2417.422788] ? zap_class+0x640/0x640 [ 2417.426514] ? find_held_lock+0x36/0x1c0 [ 2417.430589] ? handle_mm_fault+0x42a/0xc70 [ 2417.434833] ? lock_downgrade+0x900/0x900 [ 2417.438992] ? check_preemption_disabled+0x48/0x280 [ 2417.444016] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2417.448949] ? kasan_check_read+0x11/0x20 [ 2417.453110] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2417.458483] ? rcu_softirq_qs+0x20/0x20 [ 2417.462462] ? trace_hardirqs_off_caller+0x310/0x310 [ 2417.467572] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2417.473120] ? check_preemption_disabled+0x48/0x280 [ 2417.478149] handle_mm_fault+0x54f/0xc70 [ 2417.482220] ? __handle_mm_fault+0x5be0/0x5be0 [ 2417.486812] ? find_vma+0x34/0x190 [ 2417.490384] __do_page_fault+0x5e8/0xe60 [ 2417.494453] ? trace_hardirqs_off+0xb8/0x310 [ 2417.498885] do_page_fault+0xf2/0x7e0 [ 2417.502693] ? vmalloc_sync_all+0x30/0x30 [ 2417.506845] ? error_entry+0x70/0xd0 [ 2417.510570] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2417.515590] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2417.520526] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2417.525461] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2417.530309] ? trace_hardirqs_on_caller+0x310/0x310 [ 2417.535377] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2417.540849] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2417.545884] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2417.550905] ? page_fault+0x8/0x30 [ 2417.554458] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2417.559313] ? page_fault+0x8/0x30 [ 2417.562883] page_fault+0x1e/0x30 [ 2417.566338] RIP: 0033:0x4510a0 [ 2417.569549] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2417.588454] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2417.593821] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2417.601091] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2417.608370] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2417.615661] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 08:16:35 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:35 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000040)=0x8, 0x4) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x5, &(0x7f00000001c0)="3b043c445bec6d936b338dda7c1f7907ec22e22d066d7b3df1e00f318de715da971d4d3d3214450b20ede219dd51e1530b9b6e6cfe0bcc5d7cde912f586dbfe699360e4bb21d4aa855d806906a1bc10ccee0f31f8c51c606a1359ea03a15a4507032c19ba63c34f687ff79f8d33f1f8fc275dd191d8132b5b499c9ebdb1f72dba06e0e3e0c0451e03bf9c9552b7086f40202ebb743b525482ba801fb3e04fcddcc9b782f98828603fbdb096ee5fbce668f807c9d4044046a922d23d61ddb3f6dd0948ecba8dd61efb402611b9d6b8f9fb81a72af0709322f2c62d2132eddf2b97a8916c96e9d8a860fada95ff44a7e7fd450ff65d1613b7170b0e44b420b7926f5b947ceba88b6baa78e2536c14d400f1904f3a19084d317481239028d23267d4bcb91cb06006515468e30a1bf6433356844fd5fd92377816b60bee115dd992c68c56a2873990eed7e76ef19b0d89b1e728f4ec5eb7c70209f120a8c59ed0848cbd5be9464354fc6878cce9c1ac457feaae7bfa9091d654e2d9d108af78152a8c8a604ae676951ec9bd1a8c0fac03979e94dbc774a527c9478a165004e6588ef76600396129f3fe653a9eae2581d32aea9e8b62b459fccdd679c678c81864ea28dd88659eaa4b5632880a8d2b7151b352fa5de083e710e81511ba9b4f362f8f82e64dc975e1c72e0b7f108a2b113d288c50dd5995fbda1f1c9cf7caf46f76f4b0f23a50f80f4557513a2d9b7a92607e339ce179d40c8fc67fccbf4ca55942c5e7110a7a095a9989f4fe163e00f88028598a14271781135836ca9deecc40b593f8e0c3074ab3afa29abfe5aa56ded56c66353b0f149aefc2c336cf63c0c7b3dd722afd3aab15910db542cec87acd3f5f56aad02c502e07341a696bd5b842f9eee1cf724f2be4e28863b10b6eddcd9d55e43371303b933c6cecb2c00002ebaa6d2aff8996e9494fad26c7f32cf1c107157cf697f8fe7d9a6e11bf24924f7fd6ea3e06b845d687a9553dce1953bcba11611176af2a3db1d5a69fdf16c83f12af0bca33ee3eb0c90524a7a1a70d5257a56fbfa1a1b204d84659d89b9ec46a6adf09f243d3d6d1ce6c19cccd33d61aa145dffcc8bc0e654845fe7a23678f692e993d878c89ac07ba2b7b1695ee79136e434e479e3c0aeaac7d9c50122f591be01427d0faf6bb10e029745301509d337438a2e8f8d7202d6e6ac6bda90499cb0e6144b7faa226b79ff69a3bb58a2b88a4c8a56dc1650642e857158ee8d2f7aaad25041c0fc7809c667f5bad0d6377dc0b76406321957fe1535d094e6faf1cbcb75063e23ad5f879cc7214445bb46b0d9cad81962febe85eb04b49ae4770c8cbc25593c2c8efee4c5379f2d6de98e63e84efc188ba0148d7acdc8c3f1ed6b8cbd1e49dfb81c18590c2d09f53ba5b267442ba4d90a5fb52e3d8924cbecdf1bbf3bae69cc5bfeb12ebf8d6ab846739b4564d95b9a88da68820de8c32938345fbfe8f9b6ead852e5ab8b09e887684b08300bae1ec37d56d0d932892309cc1312daf32edd6348557a1ecb1ca891b609c4a6a59089078be448ca6fb0f36115adc54fcaa78f9951359cf2f62b5cbf0db348f2c3b7ca4d1a964862337666666faf23f84cb6abfb6783b6e60dc724c03a526e3e02ad58e9e2036df11afcea6163aec3fc8819f6f213638e0238105f7b92409f5fb9223b6992d49ea83698f455b03bf8522b16a1fbc836a86fdefbe009c7d1feb85fb21ac3e92f5400c4387846c32b451293873d1810af93d2dba35304d3a7db4865937c8c16cc1fd18dd2fcd4223ba5e021eafe53d2a3ce49c2385b904b1eae37d0ac053936db8d9807656e86ab90979342d27d3c050c37d1fca23c9f0ace702b60fe0ace54caf5c1c8e573e679d4cffa5bfb6bc1016141dd6984d39d243de837544929d77e6475c7a330ba314aa2506a53952fad44c85164b0304cc034530e706427a65b24121cf1775613fff686aadadb568f4216b557c304eb27d0c456405add819b24df273160aee78c26e22fe42c40452a67984db57cf3b2411b776d82fa3f1247867f856564e9e47b3a0cdbdc5046cd6dba14b43f18a89f3cb0ad53f3829fb56d7d11199ad7f54f54cf97f64ba88bb0f3dbbf62381a68baf2491dfaa905caf88e6f3267ada808ab3739fec573a6bd6cd1a03a7553bb99ae17418f68ec7eaaf90461529029b94e77d2400757aa6b5c29e932c834c052d0a692dc7039f480e13eeb08dd1a9ab29ec5662d8c765b2d49a9dec3ea6d2402efd2dbae8b2b3b1326ffd57521b68f7e678d4fbf7d3ffd23e5be1685d52f9235550de901a4e6e8b544af30b888ad4b5f4d735a85f59412f6691b117fae0abda7fb60dd7b4bffb7b589fa190d99e78e894d27f4f4e3d7313488bae5e37a5a46fd7d5778432fa6d689bcc94cb64be117242ce71357c83cbc4ca2ceac98bb1c785c9045a488ee55ce9f07111b88515c16728e0f05ab5fd14b40394ab1d400c800a89e1a108e2105344e56e399d5de2d535316531c56f8e0f6311fc0eba1d3c06ae6b86827c97a9d252cc9f9d56374d91e89548d04c87c88bb17954cf4cc97fa0007b42f8099120610091e77ecd3621c35858b48ed5607b54c88081f57fcb770ed7656f2c939d568bec1c1c636f48f093fb1d5eba7fdea310c5cfe2553a719f00052b6c31d9ade2c77ced0ebf84c6063c7999bc39494923c7a2b87c1ec35c4c07e48018913655465bf72f574e96649a4cb868d6e46564f1afa12b0f4bc1b6fdac4f70d21c51832cc0f867eb2926348ef22ea2d3888c3e580112a1fec77907e9d45c85579a748aad7ad2073492ad1aad70eefb2a3459a0f982faaf69753323da9201b5eb6dfca02a02b28c1d56f91fc3229ae8f2b40f2be06317493814b312394a94705586e93c37adb364466466b27382553ca33a234a557ee6bfa37b4ea17b3f1c728903db11b700b5acd02c906e531d1f55708fe178f5daf9cba1152ac369a379d3f7e920a50b0bb1680968f89646518f5218d2cc8fe480e7c2d9266706ae2c5d960ec2c3666d6b0b7560286a53742a94fc9890325f28898d4f7ba1dc08121b698402e9f04ce86bd5c6a73c9c9505e721d0d68b7a0dbaf93091cd337d3d46ea6ba58681dd2828b2e2011866aded1fe592b845de142582ff0f44595386892da2577f717392da9ce3555d94fa4003ecafc933cb0ff9ddcbdce163c84c8d8db687f094f8f1f909ac64db8a410a5ec19cb326d4352aac3a233d5b4e2a6b8e9eb432fa605076e7099948fee3ee03796123bb8d62e19b037d080c67d05f0ff02889f95b6996ebc918973f7f67c16bf06462e2680d62e3b9d8366b044a57fd7cacee5da70106897201cc4ac058053e731d989ee4df05bd48aeb47e2dbd76b38624ace4bd15e4957a6662475d87503f5da4a896c196764b5a8bf22ee45034bce1da0374a5e7e4a22152b0292b64be48d7fddb7a641e12d84a6b91a0fc57bc16f81393dd4c80fd7a18c089a7054cf52c8c7dc131f7ba5ff6607038ee72c46642d84ced25010efa2f7bf6ecffdc0e03de298cb5a74c03a8caccc6a24f9bd16c58569c0bc12fe1c501553029c30c38b25eb127ca7ee0d7796e66fab94d9fead612b14c7ddc3408e086bdc8fb1ba5367750a00d90d2d5ddf8eca54f0aabeafdbb670b63358030e4fd6615a0f7da139c72fc1a9d9968e4759df09cc29b91eed8dd048fdaf664a8436b5f93e3eae8f71191410d3fdf794699b505a56264e394086cb840ac582d1f4a65fef9804c67e26411dd75f9b6f221505007efdfd548f6f0f2aed0d8e3b5095aaa516d118ca7dbc48cd51b44f712da2677c61b273da9f4cc79d90c31a1455e5bf7338d55775318f5b0a4bd4e65132f6563c9fa0d517169de635c333a9a2ed8068d236cddeb4463e2ecc0a65c777211a99f3c7ea4806a4f57afdfe63b982f2b5efda907a5327806330e08fd5c832da2066d3f0f00296a54c97c3f8bf8023624775956869fad9b5eb84173ffd132009479d704bc30c7fa6ffe89fdd9cdbfe85257418bb742226ff98ff80b6af802feb40be4e733e18dd94ddbe8f089d12599fded77970a3937772c3fe33bd61c9e1d48dd7e1789b7113637118d2fdfb162c9e9a7109c1f3ebb63c7820bd6197457e59ff0d5697bf18cb44831741205fff3025bc84c2920871f44a0c86ce30343cb5bc26c4e6429937c90f223c1f97209a29e23d0afe9d7e7720df1fa0aece6a4d0962464194fd231d395008fb946c95a231239040aee206c44aef8ca0dc100dbc16bb54e41e7bf5f0cdf94989fde9aa9d11d69f64bc09f3eddbbdefd9087ddb1b60c3d3e373814a9562ecfb25a061c8129dfbe9f70760f98a72ea759f5f8ad5d3a09f0847dc9c6cf8e105fb4fb29c0dcf6431f9e9952fba930a3f863cca38a9f74fbfbfb121e425981be3165e85e9776c922e0890d3a276da48a01f02a9a1844401661674bee81b386c761f242947843f8c21639643be084d2c66cae622d3d709438a7e283c5db29eaa66182f917395f0498ca8d56fb1a63cba050bb2d8eaf9f58e787f9b8e8ebbc18fe2d8ddcecbdf9a863af3dcbd248148c73b29364cf394182f937d8e6554c3cdb16066ea24b994ed1efd08a5302d02ea9b609226d2f30704c5472891bfabe05a54bafeb68eea9f490cab66f9fbef94c06d894216dab2391bcbb43d1cc66f7ccd8c28848d6acb98f0704683461b49d8bfc7f148067074471a4594522697a83511a110d1ab62923477c02007da7eaa7b203e1f34c75a186385f17ecbecb17f78c137ffba843a2ef22bea05ae99419b374d197f13f6ed5ab2aa46b394dc80c4a40c7f9538e3fb6922a8a749dcabdd27e2f4ed57fb3764275ba549d3bfd3e106ca87f32b4f69c4bfafd58f69ff96e4b180d89d426598e640f4c5dc894bf749adc983d197c39bba76fd53946c4ff80b3221323452e00b9a3094c16f1311d455599694ab3853fb34480ac1b7c905874f583f7a0a2a80234cbcfe12461e0b5f3cef46cd2e1e77d34631f3382a81cbeb23c71cd5a46140cde7c2265505336f4c3c95275dcf8fc561aefb4c62fe08be3cb944e79dadabc8335cd419a152b68718443e661210d0ecdc720517793dd6d501099d6d7f002eb1aebb704f4a3314052555749a481a87a831b104b5755c90e288f5a46c537e27d9c202164952efbde8221a8b319a3914a4b458b66d4fa630ab9c3c7a4f17f6f434976dd13cc247af90b848491fc4fae8a7add372f6bfd642bd54029c9ad5c7796719a16db7fe954e1a207b0a4a9cbbb3a1ea815dac86f3e4191f99bf881224f09a6d3d3fbbfeb9aae10ee1276a8da953770a531f7020e3d2aa54925da7c2fb751f76cf0b524e4b35f241e501f6eae022591197e1ac489feef47b10e32c00d23ad150be402681b0aa1c5a79df89acb77c3e0f99c65cad8ff80f2d71bdddee98f8c6125443137cf67c9723917d1298fd1396edecf0c1389f5b5cb74547280172a3f6bfd07a0adcc0666894ade9f8c23affe53f985bb95cf69a0d0114e93407d25c9d83e3ea20812999ada8f77272f87c03b4438e9a06ba987204036bf34bf88b811a1428a0d0b3e3f8564245728bf028c89f972aa249fce34e8a0f63c36a5de32eb001c636f7e83ea22f6ed37b5dd2d481fea2489498a10444e85bbcb357631bcfaa8f453307f23988c19ae33ecb07a75cd495d75fe762489656bf35c31c57e5a48adb31aec4baf4a2a58b5b5de49aed4adfe3367ee1e1b74bccd6f265da942c45ba3f528ca788d1eae63d28da66fe9796d68cc7bb94") ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r2 = fcntl$dupfd(r1, 0x293d6083da00fbe6, r0) ioctl$EVIOCGNAME(r2, 0x80404506, &(0x7f0000001140)=""/117) ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x6) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x80, 0x0) ioctl$TCSETSW(r3, 0x5403, &(0x7f0000000040)={0x5, 0xffffffff, 0x8, 0x9, 0x80000001, 0x8000, 0xf5, 0xfffffffffffffffb, 0x9, 0x80000001, 0xffffffff, 0x71}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pwrite64(r3, &(0x7f0000000140)="9f3bcd01c74477cf93f38593c01b170bc14160921f792311bf6ea430c990c0024c89c2aa30655ffd94aa2fb7a67145f5ffae21e76354e2ab96e41a9a9544a75f67e5dcd4190431c66a4d3a331dc618a07db8c499d0cd94618a7c0539093949e2cb5f87dcc72aa401b8bdd3bb790fd4c5a22c2ff6325f423436bb970639ff34a8ce09400cce06287b2b077f12afeb934f020d2c81ceee119aaeb203074097a388ab941f9bdaeb87ea024d12f485a6fdcc36ec51b6f60972d578dd8e179a7e8b4e0d9f7fdfe67b6a533e99b48ecfac662d2de5d33df68d4e2508d3479da5ecc60f0758605faf3497356c91e1f4b99a4d9d63b76cf4e21cd312a2d7d806e38571c3d6f71a8b03801d0a61159b4857123e4e30b15a4d94810fe1a5b0a36105b395ff2d3bd0852398b8a2a1b02a37ddb53a38e1232b6ec11fbcd977eaeacd091d31af13ced9f5ea059bed53a04bd5c85284d5ccd93e07951239891b023d02044ce1e2261151669d419553b6d3a4e842245439869babdbea409abad7dd1e58275366559b77f12a2b263810f968286b4655429625f564677b74d06346df690da16b1fcc549e6df8b0f1e4a675bd9dca66fc19aac6d41fda4533ae3e8737fc42bdcf2c39ae038bca267cc59419d60ac0fd85728913517771c09b91efb9b4a1906e18135fc1d8c3f76fbfcca475970ef55b2483eecdc76a205ed0c5dd903475e742b31f560ab752d067f5cf14fdc8af85b8e36b5dad48b7dbacbd1973812c2343aa7873622f54d81355fc31b866de0243af61606fd40e99e7757e7ee1f00e5be0fcc378c617a1abee0968c7cad4ca6eed73f32115fed6519bb8d455fa8ab2d70a33179224109ada064c0ce1cc7da095fe1d1c58a22386a371dfc15254c25b036e780226a0c24946dc414a3e2e640794c4ca6c486504bd5f547e0ed2cef51402bdb0edb5aa7c01ca7e6bac3a3bb1801286d4ba0b9d8518383dc645536f227af7a703b0dee4094eb1e704ea3467fb5af275519295cf65def9be2968b1fc50b1dc44c0312e4092545d4578e816bdf738c7517c0167156ded5a91e6815a7a56799f4e8cfeac2f82ed62440ce5bac82ba328fb8d3f7f55435c6e48d9daca47f18ce04a04433178fd2d289d561611570d35baf3f011a5a1480292cfa0a422398cad7ca82f757067c8356e481b0cb3ea72d103147b4a61dc7e84958e0bdc7a69a2add05272e5b6f70c1862551bd6dfb70f26fa2f1d7165c2d66be76f885bee877c20019bb2b31b86def40cc70a9864f405ed92e123b23a08c3eeb707fcfe24b6194fd49de2fc1b5c34ddb2495a19fc266e40e9cb1035c38284bb095f90a536553dee8317d3b59c32aed77fd57e5b990942c76239cb57e96580b5299b289fa40c451ab31ac8b8e83146570824e56279aa64781d229903c75336f7bcd9b9484b5d9c604668bc9bcebcb4dae60a82cb27cf38f443054aa6a87303a2c7a778ba2442ff27e5e6cab9792e58cf2795c59f6ee41efc4dddcf77cc45ca749ee838e806ca0caec6280b037066790cfa028f6c4897d19aa2d7ccb3643e2e3256cc18e0ea441fe8b845c89ba16c94d054fd83daf1783251328835dd436440c4f40e13354960e3336aa5a790d49417af7e3c6bb91454657f63b1fc1223f09477db82458879540260cd8fa59b7952aa6fdcc06fc3c8f880883c489103111a3286796a1db01386d8464b1ce3a259d31c5ec2556c7271b3f5d3eda1342c57bfb852485f97d1b05b654635db3bf2f7acaec6916be567cd0914d9df7e87101eeceea5ac8733b7306fbe6736cd104fae435500752786f483fcdeafe71a23c83954d4ec17ac50d63b4a4a2f9b46b6298bb2c1b58acc91ad221f9cf29d37796089df0d528e50fe769bbf95fa400d0efeb85f9928ba17d04fa6fd03d3ff422a7319de54d39de183e9e79e1070e82fd579e2e72c917762b1d3a916e748e3468548f0e4c802182ed84e22e304129b37cc6755409168614b24248c57969d265ab64d311d97aa7e1ee18df3a001e12793276d7aeb2602c0f78ef973ec25067549d90778f8d640fee79de92c6ba550daaf2e48fb1e3394db9441fd6723add375688e48652f3f04cd4ab15af9eed4f76f9f554fb236b4c51a53f8fbc5b549f728598e76fbbb9a65cd8d69091de758e877c27aa36d52c9a0ef07a02fdd9eafa8334602d4d132ff5e6006cdbd49c1eb61c7bbcfbffae72b54c29608eae07d11ac69669d9f8e0b67eb50b26b36b9673a500d65f06191cf37157773b277210037b31dda11d651ee575501745f1bac435e493cbcdef92fcdb83bde20acabb82092537633d67eece68af338f01dd615a93dcd2fae00ff7749b4ef97decd463240df51ef6bae98ac20b530519a332bee99055cc6325e27b4ab2991ac0d8b2925c43aa4b9f3468baba81e7dcfd9d7793d93d5de4b3de47a730cc82b3e82c28e625fbcd8d9108d71ac3ce227a2eeca8b5d4b5617781df863dd7ddfbd413904c5ae5f6e38a86cb2784047ae8f475fdc724fc8151687cef507c8a52b76263d5032029d6f943109c58bbd9fd9420b0cb7b4b6b6e4fac516e95ca7ee90c1b3cc793f713f95d802fbe7277fb33a74b35967b84545c44788a459954b3dd2f8563619393fcd411ace94760e4e8075e39daa2ae3e7e0686e802e29bf1aa6eecd7d8868e3178af245645f85174d04b9d0e72ff6e8f502502d992c5c6130ae9b14c0ca9d40f6b29bdb04a80f89de849b424096546905c73b1f5ffe6966f84648704721e9d928f26c059ff1a57705097fc77330f773c8353423d48f6d2973d73996df81ad818f25dbb924d186d55f3c0ee15916d0e5716672580fa578e3b23ea44472c71356e2f3e97c722e6a2a8074285ddc22c6f765b04195cbcfd92c63674a6e86d658505f75cf8b5f61d56d009ee62a5ec3277d9da8ee4a445f51c0aaf034b5d74c0a1fd864895a62535f4f8ce6f25e0c6527722e45370478574b9a5e337954c7ab552d6d8e3deda0161a5451e5a29f86bf3f362197b6b9dc4937e461172164ea3dda088296889bb48302fbf219044fd34a46b1a403ebb900341e7fff78587c66f019d66607afb99437cbeb6c9799ecc72b0057a83003a941f40aa158159a13b5f30e75693d7a59fa70d4bb544f9c4ae4a73c961d863ca9c17eead544be445ee71fdcaf945a89ab57aa0e5910fecb7286fd57c32acdf20a6824d0fd1e132ca6bf275d032550b761c3be3e2403676ff6dea5f202f0e750b0aed0561fd6a906d56b674bebbca054fa89125b85d582e419485e5096e334531ac944dc4979c8c924ad215289dc5a81c75bd1d0fdfc8c17d6a4a1d8676a2e7b01775bb63dcd6ba43397102ad5d29c7ee0702bcf8be20cc2c0b3a31da5f683a5c4bb951ee2fa7d5cc9ddd6f142d4912ce7c2a1d5f5833a5a2c71a2f291be67914db29ee0aae983dab81c4c8ab7f139dceeb5e85c9e333aec0cd5cea85f1c2a4f385eeecd17283e90f022e1654024ea4ad13db7035821cef937bddfd7f556d1abfb872330ee61431c1ad24c8a54200fcca108469637dafe8e2c8dde08d2b2e48823d7b30b3e08ac138c3d233d4d75c6a8f7b377adaf82ba556d3d149062ca617016602d24366b4bd7b617c77f1bf45dedf0a154475b2855707a0563db1321f1c4288af63bcf5d0f18c39af5dfdfbbbfee77eb4f193b8688aa233a7e06c4ef4eb2916cd3b4823ca1d0899eb7f8ba5b54abee30e18637b2f5c980555e089086133249b04a5733f32c7b49970cf37d1ac50e052590031e81e0a8bb8d04538febc3db714713627fe5b7f031797bc1cbf547c1f4a112ed6c91dbe1e61d43bfb8fd283e54460082bad1ac8eb4b72bfb15ee5917ef4f79431ffdcbde16af621786d7dba3271b759c64704232e37598e8598cde6d607f8a1f22076693f06518fe2f580cc9cdd527c696b0327af41ca6b56ed9629e1d5ba39f77d6a298dab83d7ae57d796fe9ecbd1806c41ccd0a604b8af9a045ba6a8734e879860895bc5e545e9ca23006af6e8b2a8b1a6cb3589ae2136f6eaa9c1bd298504ccd29819ec1f1b809adadc9569cbb4d374fb22f6a4a97812c14a7b0764fabf8b7eaab97af2f91b9e8a2ab045abe87015de1b8ca35e8a14ac431da0ebb5b0bcf2db6d746c3a8e7a2d7b16de0d74901da7ce74b0555dddf8e30e96c8a364217115f0cfd8e94d351e22cfa71493850584fbad8350f79f7481991547b09ae7f168c65c7946d4258d5d0f298941ed3856d5b3d9d5995bceda1a5ec1704c366c8f06a1f9fca6fa3866829a6c01d2c20fe5f3408a5e21faf3cefd0f06834fb7eb532c5f9d09c3e50c3c406d198299afc0c28bbc7b66792bbbb1d7d9fcfc84bada1ef163ad4be538bea3840e0cb4b41428eb7234abda2236808e8a97eac6fd10ff605c3048aa8984137a2b4c554f7ce73cfded758f8e0b5bec2fe3f2ecf56a47dce496bcff2a41f6c7edafa4c8e85be11a374e16303c262af77afadae468f9ba5af06e229b25233d098c4b46bb5f50398b297db2d3cce9be1b987c75d96a0e5cc27623d6005926e40d4e4a37e7f9bfdf70af69a4e01dd872c4bcb0c3d80a55f7a1ad78f01afa1b664d7ffd89fa486c4b9f9d74a7f9142de044e4c52eab8a7994364888cdd1e451522c0403090aff3750a7a2b6f50d78ffce91e48331fee8112cd32ebcbc6e486c83df2fca7cd18a788417f38ed97a65e51f67bbfd9f42ab018ea754f48b893957d421dd3a4557b73ef66223d54867c06a2c824d291ccbf39abc0ccaed92ab1509288810717018b763ca736bc9b7337049db4e8ec108e28f31529176e55adfb91bb6dfc3de4bca73f40903ae74f2febc0af80b808d49a9248f045458ced676c987ec003d54c50df4c3e0a31d992fc9666aacdb2ab3323165211d63102e4a856be6d5cd37291750a60f78188749a8c1234fcb9d85611b82630114da202ae84f9998cb6bd05b4aee985001d011b3470ba7ad79f0521c40979b34220c5c9040056d80686ecf1230458987fe3453e057428239bf2024f7119fd3a2ab8218b8b7c4e6523cf3b01742d9038ba622582a6a3fcf3ffbf860b8dfc48215508570b9db42c13a1a9cc4bb1728848839e57d18ce51228516ae4c2c0bc5a3ed9b8568d5df450ecaa28304e7952eaeb59aa1f01b67e0cd1ffcf7851f7803586f4f2d9fcb66b1076546079eebda8b7c3f02152d2360c158d4d778b7adcb385f3ece180512124ee3e4c9ab8f8e9a0e6d38a7ffd68d7ab0a8f0187a8ad53f8bfb05c340ff4de1ca52ea7e16f6771881ae5c5e0b4085bdc890c7d305a12a161cbafddc6cbf3438d3132a17a94d2a29f3ee441b5c18466b1475b4803666bb3fb3d852aaf24e445e7c3ed4a6f63ba8d7aff7d4cf4b8a0f640cef1b9c00db34ebaa53e64a646839e0a0697646fd6a5cdf0b5fa3234aebcd98d59d5916f9b473ff5d2f0b2d43ab5845645b258d7bf5eaa32830ddb4fe0a18a2ff60a17eff61f35691a228ce727e4afab2a274a11ab145370b0cf4853e4c5de34834cd5c870646d67d3fdb98c96ebc79b05d50ff2cb201e0f27bec7732ac7935cca616cd01f52e3e859d0ad65709a8ac9a193d06a4b2fd0572775590e1fd4d79e2a9007716c49c5a8d99294572dd69389fb9d18828ec0aedf6efc5892f1ab67152042e38fce7ff59a7b2f0edd4e0ab6566e4579796d3ecf49a00b4018ad1b232e4ee0b35983686d34e82e2a8641aeecd24ac51c4cd8b2bb92487c905b89b6e1db4d6dbafd1b97dda4cc10537df79c494dfe3c4d8c329f29591a9cc0ec1be10fb13f02", 0x1000, 0x0) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) 08:16:35 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x1000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2417.622933] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:35 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6c00, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2417.711928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2417.750223] FAULT_FLAG_ALLOW_RETRY missing 70 08:16:35 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2417.760400] CPU: 0 PID: 23232 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2417.767803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2417.777195] Call Trace: [ 2417.779828] dump_stack+0x244/0x39d [ 2417.783500] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2417.788726] handle_userfault.cold.32+0x47/0x62 [ 2417.793455] ? userfaultfd_ioctl+0x5610/0x5610 [ 2417.798060] ? mark_held_locks+0x130/0x130 [ 2417.802332] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2417.807402] ? futex_wait_setup+0x266/0x3e0 [ 2417.811754] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2417.816966] ? userfaultfd_ctx_put+0x830/0x830 [ 2417.821569] ? futex_wait+0x5a1/0xa50 [ 2417.825410] ? print_usage_bug+0xc0/0xc0 [ 2417.829490] ? print_usage_bug+0xc0/0xc0 [ 2417.833573] ? print_usage_bug+0xc0/0xc0 [ 2417.837654] ? zap_class+0x640/0x640 [ 2417.841403] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2417.846528] ? futex_wake+0x304/0x760 [ 2417.850373] ? find_held_lock+0x36/0x1c0 [ 2417.854465] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2417.859067] ? lock_downgrade+0x900/0x900 [ 2417.863242] ? kasan_check_read+0x11/0x20 [ 2417.867405] ? do_raw_spin_unlock+0xa7/0x330 [ 2417.871835] ? do_raw_spin_trylock+0x270/0x270 [ 2417.876438] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2417.882094] __handle_mm_fault+0x4bbd/0x5be0 [ 2417.886525] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2417.891410] ? zap_class+0x640/0x640 [ 2417.895137] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2417.900086] ? kasan_check_read+0x11/0x20 [ 2417.904245] ? rcu_softirq_qs+0x20/0x20 [ 2417.908240] ? zap_class+0x640/0x640 [ 2417.911962] ? zap_class+0x640/0x640 [ 2417.915696] ? find_held_lock+0x36/0x1c0 [ 2417.919807] ? handle_mm_fault+0x42a/0xc70 [ 2417.924057] ? lock_downgrade+0x900/0x900 [ 2417.928230] ? check_preemption_disabled+0x48/0x280 [ 2417.933265] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2417.938223] ? kasan_check_read+0x11/0x20 [ 2417.942401] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2417.947691] ? rcu_softirq_qs+0x20/0x20 [ 2417.951687] ? trace_hardirqs_off_caller+0x310/0x310 [ 2417.956805] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2417.962379] ? check_preemption_disabled+0x48/0x280 [ 2417.967421] handle_mm_fault+0x54f/0xc70 [ 2417.971495] ? __handle_mm_fault+0x5be0/0x5be0 [ 2417.976092] ? find_vma+0x34/0x190 [ 2417.979657] __do_page_fault+0x5e8/0xe60 [ 2417.983724] ? trace_hardirqs_off+0xb8/0x310 [ 2417.988155] do_page_fault+0xf2/0x7e0 [ 2417.991965] ? vmalloc_sync_all+0x30/0x30 [ 2417.996126] ? error_entry+0x70/0xd0 [ 2417.999856] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2418.004889] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2418.009834] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2418.014776] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2418.019632] ? trace_hardirqs_on_caller+0x310/0x310 [ 2418.024662] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2418.030125] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2418.035158] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2418.040187] ? page_fault+0x8/0x30 [ 2418.043745] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2418.048602] ? page_fault+0x8/0x30 [ 2418.052167] page_fault+0x1e/0x30 [ 2418.055626] RIP: 0033:0x4510a0 [ 2418.058834] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2418.077745] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2418.083119] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2418.090399] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2418.097675] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2418.104956] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 08:16:35 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x500, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:35 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x200000, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:35 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2418.112235] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2418.152728] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2418.232202] CPU: 1 PID: 23245 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2418.239622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2418.246356] kvm: vcpu 0: requested 34784 ns lapic timer period limited to 200000 ns [ 2418.248983] Call Trace: [ 2418.249025] dump_stack+0x244/0x39d [ 2418.249051] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2418.268250] handle_userfault.cold.32+0x47/0x62 [ 2418.272945] ? userfaultfd_ioctl+0x5610/0x5610 [ 2418.277544] ? mark_held_locks+0x130/0x130 [ 2418.281796] ? find_held_lock+0x36/0x1c0 [ 2418.285911] ? userfaultfd_ctx_put+0x830/0x830 [ 2418.285939] ? kasan_check_read+0x11/0x20 [ 2418.294671] ? print_usage_bug+0xc0/0xc0 [ 2418.298745] ? do_raw_spin_trylock+0x270/0x270 [ 2418.303344] ? print_usage_bug+0xc0/0xc0 [ 2418.307441] ? print_usage_bug+0xc0/0xc0 [ 2418.307991] kvm: vcpu 0: requested 34784 ns lapic timer period limited to 200000 ns [ 2418.311521] ? zap_class+0x640/0x640 [ 2418.311539] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2418.311558] ? futex_wake+0x304/0x760 08:16:36 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x6488, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2418.323080] ? find_held_lock+0x36/0x1c0 [ 2418.331971] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2418.331990] ? lock_downgrade+0x900/0x900 [ 2418.332014] ? kasan_check_read+0x11/0x20 [ 2418.332029] ? do_raw_spin_unlock+0xa7/0x330 [ 2418.332047] ? do_raw_spin_trylock+0x270/0x270 [ 2418.357965] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2418.364077] __handle_mm_fault+0x4bbd/0x5be0 [ 2418.368510] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2418.373384] ? zap_class+0x640/0x640 [ 2418.377117] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2418.382065] ? kasan_check_read+0x11/0x20 [ 2418.386233] ? rcu_softirq_qs+0x20/0x20 [ 2418.386260] ? zap_class+0x640/0x640 [ 2418.386276] ? zap_class+0x640/0x640 [ 2418.386299] ? find_held_lock+0x36/0x1c0 [ 2418.386325] ? handle_mm_fault+0x42a/0xc70 [ 2418.386343] ? lock_downgrade+0x900/0x900 [ 2418.386380] ? check_preemption_disabled+0x48/0x280 [ 2418.397797] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2418.397816] ? kasan_check_read+0x11/0x20 [ 2418.424379] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 08:16:36 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xe80, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2418.429678] ? rcu_softirq_qs+0x20/0x20 [ 2418.433693] ? trace_hardirqs_off_caller+0x310/0x310 [ 2418.438813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2418.444376] ? check_preemption_disabled+0x48/0x280 [ 2418.449429] handle_mm_fault+0x54f/0xc70 [ 2418.453507] ? __handle_mm_fault+0x5be0/0x5be0 [ 2418.458114] ? find_vma+0x34/0x190 [ 2418.461670] __do_page_fault+0x5e8/0xe60 [ 2418.465755] ? trace_hardirqs_off+0xb8/0x310 [ 2418.470191] do_page_fault+0xf2/0x7e0 [ 2418.474011] ? vmalloc_sync_all+0x30/0x30 [ 2418.478174] ? error_entry+0x70/0xd0 [ 2418.481907] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2418.486939] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2418.486957] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2418.486973] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2418.486996] ? trace_hardirqs_on_caller+0x310/0x310 [ 2418.496873] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2418.496893] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2418.496912] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2418.496930] ? page_fault+0x8/0x30 [ 2418.517235] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2418.517255] ? page_fault+0x8/0x30 [ 2418.517271] page_fault+0x1e/0x30 [ 2418.517293] RIP: 0033:0x4510a0 [ 2418.540891] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2418.559800] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2418.559813] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2418.559824] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2418.559833] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2418.559843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2418.559853] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:36 executing program 5: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x2000) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000280)=ANY=[@ANYBLOB="0800000007e95ca87aece10f03f1a30493e0858c9e049b1e601000000009f7a07dbc1e00000003000000f4c526c0cc0800bba86ebc65fde3ed000002000000"]) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = semget(0x0, 0x4, 0x586) semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000140)=""/131) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000080)={0x0, 0x4004400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000919000/0x400000)=nil, 0x400000, 0xffffffffffffffff, 0x8031, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x20) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0)) openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000004c0)) openat$sequencer(0xffffffffffffff9c, 0x0, 0xc0200, 0x0) sched_setscheduler(0x0, 0x6, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x80000, 0x0) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0) r5 = socket(0x1e, 0x805, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x0, 0x200, 0x0, 0x0, 0x38f, 0x0, 0x0, 0xb08, 0x0, 0x7, 0x3, 0x800, 0xffffffffffffffff, 0x5a}}) sendmsg(r5, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 08:16:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000140)={{{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@broadcast}}, &(0x7f0000000000)=0xe8) getresgid(&(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000240)=0x0) fchown(r0, r2, r3) 08:16:36 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = add_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f00000001c0)="648707518926ecf3fa5a5f04ca45fb03e77cd1f81cc37e37e3a9eb030757aabb99a78b145720ea763df0c3b3345d8c518c5ccabf9c237bcdcc01bfb1bf8f65e749963c46039798be4b7f304d1e89e7d567eddf0f1fa444361018a83c59701f8b4942d2065bc8785d8d1a3f190d8ab8fa5fe0b2f28c1fd9765b077aed7c10e974df83fd0c84e48c6062057cab5479202a241240cedcf9ae4400b891e6875fec6703e7ed4d9178bf830245b383ad22e424fe153255c2fcdcf4426613222e11d84f9f09558716408c525e4d286e9b", 0xcd, 0xfffffffffffffffc) r1 = request_key(&(0x7f0000000140)='encrypted\x00', &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000300)='proc/wlan0-.\'{\x00', 0xfffffffffffffffc) keyctl$unlink(0x9, r0, r1) r2 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r3 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000000340), &(0x7f0000000380)=0x4) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x3}) r5 = syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r4, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) request_key(&(0x7f00000003c0)='user\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000440)='/dev/input/event#\x00', 0xfffffffffffffffc) ioctl$EVIOCGMTSLOTS(r5, 0x8040450a, 0xffffffffffffffff) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:36 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8906000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:36 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f00000001c0)={&(0x7f0000011000/0x3000)=nil, 0x3000}) 08:16:36 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x600, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:36 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x14, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2418.842817] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2418.847399] CPU: 0 PID: 23289 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2418.854786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2418.864151] Call Trace: [ 2418.866763] dump_stack+0x244/0x39d [ 2418.870444] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2418.875671] handle_userfault.cold.32+0x47/0x62 [ 2418.880396] ? userfaultfd_ioctl+0x5610/0x5610 [ 2418.885010] ? mark_held_locks+0x130/0x130 [ 2418.889266] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2418.894299] ? futex_wait_setup+0x266/0x3e0 [ 2418.898649] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2418.903863] ? userfaultfd_ctx_put+0x830/0x830 [ 2418.908464] ? futex_wait+0x5a1/0xa50 [ 2418.912287] ? print_usage_bug+0xc0/0xc0 [ 2418.916385] ? print_usage_bug+0xc0/0xc0 [ 2418.920477] ? print_usage_bug+0xc0/0xc0 [ 2418.924559] ? zap_class+0x640/0x640 [ 2418.928294] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2418.933417] ? futex_wake+0x304/0x760 [ 2418.937248] ? find_held_lock+0x36/0x1c0 [ 2418.941339] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2418.945962] ? lock_downgrade+0x900/0x900 [ 2418.950140] ? kasan_check_read+0x11/0x20 [ 2418.954324] ? do_raw_spin_unlock+0xa7/0x330 [ 2418.958770] ? do_raw_spin_trylock+0x270/0x270 [ 2418.963389] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2418.969058] __handle_mm_fault+0x4bbd/0x5be0 [ 2418.973498] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2418.978379] ? zap_class+0x640/0x640 [ 2418.982113] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2418.987058] ? kasan_check_read+0x11/0x20 [ 2418.991223] ? rcu_softirq_qs+0x20/0x20 [ 2418.995222] ? zap_class+0x640/0x640 [ 2418.998954] ? zap_class+0x640/0x640 [ 2419.002687] ? find_held_lock+0x36/0x1c0 [ 2419.006771] ? handle_mm_fault+0x42a/0xc70 [ 2419.011023] ? lock_downgrade+0x900/0x900 [ 2419.015193] ? check_preemption_disabled+0x48/0x280 [ 2419.020226] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2419.025170] ? kasan_check_read+0x11/0x20 [ 2419.029328] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2419.034632] ? rcu_softirq_qs+0x20/0x20 [ 2419.038636] ? trace_hardirqs_off_caller+0x310/0x310 [ 2419.043773] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2419.049332] ? check_preemption_disabled+0x48/0x280 [ 2419.054404] handle_mm_fault+0x54f/0xc70 [ 2419.058487] ? __handle_mm_fault+0x5be0/0x5be0 [ 2419.063093] ? find_vma+0x34/0x190 [ 2419.066656] __do_page_fault+0x5e8/0xe60 [ 2419.070734] ? trace_hardirqs_off+0xb8/0x310 [ 2419.075178] do_page_fault+0xf2/0x7e0 [ 2419.079011] ? vmalloc_sync_all+0x30/0x30 [ 2419.083182] ? error_entry+0x70/0xd0 [ 2419.086915] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2419.091945] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2419.096892] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2419.101835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2419.106714] ? trace_hardirqs_on_caller+0x310/0x310 [ 2419.111748] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2419.117226] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2419.122263] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2419.127301] ? page_fault+0x8/0x30 [ 2419.130861] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2419.135721] ? page_fault+0x8/0x30 [ 2419.139276] page_fault+0x1e/0x30 [ 2419.142744] RIP: 0033:0x4510a0 [ 2419.145948] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2419.164855] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2419.170252] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2419.177537] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2419.184824] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 08:16:36 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x800455d1, &(0x7f0000000080)) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x4000, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'\x00', {0x2, 0x4e20, @multicast2}}) 08:16:36 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4000000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:36 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x40000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:36 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) iopl(0x7) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x81, 0x20800) setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0x6257) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) ioctl$VT_OPENQRY(r1, 0x5600, &(0x7f00000000c0)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x200101, 0x0) 08:16:37 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x48000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2419.192116] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2419.199405] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:38 executing program 5: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x2000) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000280)=ANY=[@ANYBLOB="0800000007e95ca87aece10f03f1a30493e0858c9e049b1e601000000009f7a07dbc1e00000003000000f4c526c0cc0800bba86ebc65fde3ed000002000000"]) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = semget(0x0, 0x4, 0x586) semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000140)=""/131) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000080)={0x0, 0x4004400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000919000/0x400000)=nil, 0x400000, 0xffffffffffffffff, 0x8031, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x20) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0)) openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, &(0x7f00000004c0)) openat$sequencer(0xffffffffffffff9c, 0x0, 0xc0200, 0x0) sched_setscheduler(0x0, 0x6, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x80000, 0x0) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0) r5 = socket(0x1e, 0x805, 0x0) mkdir(&(0x7f00000005c0)='./file0\x00', 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000600)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x0, 0x200, 0x0, 0x0, 0x38f, 0x0, 0x0, 0xb08, 0x0, 0x7, 0x3, 0x800, 0xffffffffffffffff, 0x5a}}) sendmsg(r5, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 08:16:38 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) 08:16:38 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2005, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:38 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0xf0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:38 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x4800000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:38 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) shmget(0x0, 0x1000, 0x80, &(0x7f0000ffc000/0x1000)=nil) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) [ 2420.383015] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2420.397453] CPU: 1 PID: 23325 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2420.404839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2420.414201] Call Trace: [ 2420.416802] dump_stack+0x244/0x39d [ 2420.420447] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2420.425672] handle_userfault.cold.32+0x47/0x62 [ 2420.430379] ? userfaultfd_ioctl+0x5610/0x5610 [ 2420.434975] ? mark_held_locks+0x130/0x130 [ 2420.439222] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2420.444243] ? futex_wait_setup+0x266/0x3e0 [ 2420.448594] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2420.453795] ? userfaultfd_ctx_put+0x830/0x830 [ 2420.458389] ? futex_wait+0x5a1/0xa50 [ 2420.462200] ? print_usage_bug+0xc0/0xc0 [ 2420.466273] ? print_usage_bug+0xc0/0xc0 [ 2420.470343] ? print_usage_bug+0xc0/0xc0 [ 2420.474423] ? zap_class+0x640/0x640 [ 2420.478159] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2420.483265] ? futex_wake+0x304/0x760 [ 2420.487082] ? find_held_lock+0x36/0x1c0 [ 2420.491162] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2420.495755] ? lock_downgrade+0x900/0x900 [ 2420.499921] ? kasan_check_read+0x11/0x20 [ 2420.504074] ? do_raw_spin_unlock+0xa7/0x330 [ 2420.508486] ? do_raw_spin_trylock+0x270/0x270 [ 2420.513077] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2420.518716] __handle_mm_fault+0x4bbd/0x5be0 [ 2420.523141] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2420.527990] ? zap_class+0x640/0x640 [ 2420.531709] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2420.536641] ? kasan_check_read+0x11/0x20 [ 2420.540795] ? rcu_softirq_qs+0x20/0x20 [ 2420.544785] ? zap_class+0x640/0x640 [ 2420.548502] ? zap_class+0x640/0x640 [ 2420.552232] ? find_held_lock+0x36/0x1c0 [ 2420.556317] ? handle_mm_fault+0x42a/0xc70 [ 2420.560566] ? lock_downgrade+0x900/0x900 [ 2420.564722] ? check_preemption_disabled+0x48/0x280 [ 2420.569745] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2420.574679] ? kasan_check_read+0x11/0x20 [ 2420.578830] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2420.584120] ? rcu_softirq_qs+0x20/0x20 [ 2420.588149] ? trace_hardirqs_off_caller+0x310/0x310 [ 2420.593261] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2420.598809] ? check_preemption_disabled+0x48/0x280 [ 2420.603842] handle_mm_fault+0x54f/0xc70 [ 2420.607921] ? __handle_mm_fault+0x5be0/0x5be0 [ 2420.612513] ? find_vma+0x34/0x190 [ 2420.616077] __do_page_fault+0x5e8/0xe60 [ 2420.620150] ? trace_hardirqs_off+0xb8/0x310 [ 2420.624579] do_page_fault+0xf2/0x7e0 [ 2420.628389] ? vmalloc_sync_all+0x30/0x30 [ 2420.632548] ? error_entry+0x70/0xd0 [ 2420.636270] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2420.641304] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2420.646244] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2420.651178] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2420.656039] ? trace_hardirqs_on_caller+0x310/0x310 [ 2420.661072] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2420.666532] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2420.671557] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2420.676577] ? page_fault+0x8/0x30 [ 2420.680131] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2420.684979] ? page_fault+0x8/0x30 [ 2420.688537] page_fault+0x1e/0x30 [ 2420.691993] RIP: 0033:0x4510a0 [ 2420.695193] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2420.714096] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2420.719466] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2420.726737] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2420.734007] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2420.741277] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2420.748553] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2420.774925] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2420.792155] CPU: 0 PID: 23333 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2420.799542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2420.808902] Call Trace: [ 2420.811614] dump_stack+0x244/0x39d [ 2420.815268] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2420.820494] handle_userfault.cold.32+0x47/0x62 08:16:38 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x800e, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2420.825201] ? userfaultfd_ioctl+0x5610/0x5610 [ 2420.829807] ? mark_held_locks+0x130/0x130 [ 2420.834065] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2420.839097] ? futex_wait_setup+0x266/0x3e0 [ 2420.843453] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2420.848667] ? userfaultfd_ctx_put+0x830/0x830 [ 2420.849431] IPVS: ftp: loaded support on port[0] = 21 [ 2420.853265] ? futex_wait+0x5a1/0xa50 [ 2420.853289] ? print_usage_bug+0xc0/0xc0 [ 2420.853307] ? print_usage_bug+0xc0/0xc0 [ 2420.853326] ? print_usage_bug+0xc0/0xc0 08:16:38 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x600000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2420.853344] ? zap_class+0x640/0x640 [ 2420.878207] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2420.883326] ? futex_wake+0x304/0x760 [ 2420.887184] ? find_held_lock+0x36/0x1c0 [ 2420.891276] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2420.895873] ? lock_downgrade+0x900/0x900 [ 2420.900051] ? kasan_check_read+0x11/0x20 [ 2420.904208] ? do_raw_spin_unlock+0xa7/0x330 [ 2420.908632] ? do_raw_spin_trylock+0x270/0x270 [ 2420.913235] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2420.918885] __handle_mm_fault+0x4bbd/0x5be0 08:16:38 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x806000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2420.923320] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2420.928204] ? zap_class+0x640/0x640 [ 2420.931961] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2420.936905] ? kasan_check_read+0x11/0x20 [ 2420.941083] ? rcu_softirq_qs+0x20/0x20 [ 2420.945087] ? zap_class+0x640/0x640 [ 2420.948816] ? zap_class+0x640/0x640 [ 2420.952552] ? find_held_lock+0x36/0x1c0 [ 2420.956637] ? handle_mm_fault+0x42a/0xc70 [ 2420.960889] ? lock_downgrade+0x900/0x900 [ 2420.965051] ? check_preemption_disabled+0x48/0x280 [ 2420.970189] ? rcu_read_unlock_special+0x1c0/0x1c0 08:16:38 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x7400000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2420.975138] ? kasan_check_read+0x11/0x20 [ 2420.979298] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2420.984587] ? rcu_softirq_qs+0x20/0x20 [ 2420.988581] ? trace_hardirqs_off_caller+0x310/0x310 [ 2420.993697] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2420.999254] ? check_preemption_disabled+0x48/0x280 [ 2421.004322] handle_mm_fault+0x54f/0xc70 [ 2421.008423] ? __handle_mm_fault+0x5be0/0x5be0 [ 2421.013029] ? find_vma+0x34/0x190 [ 2421.016594] __do_page_fault+0x5e8/0xe60 [ 2421.020676] ? trace_hardirqs_off+0xb8/0x310 08:16:38 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x81000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2421.025106] do_page_fault+0xf2/0x7e0 [ 2421.028922] ? vmalloc_sync_all+0x30/0x30 [ 2421.033085] ? error_entry+0x70/0xd0 [ 2421.036819] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2421.041852] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2421.046796] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2421.051740] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2421.056602] ? trace_hardirqs_on_caller+0x310/0x310 [ 2421.061636] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2421.067104] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2421.072137] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2421.077184] ? page_fault+0x8/0x30 [ 2421.080743] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2421.085601] ? page_fault+0x8/0x30 [ 2421.089159] page_fault+0x1e/0x30 [ 2421.092625] RIP: 0033:0x4510a0 [ 2421.095835] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2421.114755] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 08:16:39 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6c, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2421.120136] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2421.127423] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2421.134719] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2421.141996] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2421.149294] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2421.333946] device bridge_slave_1 left promiscuous mode [ 2421.339578] bridge0: port 2(bridge_slave_1) entered disabled state [ 2421.363385] device bridge_slave_0 left promiscuous mode [ 2421.368883] bridge0: port 1(bridge_slave_0) entered disabled state [ 2421.487856] team0 (unregistering): Port device team_slave_1 removed [ 2421.519572] team0 (unregistering): Port device team_slave_0 removed [ 2421.554631] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2421.593587] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2421.655516] bond0 (unregistering): Released all slaves [ 2421.669795] handle_userfault: 1 callbacks suppressed [ 2421.669802] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2421.693746] CPU: 0 PID: 23355 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2421.701143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2421.710523] Call Trace: [ 2421.713137] dump_stack+0x244/0x39d [ 2421.716793] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2421.722024] handle_userfault.cold.32+0x47/0x62 [ 2421.726734] ? userfaultfd_ioctl+0x5610/0x5610 [ 2421.731347] ? mark_held_locks+0x130/0x130 [ 2421.735632] ? find_held_lock+0x36/0x1c0 [ 2421.739748] ? userfaultfd_ctx_put+0x830/0x830 [ 2421.744371] ? kasan_check_read+0x11/0x20 [ 2421.748543] ? print_usage_bug+0xc0/0xc0 [ 2421.752621] ? do_raw_spin_trylock+0x270/0x270 [ 2421.757222] ? print_usage_bug+0xc0/0xc0 [ 2421.761315] ? print_usage_bug+0xc0/0xc0 [ 2421.765405] ? zap_class+0x640/0x640 [ 2421.769135] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2421.774256] ? futex_wake+0x304/0x760 [ 2421.778103] ? find_held_lock+0x36/0x1c0 [ 2421.782215] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2421.786835] ? lock_downgrade+0x900/0x900 [ 2421.791007] ? kasan_check_read+0x11/0x20 [ 2421.795200] ? do_raw_spin_unlock+0xa7/0x330 [ 2421.799627] ? do_raw_spin_trylock+0x270/0x270 [ 2421.804229] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2421.809892] __handle_mm_fault+0x4bbd/0x5be0 [ 2421.814347] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2421.819240] ? zap_class+0x640/0x640 [ 2421.822976] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2421.827954] ? kasan_check_read+0x11/0x20 [ 2421.832124] ? rcu_softirq_qs+0x20/0x20 [ 2421.836150] ? zap_class+0x640/0x640 [ 2421.839879] ? zap_class+0x640/0x640 [ 2421.843627] ? find_held_lock+0x36/0x1c0 [ 2421.847721] ? handle_mm_fault+0x42a/0xc70 [ 2421.851973] ? lock_downgrade+0x900/0x900 [ 2421.856141] ? check_preemption_disabled+0x48/0x280 [ 2421.861181] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2421.866123] ? kasan_check_read+0x11/0x20 [ 2421.870285] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2421.875602] ? rcu_softirq_qs+0x20/0x20 [ 2421.879610] ? trace_hardirqs_off_caller+0x310/0x310 [ 2421.884736] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2421.890291] ? check_preemption_disabled+0x48/0x280 [ 2421.895331] handle_mm_fault+0x54f/0xc70 [ 2421.899430] ? __handle_mm_fault+0x5be0/0x5be0 [ 2421.904035] ? find_vma+0x34/0x190 [ 2421.907595] __do_page_fault+0x5e8/0xe60 [ 2421.911670] ? trace_hardirqs_off+0xb8/0x310 [ 2421.916104] do_page_fault+0xf2/0x7e0 [ 2421.919920] ? vmalloc_sync_all+0x30/0x30 [ 2421.924087] ? error_entry+0x70/0xd0 [ 2421.927818] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2421.932873] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2421.937817] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2421.942761] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2421.947623] ? trace_hardirqs_on_caller+0x310/0x310 [ 2421.952656] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2421.958123] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2421.963156] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2421.968191] ? page_fault+0x8/0x30 [ 2421.971753] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2421.976611] ? page_fault+0x8/0x30 [ 2421.980168] page_fault+0x1e/0x30 [ 2421.983635] RIP: 0033:0x4510a0 [ 2421.986846] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2422.005763] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2422.011135] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2422.018428] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2422.025710] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2422.032991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2422.040273] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:40 executing program 5: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:40 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x4305000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:40 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x2) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:40 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000040)=0x2) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) prctl$PR_SET_FPEXC(0xc, 0x81) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x101, 0x1, 0x80000000, 0x8, 0x4}, &(0x7f00000000c0)=0x98) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000280)={r4, 0x9b, "bf4c7ffa64f0d2f732e6d91292d4aca2156667a679276a70a0237e8b9c731fe4af0f067d9ce7b26373b26b45f18e18954510ac3d2c1fca2385c9072d12f7ac15e98f81bb192c27fb389f1d65f25d7570a4f14c222f86edbdc9b894e7c3c7dc73b3e402e3bc8f44476b4e0e5f9c51d38bbd6b430e44f652bda6c8b797de299a41e78e649bcc0e2f4fc307e81ef95be25b6cdf058ddc894ea6e3d223"}, &(0x7f0000000140)=0xa3) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:40 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x9, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2422.371329] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2422.382210] CPU: 0 PID: 23373 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2422.389599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2422.398958] Call Trace: [ 2422.401572] dump_stack+0x244/0x39d [ 2422.405224] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2422.410450] handle_userfault.cold.32+0x47/0x62 [ 2422.415160] ? userfaultfd_ioctl+0x5610/0x5610 [ 2422.419769] ? mark_held_locks+0x130/0x130 [ 2422.424022] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2422.429052] ? futex_wait_setup+0x266/0x3e0 [ 2422.433419] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2422.438631] ? userfaultfd_ctx_put+0x830/0x830 [ 2422.443232] ? futex_wait+0x5a1/0xa50 [ 2422.447057] ? print_usage_bug+0xc0/0xc0 [ 2422.451137] ? print_usage_bug+0xc0/0xc0 [ 2422.455225] ? print_usage_bug+0xc0/0xc0 [ 2422.459328] ? zap_class+0x640/0x640 [ 2422.463074] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2422.468195] ? futex_wake+0x304/0x760 [ 2422.472028] ? find_held_lock+0x36/0x1c0 [ 2422.476114] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2422.480716] ? lock_downgrade+0x900/0x900 [ 2422.484884] ? kasan_check_read+0x11/0x20 [ 2422.489050] ? do_raw_spin_unlock+0xa7/0x330 [ 2422.493476] ? do_raw_spin_trylock+0x270/0x270 [ 2422.496228] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2422.498074] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2422.498103] __handle_mm_fault+0x4bbd/0x5be0 [ 2422.498131] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2422.517493] ? zap_class+0x640/0x640 [ 2422.521216] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2422.526161] ? kasan_check_read+0x11/0x20 [ 2422.530336] ? rcu_softirq_qs+0x20/0x20 [ 2422.534359] ? zap_class+0x640/0x640 [ 2422.538095] ? zap_class+0x640/0x640 [ 2422.541831] ? find_held_lock+0x36/0x1c0 [ 2422.545920] ? handle_mm_fault+0x42a/0xc70 [ 2422.550170] ? lock_downgrade+0x900/0x900 [ 2422.554329] ? check_preemption_disabled+0x48/0x280 [ 2422.559393] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2422.564339] ? kasan_check_read+0x11/0x20 [ 2422.568524] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2422.573812] ? rcu_softirq_qs+0x20/0x20 [ 2422.577800] ? trace_hardirqs_off_caller+0x310/0x310 [ 2422.582917] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2422.588472] ? check_preemption_disabled+0x48/0x280 [ 2422.593509] handle_mm_fault+0x54f/0xc70 [ 2422.597586] ? __handle_mm_fault+0x5be0/0x5be0 [ 2422.602184] ? find_vma+0x34/0x190 [ 2422.605744] __do_page_fault+0x5e8/0xe60 [ 2422.609813] ? trace_hardirqs_off+0xb8/0x310 [ 2422.614244] do_page_fault+0xf2/0x7e0 [ 2422.618067] ? vmalloc_sync_all+0x30/0x30 [ 2422.622228] ? error_entry+0x70/0xd0 [ 2422.622246] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2422.622262] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2422.622279] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2422.622294] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2422.622317] ? trace_hardirqs_on_caller+0x310/0x310 [ 2422.631072] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2422.656195] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2422.661232] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2422.666266] ? page_fault+0x8/0x30 [ 2422.669828] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2422.674702] ? page_fault+0x8/0x30 [ 2422.678259] page_fault+0x1e/0x30 [ 2422.681725] RIP: 0033:0x4510a0 [ 2422.684933] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2422.703867] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2422.709241] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2422.716518] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2422.723793] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2422.731074] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2422.738347] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2422.748010] CPU: 1 PID: 23385 Comm: syz-executor5 Not tainted 4.20.0-rc6+ #371 [ 2422.755392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2422.764753] Call Trace: [ 2422.767373] dump_stack+0x244/0x39d [ 2422.771013] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2422.776203] handle_userfault.cold.32+0x47/0x62 [ 2422.780870] ? userfaultfd_ioctl+0x5610/0x5610 [ 2422.785460] ? mark_held_locks+0x130/0x130 [ 2422.789687] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2422.794694] ? futex_wait_setup+0x266/0x3e0 [ 2422.799012] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2422.804191] ? userfaultfd_ctx_put+0x830/0x830 [ 2422.808780] ? futex_wait+0x5a1/0xa50 [ 2422.812589] ? print_usage_bug+0xc0/0xc0 [ 2422.816657] ? print_usage_bug+0xc0/0xc0 [ 2422.820732] ? print_usage_bug+0xc0/0xc0 [ 2422.824811] ? zap_class+0x640/0x640 [ 2422.828538] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2422.833653] ? futex_wake+0x304/0x760 [ 2422.837481] ? find_held_lock+0x36/0x1c0 [ 2422.841564] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2422.846159] ? lock_downgrade+0x900/0x900 [ 2422.850333] ? kasan_check_read+0x11/0x20 [ 2422.854504] ? do_raw_spin_unlock+0xa7/0x330 [ 2422.858921] ? do_raw_spin_trylock+0x270/0x270 [ 2422.863521] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2422.869171] __handle_mm_fault+0x4bbd/0x5be0 [ 2422.873603] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2422.878459] ? zap_class+0x640/0x640 [ 2422.882184] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2422.887122] ? kasan_check_read+0x11/0x20 [ 2422.891278] ? rcu_softirq_qs+0x20/0x20 [ 2422.895279] ? zap_class+0x640/0x640 [ 2422.899002] ? zap_class+0x640/0x640 [ 2422.902733] ? find_held_lock+0x36/0x1c0 [ 2422.906818] ? handle_mm_fault+0x42a/0xc70 [ 2422.911077] ? lock_downgrade+0x900/0x900 [ 2422.915231] ? check_preemption_disabled+0x48/0x280 [ 2422.920264] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2422.925202] ? kasan_check_read+0x11/0x20 [ 2422.929365] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2422.934667] ? rcu_softirq_qs+0x20/0x20 [ 2422.938650] ? trace_hardirqs_off_caller+0x310/0x310 [ 2422.943767] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2422.949313] ? check_preemption_disabled+0x48/0x280 [ 2422.954389] handle_mm_fault+0x54f/0xc70 [ 2422.958494] ? __handle_mm_fault+0x5be0/0x5be0 [ 2422.963089] ? find_vma+0x34/0x190 [ 2422.966649] __do_page_fault+0x5e8/0xe60 [ 2422.970730] ? trace_hardirqs_off+0xb8/0x310 [ 2422.975160] do_page_fault+0xf2/0x7e0 [ 2422.978974] ? vmalloc_sync_all+0x30/0x30 [ 2422.983130] ? error_entry+0x70/0xd0 [ 2422.986866] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2422.991912] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2422.996850] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2423.001794] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2423.006648] ? trace_hardirqs_on_caller+0x310/0x310 [ 2423.011682] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2423.017160] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2423.022190] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2423.027226] ? page_fault+0x8/0x30 [ 2423.030789] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2423.035643] ? page_fault+0x8/0x30 [ 2423.039198] page_fault+0x1e/0x30 [ 2423.042658] RIP: 0033:0x4510a0 [ 2423.045860] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2423.064771] RSP: 002b:00007f59dbda67a8 EFLAGS: 00010202 [ 2423.070137] RAX: 00007f59dbda6850 RBX: 0000000000000003 RCX: 000000000000000e [ 2423.077418] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f59dbda6850 [ 2423.084697] RBP: 000000000072bfa0 R08: 00000000000003ff R09: 0000000000000000 [ 2423.091976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f59dbda76d4 [ 2423.099253] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2423.728625] bridge0: port 1(bridge_slave_0) entered blocking state [ 2423.735314] bridge0: port 1(bridge_slave_0) entered disabled state [ 2423.742802] device bridge_slave_0 entered promiscuous mode [ 2423.788139] bridge0: port 2(bridge_slave_1) entered blocking state [ 2423.794681] bridge0: port 2(bridge_slave_1) entered disabled state [ 2423.802616] device bridge_slave_1 entered promiscuous mode [ 2423.842995] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2423.870951] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2423.950223] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2423.979586] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2424.097812] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2424.105129] team0: Port device team_slave_0 added [ 2424.131307] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2424.138568] team0: Port device team_slave_1 added [ 2424.164066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2424.193129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2424.223118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2424.251486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2424.510526] bridge0: port 2(bridge_slave_1) entered blocking state [ 2424.516949] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2424.523626] bridge0: port 1(bridge_slave_0) entered blocking state [ 2424.530003] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2425.456681] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2425.546234] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2425.635488] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2425.641622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2425.650123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2425.737013] 8021q: adding VLAN 0 to HW filter on device team0 08:16:44 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000000c0)=0x7) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:44 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x1400000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:44 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) r1 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x1, 0x101) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r1, 0x400454ce, r2) 08:16:44 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x74, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:44 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) fsetxattr$security_smack_transmute(r2, &(0x7f00000000c0)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000280)='TRUE', 0x65, 0x6) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000001c0)=r0, 0x4) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000040)={r0}) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x0) 08:16:44 executing program 5: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) personality(0x414000e) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:44 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8060000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2426.372665] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2426.377516] CPU: 1 PID: 23653 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2426.384895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2426.394250] Call Trace: [ 2426.396857] dump_stack+0x244/0x39d [ 2426.400505] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2426.405718] handle_userfault.cold.32+0x47/0x62 [ 2426.410414] ? userfaultfd_ioctl+0x5610/0x5610 [ 2426.415012] ? mark_held_locks+0x130/0x130 [ 2426.419253] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2426.424279] ? futex_wait_setup+0x266/0x3e0 [ 2426.428620] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2426.433818] ? userfaultfd_ctx_put+0x830/0x830 [ 2426.438422] ? futex_wait+0x5a1/0xa50 [ 2426.442237] ? print_usage_bug+0xc0/0xc0 [ 2426.446319] ? print_usage_bug+0xc0/0xc0 [ 2426.450410] ? print_usage_bug+0xc0/0xc0 [ 2426.454478] ? zap_class+0x640/0x640 [ 2426.458196] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2426.463303] ? futex_wake+0x304/0x760 [ 2426.467125] ? find_held_lock+0x36/0x1c0 [ 2426.471207] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2426.475799] ? lock_downgrade+0x900/0x900 [ 2426.479973] ? kasan_check_read+0x11/0x20 [ 2426.484128] ? do_raw_spin_unlock+0xa7/0x330 [ 2426.488542] ? do_raw_spin_trylock+0x270/0x270 [ 2426.493137] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2426.498776] __handle_mm_fault+0x4bbd/0x5be0 [ 2426.503202] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2426.508054] ? zap_class+0x640/0x640 [ 2426.511781] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2426.516726] ? kasan_check_read+0x11/0x20 [ 2426.520905] ? rcu_softirq_qs+0x20/0x20 [ 2426.524902] ? zap_class+0x640/0x640 [ 2426.528621] ? zap_class+0x640/0x640 [ 2426.532364] ? find_held_lock+0x36/0x1c0 [ 2426.536464] ? handle_mm_fault+0x42a/0xc70 [ 2426.540712] ? lock_downgrade+0x900/0x900 [ 2426.544878] ? check_preemption_disabled+0x48/0x280 [ 2426.549903] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2426.554836] ? kasan_check_read+0x11/0x20 [ 2426.558996] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2426.564291] ? rcu_softirq_qs+0x20/0x20 [ 2426.568276] ? trace_hardirqs_off_caller+0x310/0x310 [ 2426.573395] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2426.578944] ? check_preemption_disabled+0x48/0x280 [ 2426.583973] handle_mm_fault+0x54f/0xc70 [ 2426.588045] ? __handle_mm_fault+0x5be0/0x5be0 [ 2426.592637] ? find_vma+0x34/0x190 [ 2426.596191] __do_page_fault+0x5e8/0xe60 [ 2426.600258] ? trace_hardirqs_off+0xb8/0x310 [ 2426.604687] do_page_fault+0xf2/0x7e0 [ 2426.608501] ? vmalloc_sync_all+0x30/0x30 [ 2426.612681] ? error_entry+0x70/0xd0 [ 2426.616406] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2426.621429] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2426.626373] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2426.631308] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2426.636155] ? trace_hardirqs_on_caller+0x310/0x310 [ 2426.641176] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2426.646632] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2426.651661] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2426.656687] ? page_fault+0x8/0x30 [ 2426.660237] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2426.665093] ? page_fault+0x8/0x30 [ 2426.668643] page_fault+0x1e/0x30 [ 2426.672104] RIP: 0033:0x4510a0 [ 2426.675308] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2426.694214] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2426.699585] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2426.706857] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2426.714134] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 08:16:44 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2426.721408] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2426.728679] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2426.739534] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2426.763787] CPU: 0 PID: 23650 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2426.771189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2426.780559] Call Trace: [ 2426.783173] dump_stack+0x244/0x39d [ 2426.786832] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2426.792061] handle_userfault.cold.32+0x47/0x62 [ 2426.796776] ? userfaultfd_ioctl+0x5610/0x5610 [ 2426.801400] ? mark_held_locks+0x130/0x130 [ 2426.805656] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2426.810689] ? futex_wait_setup+0x266/0x3e0 [ 2426.815038] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2426.820252] ? userfaultfd_ctx_put+0x830/0x830 [ 2426.824850] ? futex_wait+0x5a1/0xa50 [ 2426.828672] ? print_usage_bug+0xc0/0xc0 [ 2426.832753] ? print_usage_bug+0xc0/0xc0 [ 2426.836837] ? print_usage_bug+0xc0/0xc0 [ 2426.840917] ? zap_class+0x640/0x640 [ 2426.844651] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2426.849769] ? futex_wake+0x304/0x760 [ 2426.853601] ? find_held_lock+0x36/0x1c0 [ 2426.857685] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2426.862296] ? lock_downgrade+0x900/0x900 [ 2426.866469] ? kasan_check_read+0x11/0x20 [ 2426.870630] ? do_raw_spin_unlock+0xa7/0x330 [ 2426.875062] ? do_raw_spin_trylock+0x270/0x270 [ 2426.879664] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2426.885319] __handle_mm_fault+0x4bbd/0x5be0 [ 2426.889763] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2426.894626] ? zap_class+0x640/0x640 [ 2426.898369] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2426.903320] ? kasan_check_read+0x11/0x20 [ 2426.907493] ? rcu_softirq_qs+0x20/0x20 [ 2426.911492] ? zap_class+0x640/0x640 [ 2426.915220] ? zap_class+0x640/0x640 [ 2426.918959] ? find_held_lock+0x36/0x1c0 [ 2426.923048] ? handle_mm_fault+0x42a/0xc70 [ 2426.923067] ? lock_downgrade+0x900/0x900 [ 2426.923086] ? check_preemption_disabled+0x48/0x280 [ 2426.923104] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2426.923120] ? kasan_check_read+0x11/0x20 [ 2426.923135] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2426.923153] ? rcu_softirq_qs+0x20/0x20 [ 2426.931545] ? trace_hardirqs_off_caller+0x310/0x310 [ 2426.931565] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2426.931583] ? check_preemption_disabled+0x48/0x280 [ 2426.931606] handle_mm_fault+0x54f/0xc70 08:16:44 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:44 executing program 5: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x80, 0x0) ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000180)) r1 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000280)={0x2, 0x20, [{0x95, 0x0, 0x1}, {0x8, 0x0, 0xff}]}) close(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10000, 0x80) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000080)={0x0, 0x80000, 0xffffffffffffff9c}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r5 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x0, 0x204000) ioctl$BLKRESETZONE(r5, 0x40101283, &(0x7f0000000100)={0x4, 0x1ff}) sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f00000001c0)='./file0\x00', r8, r9) lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000940)={{}, {}, [{}], {}, [{0x8, 0x2, r9}, {0x8, 0x2, r9}, {0x8, 0x0, r9}, {0x8, 0x2, r9}, {0x8, 0x4, r9}], {0x10, 0x2}, {0x20, 0x1}}, 0x54, 0x1) chdir(&(0x7f0000000540)='./file0\x00') symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f00000007c0)='./file0\x00') r10 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x101001, 0x0) perf_event_open(&(0x7f0000000380)={0x3, 0x70, 0xffffffffffffffe0, 0x1, 0x7ff, 0x29bc61e, 0x0, 0x6481c43d, 0xa000, 0x2, 0x0, 0x8, 0x401, 0xb35, 0xfff, 0x100000001, 0xffffffff, 0x8, 0xfffffffffffffff9, 0x6, 0x9, 0x9, 0x8a, 0x2, 0xd73a, 0x382, 0x39cf, 0x0, 0x8001, 0x1, 0x10001, 0x7, 0x7fff, 0x400, 0x4, 0x1, 0xff, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x61}, 0x8100, 0x1, 0xbd, 0x7, 0x2, 0x6, 0x8000}, r7, 0x0, r10, 0xb) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f00000008c0), 0xffffffffffffffff) lstat(&(0x7f0000000600)='./file0/file0\x00', &(0x7f0000000680)) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r10, 0x84, 0x12, &(0x7f0000000240), &(0x7f0000000440)=0x4) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={r3, 0x80000, r4}) 08:16:44 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x8100000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2426.974646] ? __handle_mm_fault+0x5be0/0x5be0 [ 2426.979261] ? find_vma+0x34/0x190 [ 2426.982832] __do_page_fault+0x5e8/0xe60 [ 2426.986911] ? trace_hardirqs_off+0xb8/0x310 [ 2426.991348] do_page_fault+0xf2/0x7e0 [ 2426.995200] ? vmalloc_sync_all+0x30/0x30 [ 2426.999384] ? error_entry+0x70/0xd0 [ 2427.003121] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2427.008151] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2427.013098] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2427.018044] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2427.022909] ? trace_hardirqs_on_caller+0x310/0x310 [ 2427.027932] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2427.033405] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2427.038429] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2427.043450] ? page_fault+0x8/0x30 [ 2427.047004] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2427.051854] ? page_fault+0x8/0x30 [ 2427.055406] page_fault+0x1e/0x30 [ 2427.058865] RIP: 0033:0x4510a0 [ 2427.062063] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2427.080966] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2427.086335] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2427.093624] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2427.100916] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2427.108186] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2427.115457] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:45 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x5c00000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2427.209763] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2427.222913] CPU: 0 PID: 23650 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2427.230310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2427.240210] Call Trace: [ 2427.240240] dump_stack+0x244/0x39d [ 2427.240267] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2427.240302] handle_userfault.cold.32+0x47/0x62 [ 2427.240333] ? userfaultfd_ioctl+0x5610/0x5610 [ 2427.256418] ? mark_held_locks+0x130/0x130 [ 2427.256437] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2427.256456] ? futex_wait_setup+0x266/0x3e0 [ 2427.274601] ? zap_class+0x640/0x640 [ 2427.278344] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2427.283572] ? userfaultfd_ctx_put+0x830/0x830 [ 2427.288187] ? futex_wait+0x5a1/0xa50 [ 2427.292007] ? print_usage_bug+0xc0/0xc0 [ 2427.292025] ? print_usage_bug+0xc0/0xc0 [ 2427.292044] ? print_usage_bug+0xc0/0xc0 [ 2427.292063] ? zap_class+0x640/0x640 08:16:45 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x200841, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) chroot(&(0x7f0000000000)='./file0\x00') prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00') r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x200000, 0x0) ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f0000000140)=0x2) 08:16:45 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2427.292093] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2427.313443] ? futex_wake+0x304/0x760 [ 2427.317266] ? __ia32_sys_mmap_pgoff+0x1a0/0x1a0 [ 2427.322052] ? find_held_lock+0x36/0x1c0 [ 2427.326147] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2427.330752] ? lock_downgrade+0x900/0x900 [ 2427.334925] ? kasan_check_read+0x11/0x20 [ 2427.339091] ? do_raw_spin_unlock+0xa7/0x330 [ 2427.343514] ? do_raw_spin_trylock+0x270/0x270 [ 2427.348116] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2427.353768] __handle_mm_fault+0x4bbd/0x5be0 08:16:45 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2427.358203] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2427.363214] ? zap_class+0x640/0x640 [ 2427.366939] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2427.371890] ? kasan_check_read+0x11/0x20 [ 2427.376060] ? rcu_softirq_qs+0x20/0x20 [ 2427.380064] ? zap_class+0x640/0x640 [ 2427.383789] ? zap_class+0x640/0x640 [ 2427.387526] ? find_held_lock+0x36/0x1c0 [ 2427.391612] ? handle_mm_fault+0x42a/0xc70 [ 2427.395863] ? lock_downgrade+0x900/0x900 [ 2427.400044] ? check_preemption_disabled+0x48/0x280 [ 2427.405083] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2427.410029] ? kasan_check_read+0x11/0x20 [ 2427.410047] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2427.410065] ? rcu_softirq_qs+0x20/0x20 [ 2427.419505] ? trace_hardirqs_off_caller+0x310/0x310 [ 2427.428591] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2427.434149] ? check_preemption_disabled+0x48/0x280 [ 2427.439193] handle_mm_fault+0x54f/0xc70 [ 2427.443278] ? __handle_mm_fault+0x5be0/0x5be0 [ 2427.447878] ? find_vma+0x34/0x190 [ 2427.451450] __do_page_fault+0x5e8/0xe60 [ 2427.455525] ? trace_hardirqs_off+0xb8/0x310 [ 2427.459962] do_page_fault+0xf2/0x7e0 [ 2427.463795] ? vmalloc_sync_all+0x30/0x30 [ 2427.467963] ? error_entry+0x70/0xd0 [ 2427.471704] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2427.476737] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2427.481682] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2427.486626] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2427.491482] ? trace_hardirqs_on_caller+0x310/0x310 [ 2427.496514] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2427.501985] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2427.507021] ? page_fault+0x8/0x30 [ 2427.510583] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2427.515441] ? page_fault+0x8/0x30 [ 2427.518999] page_fault+0x1e/0x30 [ 2427.522468] RIP: 0033:0x4510a0 [ 2427.525675] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2427.544586] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2427.549974] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2427.557282] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2427.564576] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2427.571845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2427.579118] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:45 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x200000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:45 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f00000001c0)={{0x1, 0x10000000000, 0x8001, 0x81, 0x7, 0x7f}, 0xc7, 0x6, 0x6, 0x3ec3, 0x1, "c917dde9f5a328f4521431472d9b1f138cb570db052eef96e2f6db325b9899cf828f9bb1fa9efbf95868f505ec1e49ef52dd0dfc5f7a88be5ebe350714ef6b515950b64f35f8e06e064cf1975c87ff936ec155837c4984ab6037037206f1698f38b5ebb27e347ce387c998d9e4c6482aa5fc972fb25db21fe45d2a7b87f1fbf3"}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:45 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:45 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x1, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000040)='[\x00') clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:45 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x800e0000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:45 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:45 executing program 5 (fault-call:5 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) 08:16:45 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x300000000000000, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2427.748634] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2427.770687] CPU: 0 PID: 23705 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2427.778096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2427.787467] Call Trace: [ 2427.790075] dump_stack+0x244/0x39d [ 2427.793739] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2427.798968] handle_userfault.cold.32+0x47/0x62 [ 2427.803678] ? userfaultfd_ioctl+0x5610/0x5610 [ 2427.808285] ? mark_held_locks+0x130/0x130 [ 2427.812534] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2427.817557] ? futex_wait_setup+0x266/0x3e0 [ 2427.821896] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2427.827094] ? userfaultfd_ctx_put+0x830/0x830 [ 2427.831679] ? futex_wait+0x5a1/0xa50 [ 2427.835492] ? print_usage_bug+0xc0/0xc0 [ 2427.839564] ? print_usage_bug+0xc0/0xc0 [ 2427.843632] ? print_usage_bug+0xc0/0xc0 [ 2427.847703] ? zap_class+0x640/0x640 [ 2427.851424] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2427.856532] ? futex_wake+0x304/0x760 [ 2427.860363] ? find_held_lock+0x36/0x1c0 [ 2427.864447] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2427.869033] ? lock_downgrade+0x900/0x900 [ 2427.873208] ? kasan_check_read+0x11/0x20 [ 2427.877375] ? do_raw_spin_unlock+0xa7/0x330 [ 2427.881791] ? do_raw_spin_trylock+0x270/0x270 [ 2427.886412] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2427.892050] __handle_mm_fault+0x4bbd/0x5be0 [ 2427.896475] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2427.901333] ? zap_class+0x640/0x640 [ 2427.905062] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2427.910000] ? kasan_check_read+0x11/0x20 [ 2427.914156] ? rcu_softirq_qs+0x20/0x20 [ 2427.918176] ? zap_class+0x640/0x640 [ 2427.921905] ? zap_class+0x640/0x640 [ 2427.925627] ? find_held_lock+0x36/0x1c0 [ 2427.929702] ? handle_mm_fault+0x42a/0xc70 [ 2427.933942] ? lock_downgrade+0x900/0x900 [ 2427.938093] ? check_preemption_disabled+0x48/0x280 [ 2427.943131] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2427.948092] ? kasan_check_read+0x11/0x20 [ 2427.952247] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2427.957541] ? rcu_softirq_qs+0x20/0x20 [ 2427.961524] ? trace_hardirqs_off_caller+0x310/0x310 [ 2427.966646] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2427.972191] ? check_preemption_disabled+0x48/0x280 [ 2427.977223] handle_mm_fault+0x54f/0xc70 [ 2427.981297] ? __handle_mm_fault+0x5be0/0x5be0 [ 2427.985893] ? find_vma+0x34/0x190 [ 2427.989445] __do_page_fault+0x5e8/0xe60 [ 2427.993540] ? trace_hardirqs_off+0xb8/0x310 [ 2427.997967] do_page_fault+0xf2/0x7e0 [ 2428.001782] ? vmalloc_sync_all+0x30/0x30 [ 2428.005936] ? error_entry+0x70/0xd0 [ 2428.009655] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2428.014682] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2428.019622] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2428.024563] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2428.029423] ? trace_hardirqs_on_caller+0x310/0x310 [ 2428.034500] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2428.039978] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2428.045016] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2428.050041] ? page_fault+0x8/0x30 [ 2428.053589] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2428.058445] ? page_fault+0x8/0x30 [ 2428.061997] page_fault+0x1e/0x30 [ 2428.065461] RIP: 0033:0x4510a0 [ 2428.068678] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2428.087605] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2428.092981] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2428.100266] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2428.107541] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2428.114811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 08:16:45 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000013000/0x4000)=nil, 0x4000}, 0x2}) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2428.122086] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:46 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xf000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:46 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x100000000, 0x100) prctl$PR_GET_CHILD_SUBREAPER(0x25) connect$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0xffffffff}, 0x10) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:46 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2428.288640] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2428.302183] CPU: 1 PID: 23726 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2428.309574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2428.319091] Call Trace: [ 2428.321710] dump_stack+0x244/0x39d [ 2428.325377] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2428.330620] handle_userfault.cold.32+0x47/0x62 [ 2428.335328] ? userfaultfd_ioctl+0x5610/0x5610 [ 2428.339953] ? mark_held_locks+0x130/0x130 [ 2428.344216] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2428.349248] ? futex_wait_setup+0x266/0x3e0 [ 2428.353604] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2428.353630] ? userfaultfd_ctx_put+0x830/0x830 [ 2428.363397] ? futex_wait+0x5a1/0xa50 [ 2428.363419] ? print_usage_bug+0xc0/0xc0 [ 2428.363436] ? print_usage_bug+0xc0/0xc0 [ 2428.363455] ? print_usage_bug+0xc0/0xc0 [ 2428.379436] ? zap_class+0x640/0x640 [ 2428.383168] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2428.388292] ? futex_wake+0x304/0x760 [ 2428.392129] ? find_held_lock+0x36/0x1c0 [ 2428.396218] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2428.400815] ? lock_downgrade+0x900/0x900 [ 2428.404974] ? kasan_check_read+0x11/0x20 [ 2428.409139] ? do_raw_spin_unlock+0xa7/0x330 [ 2428.413550] FAULT_INJECTION: forcing a failure. [ 2428.413550] name failslab, interval 1, probability 0, space 0, times 0 [ 2428.424752] ? do_raw_spin_trylock+0x270/0x270 [ 2428.429351] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2428.435011] __handle_mm_fault+0x4bbd/0x5be0 [ 2428.439441] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2428.444302] ? zap_class+0x640/0x640 [ 2428.448027] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2428.452969] ? kasan_check_read+0x11/0x20 [ 2428.457133] ? rcu_softirq_qs+0x20/0x20 [ 2428.461175] ? zap_class+0x640/0x640 [ 2428.464927] ? zap_class+0x640/0x640 [ 2428.468676] ? find_held_lock+0x36/0x1c0 [ 2428.472757] ? handle_mm_fault+0x42a/0xc70 [ 2428.477028] ? lock_downgrade+0x900/0x900 [ 2428.481189] ? check_preemption_disabled+0x48/0x280 [ 2428.486225] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2428.491170] ? kasan_check_read+0x11/0x20 [ 2428.495329] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2428.500626] ? rcu_softirq_qs+0x20/0x20 [ 2428.504614] ? trace_hardirqs_off_caller+0x310/0x310 [ 2428.509736] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2428.515285] ? check_preemption_disabled+0x48/0x280 [ 2428.520371] handle_mm_fault+0x54f/0xc70 [ 2428.524497] ? __handle_mm_fault+0x5be0/0x5be0 [ 2428.529096] ? find_vma+0x34/0x190 [ 2428.532651] __do_page_fault+0x5e8/0xe60 [ 2428.536723] ? trace_hardirqs_off+0xb8/0x310 [ 2428.541155] do_page_fault+0xf2/0x7e0 [ 2428.544981] ? vmalloc_sync_all+0x30/0x30 [ 2428.549137] ? error_entry+0x70/0xd0 [ 2428.552874] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2428.557909] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2428.562889] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2428.567829] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2428.572712] ? trace_hardirqs_on_caller+0x310/0x310 [ 2428.577744] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2428.583209] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2428.588237] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2428.593266] ? page_fault+0x8/0x30 [ 2428.596824] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2428.601689] ? page_fault+0x8/0x30 [ 2428.605242] page_fault+0x1e/0x30 [ 2428.608701] RIP: 0033:0x4510a0 [ 2428.611918] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2428.630846] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 08:16:46 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x1000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2428.636222] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2428.643501] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2428.650781] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2428.658057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2428.665334] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2428.672644] CPU: 0 PID: 23717 Comm: syz-executor5 Not tainted 4.20.0-rc6+ #371 [ 2428.680030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2428.689395] Call Trace: [ 2428.692001] dump_stack+0x244/0x39d [ 2428.695648] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2428.700870] should_fail.cold.4+0xa/0x17 [ 2428.704944] ? lock_unpin_lock+0x4a0/0x4a0 [ 2428.704966] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 2428.704983] ? print_usage_bug+0xc0/0xc0 [ 2428.705006] ? zap_class+0x640/0x640 [ 2428.705027] ? zap_class+0x640/0x640 [ 2428.725878] ? zap_class+0x640/0x640 [ 2428.729613] ? find_held_lock+0x36/0x1c0 [ 2428.733700] ? __lock_is_held+0xb5/0x140 [ 2428.737791] ? perf_trace_sched_process_exec+0x860/0x860 [ 2428.743256] ? do_huge_pmd_wp_page+0x2127/0x5fd0 [ 2428.745719] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2428.748031] ? wake_up_page_bit+0x6f0/0x6f0 [ 2428.748053] __should_failslab+0x124/0x180 [ 2428.748078] should_failslab+0x9/0x14 [ 2428.761124] kmem_cache_alloc_trace+0x2d7/0x750 [ 2428.769591] do_huge_pmd_wp_page+0x229a/0x5fd0 [ 2428.774194] ? lock_unpin_lock+0x4a0/0x4a0 [ 2428.778444] ? update_load_avg+0x387/0x2470 [ 2428.782787] ? __split_huge_pmd+0xa70/0xa70 [ 2428.787132] ? update_load_avg+0x387/0x2470 [ 2428.791466] ? __lock_acquire+0x62f/0x4c20 [ 2428.795718] ? attach_entity_load_avg+0x860/0x860 [ 2428.800570] ? zap_class+0x640/0x640 [ 2428.804305] ? print_usage_bug+0xc0/0xc0 [ 2428.808412] ? rb_erase+0x3710/0x3710 [ 2428.812239] ? lock_unpin_lock+0x4a0/0x4a0 [ 2428.816497] ? lock_unpin_lock+0x4a0/0x4a0 [ 2428.820759] ? is_bpf_text_address+0xac/0x170 [ 2428.825270] ? print_usage_bug+0xc0/0xc0 [ 2428.829345] ? __lock_acquire+0x62f/0x4c20 [ 2428.833608] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2428.838559] ? kasan_check_read+0x11/0x20 [ 2428.842729] ? __lock_acquire+0x62f/0x4c20 [ 2428.846977] ? print_usage_bug+0xc0/0xc0 [ 2428.851054] ? __lock_acquire+0x62f/0x4c20 [ 2428.855304] ? print_usage_bug+0xc0/0xc0 [ 2428.859392] ? mark_held_locks+0x130/0x130 [ 2428.863655] ? __lock_acquire+0x62f/0x4c20 [ 2428.867905] ? print_usage_bug+0xc0/0xc0 [ 2428.871991] ? mark_held_locks+0x130/0x130 [ 2428.876237] ? zap_class+0x640/0x640 [ 2428.879972] ? __lock_acquire+0x62f/0x4c20 [ 2428.884225] ? __lock_acquire+0x62f/0x4c20 [ 2428.888479] ? print_usage_bug+0xc0/0xc0 [ 2428.892564] ? mark_held_locks+0x130/0x130 [ 2428.896816] ? mark_held_locks+0x130/0x130 [ 2428.901069] ? zap_class+0x640/0x640 [ 2428.904796] ? find_held_lock+0x36/0x1c0 [ 2428.908874] ? mark_held_locks+0xc7/0x130 [ 2428.913044] ? lock_unpin_lock+0x4a0/0x4a0 [ 2428.917294] ? print_usage_bug+0xc0/0xc0 [ 2428.921386] ? ima_match_policy+0x848/0x1560 [ 2428.925809] ? print_usage_bug+0xc0/0xc0 [ 2428.929881] ? check_preemption_disabled+0x48/0x280 [ 2428.934912] ? print_usage_bug+0xc0/0xc0 [ 2428.938986] ? print_usage_bug+0xc0/0xc0 [ 2428.943056] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2428.948352] ? __lock_acquire+0x62f/0x4c20 [ 2428.952617] ? find_held_lock+0x36/0x1c0 [ 2428.956716] ? __lock_acquire+0x62f/0x4c20 [ 2428.960980] ? __lock_acquire+0x62f/0x4c20 [ 2428.965223] ? mark_held_locks+0x130/0x130 [ 2428.969486] ? mark_held_locks+0x130/0x130 [ 2428.973732] ? mark_held_locks+0x130/0x130 [ 2428.978001] ? up_write+0x7b/0x220 [ 2428.981554] ? print_usage_bug+0xc0/0xc0 [ 2428.985638] __handle_mm_fault+0x2de2/0x5be0 [ 2428.990063] ? print_usage_bug+0xc0/0xc0 [ 2428.994142] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2428.998993] ? zap_class+0x640/0x640 [ 2429.002726] ? print_usage_bug+0xc0/0xc0 [ 2429.006815] ? zap_class+0x640/0x640 [ 2429.010538] ? zap_class+0x640/0x640 [ 2429.014270] ? find_held_lock+0x36/0x1c0 [ 2429.018363] ? handle_mm_fault+0x42a/0xc70 [ 2429.022621] ? lock_downgrade+0x900/0x900 [ 2429.026787] ? check_preemption_disabled+0x48/0x280 [ 2429.031822] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2429.036773] ? kasan_check_read+0x11/0x20 [ 2429.040945] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2429.046237] ? rcu_softirq_qs+0x20/0x20 [ 2429.050236] ? trace_hardirqs_off_caller+0x310/0x310 [ 2429.055373] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2429.060926] ? check_preemption_disabled+0x48/0x280 [ 2429.065965] handle_mm_fault+0x54f/0xc70 [ 2429.070040] ? __handle_mm_fault+0x5be0/0x5be0 [ 2429.074638] ? find_vma+0x34/0x190 [ 2429.078192] __do_page_fault+0x5e8/0xe60 [ 2429.082273] do_page_fault+0xf2/0x7e0 [ 2429.086085] ? vmalloc_sync_all+0x30/0x30 [ 2429.090250] ? error_entry+0x76/0xd0 [ 2429.093976] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2429.099004] ? find_held_lock+0x36/0x1c0 [ 2429.103089] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2429.107944] ? trace_hardirqs_on_caller+0x310/0x310 [ 2429.112998] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2429.117857] page_fault+0x1e/0x30 [ 2429.121319] RIP: 0010:__put_user_4+0x1c/0x30 [ 2429.125743] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 40 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 2429.144649] RSP: 0018:ffff88817fb37a60 EFLAGS: 00010293 [ 2429.150019] RAX: 0000000000000000 RBX: 00007fffffffeffd RCX: 0000000020000080 [ 2429.157293] RDX: 1ffff11038cb664b RSI: ffffffff81b1a6b3 RDI: ffff8881c65b3258 [ 2429.164567] RBP: ffff88817fb37c08 R08: 1ffff1102ff66f29 R09: 0000000000000008 [ 2429.171847] R10: 0000000000000001 R11: ffff8881b4b54680 R12: 1ffff1102ff66f50 [ 2429.179124] R13: 0000000000000000 R14: 00000000800455d1 R15: ffff8881d9145950 [ 2429.186430] ? __might_fault+0x1a3/0x1e0 [ 2429.190508] ? snd_ctl_ioctl+0x576/0x1110 [ 2429.194677] ? snd_ctl_elem_add_user+0x170/0x170 [ 2429.199450] ? __fget+0x4d1/0x740 [ 2429.202923] ? ksys_dup3+0x680/0x680 [ 2429.206670] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 2429.211616] ? snd_ctl_elem_add_user+0x170/0x170 [ 2429.216397] do_vfs_ioctl+0x1de/0x1790 [ 2429.220296] ? __lock_is_held+0xb5/0x140 [ 2429.224403] ? ioctl_preallocate+0x300/0x300 [ 2429.228826] ? __fget_light+0x2e9/0x430 [ 2429.233257] ? fget_raw+0x20/0x20 [ 2429.236725] ? __sb_end_write+0xd9/0x110 [ 2429.240803] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2429.246351] ? fput+0x130/0x1a0 [ 2429.249666] ? do_syscall_64+0x9a/0x820 [ 2429.253665] ? do_syscall_64+0x9a/0x820 [ 2429.257655] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2429.262252] ? security_file_ioctl+0x94/0xc0 [ 2429.266671] ksys_ioctl+0xa9/0xd0 [ 2429.270142] __x64_sys_ioctl+0x73/0xb0 [ 2429.274041] do_syscall_64+0x1b9/0x820 [ 2429.277951] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2429.283325] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2429.288281] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2429.293137] ? trace_hardirqs_on_caller+0x310/0x310 [ 2429.298164] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2429.303193] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2429.308230] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2429.313103] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2429.318298] RIP: 0033:0x457679 [ 2429.321506] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2429.340413] RSP: 002b:00007f59dbdc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2429.348172] RAX: ffffffffffffffda RBX: 00007f59dbdc7c90 RCX: 0000000000457679 [ 2429.355448] RDX: 0000000020000080 RSI: 00000000800455d1 RDI: 0000000000000005 [ 2429.362843] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2429.370107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f59dbdc86d4 [ 2429.377400] R13: 00000000004bfbc0 R14: 00000000004d0a48 R15: 0000000000000006 [ 2429.384704] CPU: 1 PID: 23739 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2429.392081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2429.401437] Call Trace: [ 2429.404039] dump_stack+0x244/0x39d [ 2429.407688] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2429.412906] handle_userfault.cold.32+0x47/0x62 [ 2429.412936] ? userfaultfd_ioctl+0x5610/0x5610 [ 2429.412957] ? mark_held_locks+0x130/0x130 [ 2429.422215] ? find_held_lock+0x36/0x1c0 [ 2429.422246] ? userfaultfd_ctx_put+0x830/0x830 [ 2429.435113] ? kasan_check_read+0x11/0x20 [ 2429.439282] ? print_usage_bug+0xc0/0xc0 [ 2429.443382] ? do_raw_spin_trylock+0x270/0x270 [ 2429.447984] ? print_usage_bug+0xc0/0xc0 [ 2429.452063] ? print_usage_bug+0xc0/0xc0 [ 2429.456118] ? zap_class+0x640/0x640 [ 2429.459822] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2429.464916] ? futex_wake+0x304/0x760 [ 2429.468712] ? find_held_lock+0x36/0x1c0 [ 2429.472768] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2429.477341] ? lock_downgrade+0x900/0x900 [ 2429.481497] ? kasan_check_read+0x11/0x20 [ 2429.485637] ? do_raw_spin_unlock+0xa7/0x330 [ 2429.490037] ? do_raw_spin_trylock+0x270/0x270 [ 2429.494612] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2429.500231] __handle_mm_fault+0x4bbd/0x5be0 [ 2429.504636] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2429.509472] ? zap_class+0x640/0x640 [ 2429.513175] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2429.518093] ? kasan_check_read+0x11/0x20 [ 2429.522230] ? rcu_softirq_qs+0x20/0x20 [ 2429.526199] ? zap_class+0x640/0x640 [ 2429.529902] ? zap_class+0x640/0x640 [ 2429.533611] ? find_held_lock+0x36/0x1c0 [ 2429.537666] ? handle_mm_fault+0x42a/0xc70 [ 2429.541895] ? lock_downgrade+0x900/0x900 [ 2429.546034] ? check_preemption_disabled+0x48/0x280 [ 2429.551043] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2429.555961] ? kasan_check_read+0x11/0x20 [ 2429.560097] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2429.565371] ? rcu_softirq_qs+0x20/0x20 [ 2429.569343] ? trace_hardirqs_off_caller+0x310/0x310 [ 2429.574458] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2429.579985] ? check_preemption_disabled+0x48/0x280 [ 2429.584994] handle_mm_fault+0x54f/0xc70 [ 2429.589054] ? __handle_mm_fault+0x5be0/0x5be0 [ 2429.593631] ? find_vma+0x34/0x190 [ 2429.597164] __do_page_fault+0x5e8/0xe60 [ 2429.601212] ? trace_hardirqs_off+0xb8/0x310 [ 2429.605622] do_page_fault+0xf2/0x7e0 [ 2429.609412] ? vmalloc_sync_all+0x30/0x30 [ 2429.613589] ? error_entry+0x70/0xd0 [ 2429.617297] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2429.622316] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2429.627268] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2429.632185] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2429.637018] ? trace_hardirqs_on_caller+0x310/0x310 [ 2429.642024] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2429.647464] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2429.652489] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2429.657506] ? page_fault+0x8/0x30 [ 2429.661038] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2429.665875] ? page_fault+0x8/0x30 [ 2429.669420] page_fault+0x1e/0x30 [ 2429.672860] RIP: 0033:0x4510a0 [ 2429.676073] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d 08:16:47 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f00000000c0)={'icmp\x00'}, &(0x7f0000000140)=0x1e) r2 = userfaultfd(0x0) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000040)=0x81) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) fcntl$addseals(r0, 0x409, 0x4) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:47 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x4800]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:47 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:47 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) sendto$unix(r1, &(0x7f0000000140)="a256947bcdda85a80b19769c37a24ab77cf3c9ed841da959279a28986f3f133ca9e718d2f5d9e76e1da00049110fa7028dbd219739014e7c9d6fcc03e8bdb8456f594e4cbcc1a475bb93af3e000ce87910a257e818a84cf62bcb77f5afb183895c24ad204def3ce188ef668c525c2f66767662c06ffbd951222eaa93b14693688d2480", 0x83, 0x20000000, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000040)=[@sack_perm], 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f00000000c0)={0x0, 0x3, 0x1}) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) [ 2429.694994] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2429.700381] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2429.707641] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2429.714900] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2429.722160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2429.729416] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:47 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:47 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x543]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2429.832865] QAT: Invalid ioctl [ 2429.871095] QAT: Invalid ioctl [ 2429.875257] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2429.899503] CPU: 1 PID: 23758 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2429.906901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2429.916268] Call Trace: [ 2429.918892] dump_stack+0x244/0x39d [ 2429.922553] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2429.927775] handle_userfault.cold.32+0x47/0x62 [ 2429.932477] ? userfaultfd_ioctl+0x5610/0x5610 [ 2429.932501] ? mark_held_locks+0x130/0x130 [ 2429.932521] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2429.932539] ? futex_wait_setup+0x266/0x3e0 [ 2429.932574] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2429.941390] ? userfaultfd_ctx_put+0x830/0x830 [ 2429.960484] ? futex_wait+0x5a1/0xa50 [ 2429.964304] ? print_usage_bug+0xc0/0xc0 [ 2429.968389] ? print_usage_bug+0xc0/0xc0 [ 2429.972473] ? print_usage_bug+0xc0/0xc0 [ 2429.976555] ? zap_class+0x640/0x640 [ 2429.980289] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2429.985411] ? futex_wake+0x304/0x760 [ 2429.989245] ? find_held_lock+0x36/0x1c0 [ 2429.993332] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2429.997943] ? lock_downgrade+0x900/0x900 [ 2430.002123] ? kasan_check_read+0x11/0x20 [ 2430.006289] ? do_raw_spin_unlock+0xa7/0x330 [ 2430.010713] ? do_raw_spin_trylock+0x270/0x270 [ 2430.015312] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2430.020972] __handle_mm_fault+0x4bbd/0x5be0 [ 2430.025410] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2430.030268] ? zap_class+0x640/0x640 [ 2430.033997] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2430.038945] ? kasan_check_read+0x11/0x20 [ 2430.038962] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2430.038989] ? zap_class+0x640/0x640 [ 2430.039004] ? zap_class+0x640/0x640 [ 2430.039024] ? find_held_lock+0x36/0x1c0 [ 2430.048459] ? handle_mm_fault+0x42a/0xc70 [ 2430.048478] ? lock_downgrade+0x900/0x900 [ 2430.048496] ? check_preemption_disabled+0x48/0x280 [ 2430.048517] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2430.078323] ? kasan_check_read+0x11/0x20 [ 2430.082499] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2430.087794] ? rcu_softirq_qs+0x20/0x20 [ 2430.091797] ? trace_hardirqs_off_caller+0x310/0x310 [ 2430.096919] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2430.102489] ? check_preemption_disabled+0x48/0x280 [ 2430.107533] handle_mm_fault+0x54f/0xc70 [ 2430.111616] ? __handle_mm_fault+0x5be0/0x5be0 [ 2430.116223] ? find_vma+0x34/0x190 [ 2430.119784] __do_page_fault+0x5e8/0xe60 [ 2430.123856] ? trace_hardirqs_off+0xb8/0x310 [ 2430.128299] do_page_fault+0xf2/0x7e0 [ 2430.132119] ? vmalloc_sync_all+0x30/0x30 [ 2430.136287] ? error_entry+0x70/0xd0 [ 2430.140019] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2430.140035] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2430.140053] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2430.140068] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2430.140090] ? trace_hardirqs_on_caller+0x310/0x310 [ 2430.150026] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2430.150046] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2430.150065] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2430.150080] ? page_fault+0x8/0x30 [ 2430.150100] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2430.188787] ? page_fault+0x8/0x30 [ 2430.192342] page_fault+0x1e/0x30 [ 2430.195818] RIP: 0033:0x4510a0 [ 2430.199028] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d 08:16:47 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:47 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x4, 0x80000) prctl$PR_SET_THP_DISABLE(0x29, 0x3d) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000480)='/dev/null\x00', 0x100, 0x0) connect$tipc(r1, &(0x7f00000004c0)=@id={0x1e, 0x3, 0x3, {0x4e21, 0x1}}, 0x10) read(r0, &(0x7f0000000440)=""/41, 0x29) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000500)) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x2000, 0x0) ioctl$BLKGETSIZE(r2, 0x1260, &(0x7f0000000380)) ioctl$DRM_IOCTL_AGP_RELEASE(r2, 0x6431) r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x80, 0x400002) recvfrom$llc(r2, &(0x7f00000003c0)=""/8, 0x8, 0x0, &(0x7f0000000400)={0x1a, 0x33b, 0x5, 0x3, 0x7fffffff, 0x7}, 0x10) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000140)={{{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f0000000040)=0xe8) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_DIRENTPLUS(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="c0000000000000000200000000000000030000000000000003000000000000000500000000000000018000000000000003000080040000000100000000000000ffff00000000000006000000000000000001000000000000050000000000000006000000000000000200000000000600000000000104000001000000", @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="000001008f3a0000000000000000000000000000304b00000000000013000000080000002f6465762f736e642f636f6e74726f6c4323000000000000"], 0xc0) 08:16:48 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000040)) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:48 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6c000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2430.217938] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2430.223312] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2430.230596] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2430.237886] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2430.245288] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2430.245298] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:48 executing program 0: r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x8, 0x80) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='proc+mime_type-\x00') r1 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r3 = socket$l2tp(0x18, 0x1, 0x1) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x3) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r4, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") ioctl$VIDIOC_S_PRIORITY(r1, 0x40045644, 0x2) 08:16:48 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:48 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x2, &(0x7f0000000080)) 08:16:48 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xffffdd86]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2430.408869] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2430.442168] CPU: 1 PID: 23796 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2430.449567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2430.458943] Call Trace: [ 2430.461537] dump_stack+0x244/0x39d [ 2430.465183] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2430.470418] handle_userfault.cold.32+0x47/0x62 [ 2430.470455] ? userfaultfd_ioctl+0x5610/0x5610 [ 2430.470479] ? mark_held_locks+0x130/0x130 [ 2430.479724] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2430.479739] ? futex_wait_setup+0x266/0x3e0 [ 2430.479769] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2430.479789] ? userfaultfd_ctx_put+0x830/0x830 [ 2430.479803] ? futex_wait+0x5a1/0xa50 [ 2430.479828] ? print_usage_bug+0xc0/0xc0 [ 2430.511010] ? print_usage_bug+0xc0/0xc0 [ 2430.515110] ? print_usage_bug+0xc0/0xc0 [ 2430.519194] ? zap_class+0x640/0x640 [ 2430.522926] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2430.528045] ? futex_wake+0x304/0x760 [ 2430.531889] ? find_held_lock+0x36/0x1c0 [ 2430.535978] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2430.540574] ? lock_downgrade+0x900/0x900 [ 2430.544762] ? kasan_check_read+0x11/0x20 [ 2430.548927] ? do_raw_spin_unlock+0xa7/0x330 [ 2430.553390] ? do_raw_spin_trylock+0x270/0x270 [ 2430.553417] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2430.553443] __handle_mm_fault+0x4bbd/0x5be0 [ 2430.568066] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2430.572937] ? zap_class+0x640/0x640 [ 2430.576667] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2430.581618] ? kasan_check_read+0x11/0x20 [ 2430.585785] ? rcu_softirq_qs+0x20/0x20 [ 2430.589787] ? zap_class+0x640/0x640 [ 2430.593519] ? zap_class+0x640/0x640 [ 2430.597259] ? find_held_lock+0x36/0x1c0 [ 2430.601350] ? handle_mm_fault+0x42a/0xc70 [ 2430.605613] ? lock_downgrade+0x900/0x900 [ 2430.609779] ? check_preemption_disabled+0x48/0x280 [ 2430.614815] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2430.619759] ? kasan_check_read+0x11/0x20 [ 2430.623915] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2430.623931] ? rcu_softirq_qs+0x20/0x20 [ 2430.623948] ? trace_hardirqs_off_caller+0x310/0x310 [ 2430.623969] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2430.643882] ? check_preemption_disabled+0x48/0x280 [ 2430.648953] handle_mm_fault+0x54f/0xc70 [ 2430.653040] ? __handle_mm_fault+0x5be0/0x5be0 [ 2430.657650] ? find_vma+0x34/0x190 [ 2430.661234] __do_page_fault+0x5e8/0xe60 [ 2430.665315] ? trace_hardirqs_off+0xb8/0x310 [ 2430.669772] do_page_fault+0xf2/0x7e0 [ 2430.673593] ? vmalloc_sync_all+0x30/0x30 [ 2430.677763] ? error_entry+0x70/0xd0 [ 2430.681495] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2430.686523] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2430.691467] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2430.691484] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2430.691504] ? trace_hardirqs_on_caller+0x310/0x310 [ 2430.701272] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2430.701291] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2430.701310] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2430.701326] ? page_fault+0x8/0x30 [ 2430.701347] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2430.730238] ? page_fault+0x8/0x30 [ 2430.733797] page_fault+0x1e/0x30 [ 2430.737268] RIP: 0033:0x4510a0 08:16:48 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) socket$l2tp(0x18, 0x1, 0x1) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:48 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:48 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:48 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:48 executing program 1: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2430.740479] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2430.759399] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2430.764768] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2430.764784] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2430.779323] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 08:16:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x101, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040)) sendmmsg$nfc_llcp(r0, &(0x7f0000002600)=[{&(0x7f0000000140)={0x27, 0x1, 0x2, 0x7, 0x8, 0x8, "244290101e3151096b2e4edc93d0157d7f76bad35b14d55eeb6ae6cc6b354c8b37f81737531d6e8edde20d9146ec6c3c793b87496080178a1d3b0bc4e373b7", 0x7}, 0x60, &(0x7f0000002580)=[{&(0x7f00000001c0)="b2352951bb668c26a0d91a071a759c711d90fe4c39d118b497a1fb125d37453d01a36388d609d405759aa7fbde72fb84c8755229d2b0f481c9e49399060bbdb193ad4bbfb1efc838393db6284ca097863a8445e53d0d1f348274a19b6f1312d134f7fa6f8b4e42089a7fffcc4ef34f40b28bd4dcbe43e0dc883a4d84a9a105c2b8ba24cf920fc402fbaab48fb77b0c404a212ae502a82181454a0758c1ecffbb90c7aaf60a3a247ac036d2bdc596c58b28d6f69cd05f93ccd23dc9dcf27ee988147e92eeb2bda801996d936a2a6dcbe02622d38313552c19dcfa0e1ba7ca8d1b083b4a341f9bcd3ff9c6674d808ce16273e4cc3a45801fdf7d51256c2fdd7eab2ad3be832f03f7feb41ae8adbed48584eb5f8b52ac34cf5d74124fb16513df030d8c9228552a7fe2bdb366b7e8ba3e5d8acf4b75fa84ed498e0b8e5755bf50d15ec14e115e1b0dbc7359c5879408db78af0c919f0f04eb07418a69dcd4be86c8a6354b5cfed70d191d189b6cf1f8b84d3688c907e7db23c3e7a89a34f241d3fc7aa8a3e629e5b5e4caa3dbf75260a48b716d8871a70eb49738ed4203a55cbad65791d5da6137ac17a4815c42a6237dd62c115f4865551378814919d5c658a4957d1de53eda7e3e2748da52960698331df4742322600b42476f60b226e34f778a634bc3daa13aa33abf4126dcaa9586a2b4f1e5ab72ec5f5c2c2bd82dbcb05194d515c4c5a976d5ada2286e1598cedc8d325fd341805446870ed34b39b72902d3617e2fa1d02caa8930d026250f517dc5cf79c2dfb38c22961a10d1d445c69d4beed0bbb8b273bf7493ee8ba6e273fa5b95423406b7a65ec221687514d360b08daed85d4d069b2a8be15c918351702fa358a582852e168ca5ba182af8a33735baf09a109f10bbe1995e8fa378a6edc69b72ccd176971d667fc85e3ce2030f123739bd2d39606f47eed5ef158fa33de2f55b9d7713e7806b2f8b451dcc56b8f5b2cd2781ea96a85eaef8811567c81599562151f9a381ba5ac662965efc370b5becd81843b532240d3ef224ef69a1ef8fc1ab8e30c682c2bce985c699e7c9aa51176a5fe8efe596672092ffe99dc3823b796bcbb295253c43a8ea6c0561938256f00cc54e85ff2956dff4a23d75a6820a29f6340142f7fd4587833eebceef9c6c85011aaee17b81cc1b5d815d51612729112fbb0b0138d1533dc6b85bbb84601f242f54c56409aea513dc091634e958e59bec392b0a82d5f89f9e310df79730733d30ebcdd7afadf9495920cf13b3e194c0893c100b23fd056fa4ece7f937f6bf255cc1dd2f91a4dadad98ee5d1eade87c144ca5d3d3d4b7789783ecbe94d2a05882aa7f975ebf599884727b10fc40e062c3a962e68c5b96c455693b508a99b1213ffc5382288379f256a3d8db05cdb97cc5a6089eac4e7bc462b342795c55cc6e753816891fe2fda606ae109400b47807d28c9a74e44f90fe969acd4aff66718b996500a8c1363648c833d020bfac79f4b642fe7ae914270c540a6c820c51e0d6e74ba0ea27d9b3705c9aa1b9664763f2177e6c520cedbddf84736af1a02b2bbfe27f480b4770e7ff66635cef38960ee5184029646b84f36b4e62843cd5eeb2c461a1bdbfc372c5f286fc5561d4814f642b7f2ca8164d14414592af514d9512c839145f4c27fe372985e3092c96d3152556791c795d6f067fb434ea3b9329a6c359aa21863d868d658e509c21d597ccd5e2ead2c278c779a54a171205446fac8f7c64b363f24a753cad4fa0c5bf5703685dfd13bcf3fefb66883a72091c06e13d0898899ea5a0bd5913540c3cbd3a7512184cb954f11695e65a688ae5ff900f94da5aab33ef7a3a7086a7f149dc58fbe3a0a90f48c476e2ac622e139391655b37763a8e519d39f8162e930106a1055e0b9fda58191653984bccb6392e540b58da98060d6abb736fb70f830d3729c3e2c27cad989a6f1bab76a626c966176e051fa16d288966f0f2f2a57249eea506915237b1c5ed2f97cb4e2675b9445bab49af75d65d3450330eda195b77b573b02625c3e9c462d94d2203851b9eb172a8c5681a92df5d0447c03440559838c111736596fc5ac9a39d1087589f200594dcdbafd49fc85dcd586c1f3757084d436dbba5233d756593c2a17f7b6bcf44352b4959246bd00cc7419c98ff669780a704730579ae6c5d735d1944dd0012a10f5d9307cc97e408145abf2a58d5897736e002d33e4d31379f863e8fe9b2087bd38d8a3bdff42b27dc3e6949404b0929515ad220ed8ed92a9008fe5ac9611c5d6c6d73c333b65367fc03f9aee9ed5a39d2cc133b67228ae1ba4c61f651ccde0c9dab5f7c377d4669d0955463aa764779028152bb52afd811ad8e0d470d11f4563085ed889dd89bfdb6d31827d8d83f1f8bcf9d612de2286a220e12934d745d17d09f7018951bf51bd3b13c9876d1fad757718deda833f74ae207b30ea6c4927e1783e5e51754bc1e4c798fa773ae010496e441071ef137de9ae199a1b1e6b855e25625e4c97279ad53cafc2752849856175a40afd230d53d7bcdb150dde9922aaa5dc7dcaf9b34a9e400c2a7957931f848dc3375f2af5a5ccf9dfff9417aeacdd6d37f7f37f1a1338204b2dbdf9a77c7d2e6f5d828e3a12f26c7a4f173c24415204287dab9672d8ecb4d5211bed5adc997d18f9c0fed1b548e91ea541764d359d9e250fd8602666a5be4ccf8ae5306aa55999ef01536c60ad0c341c681be09e8ee6dc8d8f5d0f1654b95a43bea0e28a56b9e818d52e5e1b2415f1ee4de01f6832ad49a25672b4cd3dd81c512164abb86ebb351ecb63da654278f27d2bf304812356c813f4ad0cd5e3bd50a5870f0a33784b8d61d96dd31dbb617b7b62d3ce26cafe093c6dd6c35981199bbb30d29ac2c16188bf9de8dd552fa85de8132e1460afeecc25b32b19de9854c01f1b66612534c2db36ed8fa64d846f4882b46c57ec6d5147c1805bafd27b52bad375059c82e3b828892acbd5744f623742e479edebce32c301a3408f06870c360a4580b42fb19a348018925b490dbe4923f11d186ad272ae94c23e3f52faf3dcc433990ec0a39dcb59f3ac749f5e09a64b6baa6deea27dfc56ee4406e92394a0c82018ae76b43c08ea657df0b817e49f06dacf65b8502df51b533a65dedb64b0e08d2384bd94f4e000157f21cf7204f8816eee45759323b2f9969fc9786f98bf2c25906b95a938827e3df22e26aec492c077a7546e3bd623173f632caf8bece3f808e5c5c6e2c3d41b1a905d667a6243cf9375a417ccb86211105c3a9b904371e45633dc89d8c8cca7a9f39fc8ff1385aa8c648e439e72202cab38518a141c69c0bc947ca05bb162b8b194d9988094ecd5f1e08afaa7461774215266abb1ff24ad6a2dff4f61733cc125b19467c3632143e8dfa25fd48e18fe79cbddf98a1ae8c37a843c9cf796a90ebeb8e40b4bdaf370dbe146eb2edb94bfd80ebfacc0a93664451226ea1d11da7fe42857f8569ee3b805455a017bdcbab481d755dd6dec05bbf434acfe366926b61a25f0aec7fa0af157da58215bba03b8613be5c68dbfd382679f59eace2c12b44c02007685a3b42848062ff97b86c612dc4c0982e0080751605931aa2723eff8469e7e51c57dda31d8274df7742c662a8ece5d9a3e96b364343e2d12d302d72d74ebc27c1483c19dd85ab4ffe0a1dbc054b5c9838650b90db99797068e2bd4fa9a7e560ceb8f98cb938bba479f64edcf8f75ee5ab21b4f1ca88ba24b5b2f05b55dfea795530ee738dc7e8eae3d2d99f0ed3f902cbb83833caa4a05d621b0c4058e20196169d39c9c2fd171a9ee3f572a696e8a5f5e06ae6975776329a45665bf8bae820f0ef8ec1ade33fef51de1137ec0742fde048ca82938b9740b9baf5dd347dd21639bb60ff7d90c9e7f71e5fde8f45977eba2a4be3d8b659afbbf2714f765d5db43d0340b3e2dd48efb68cb8201f952eb240b266bd541f67de33683712b90cd052067800fe221c61282d71d3f4233ab7c5ab6755e67545de4e2eb542c7ba9af9ed09e3718225379b4c03686fb6dcd3d643114d3afe62d43ef5e38621f18b382dc7747181031b40e05d2ddb142135dc62ee1f9cf88a1b158529c0b7380085fecdb68bcf5ebe3924ca36f04be411612979a38d8c5f33d6bb80867760ad442e38c079040402e0fa0388ea34942dd6f3ee0aa2d7ed3935931ac72cd5b50f709bf43060af44bdca04a00720b6fbccb8612f15a330e33a65748dd825f6859a2393054dbf24126d09108db19489ab4aed69f24d7ab7d8479897b16a996161af3bca0d965c3c595149a1fd151c9d754e7ed0524819bed0698505154bfab0d434a672a504b41c2efde711a9bf8f8c0f037f203e5aa720d6c3b0316cec548ebfdd35a67235a4454c067b542ac7e409def0d8eb78f762b8f72b97fc2ac6482ec493b4770cdb4e9d4c8fbf8ec5d3d6ae4ff75fc65bc05bc804f6a718ae6b82df6ccaa89b1dc18f35fd30061c8fe50c6c9719e0fd7bd871aff705a1f21bf5f7771dcebb601d414aebb9962cb9820b8e90852cb28f8ad0f8de0f94de8a6383f1dcf1d3d77ee94ec96bd179f27e4ebf411324920877ead9db8254367852cec4ccd3a75712985ba86ae42f66b82d6d78bc08d014a8f78c1819775c4637bdc0eb23af85eb93cf7b886407e1a21a95bedbf97d56e455c2a2a39c3ca74ff8a1182fbf5203c13729c88339094d92176834f49dc8c21c20adb592e50ce6b18172a8ea793a71dc47ecf244946291d631510b54d362de9e6c8b3df0efce813fef21bdda83e68b1e6726392d3465f9ab0e75450a8cc4d6f4a349a5bf1c00f409d3cef694073ee552a05c96add6c3d90328b389d68904a350fdd342e36ce69bd3b54beade13c1bf5ed48bf758d26511793ad99d58095fe6c49b9f4650528816b808f0f877ef14c276a7eabd42557a6f12a02f6ac0a1ccf12319b3e1c76e66545b8507f3688ff84b251807459165aae1026f9d1d05c518b7c8b83c11ff35f733534d73bdf3e02ca62442e1c7f51c1d7a4d403b36ab1fb7dd6cef81ca2e6051312735256cdba1be8cd77049f31342d0ea614498b848d6ab2ebc32663f6bb42c33a30695406afb2362f5af25fb74b70769ffc21f243d7414756f463a3a6cfc6caa2a6df2bb94c645120a586a119a3d492fdad1dc46ca67f924f9fec97e52ec04df8eb023b13fcb50f98d77484e69db4afeeb1b8d8e762006425482dea73ddead979944959fde5548e1d9077018e728b8ed0737d013dee7e2b2884a4d736a01d980b96555afd586dde39b4b987a84fdaf17d636dec4cf263f0c123d03bb091a5a71063b5e8afd901e9799be3775610d5b966a6814fd0fc517022c2283efb7415cb083048b93147cd2d77328d58d6ceaef9d501ccf8f3c84654958a3cdb2c0d32bb258c7b3bf3888019bb4dbc8d0938a41cb239573d4adfec640955f5b23dea5a71762b4036d751c8e0231548e1eaa4fd392fbc0740dfc63db480bfd2b3e04ec134da1ad92fa47ed0a00193eb1c2ae74ee1eb4c02cdeb5122d2967dd0b0dadd6d489188bf9fbf62c6bca6c13b74cb75c29a6e6f6e5285ef89d6d1a2b2ceb3366c1fc705dc477f7a0a1e28a4185234b906073c8ea4ffa734123d74e54456108b5a9f8dc38e5aa97b5630129be737aa7c00b849f2eaa602c9a6dc286e4e1578695e1a8fba52d72dbfe0b91ac6ed3a181dce35d99c9b5251402437f857d011ae257a93f5ba642f300c18475e6a819ecc21c52c5eb6c91e3ac64639763126f2", 0x1000}, {&(0x7f00000011c0)="197965115376e4146ebf1436110083b424e5288227461057924b568bd903ef9ee9d503b88ec549649fb689c94fc998986b9870fd109228dd456ca6d768d44917336d07f7e67fe2919ff8aedb5105a226", 0x50}, {&(0x7f0000001240)="ce43e09ffca66ef9b08d032ffb60543da2cf87063aef499b1d01e507eb145cda13432d2a14b27fcc2531300d39fdcad8c374013725b930c4016a1a23ad0b1ce9f71f1ec1c260128c48bf22fa84a9ae1cb95e4b0b8533e3fb875dfae51d584caa87fb00290da6cffe33cd656acaf9a34b2dfea3b8d93eb39df234b32d184dcb47923a392e24060148b1601803f648c922f59937a6ce41c770595e833ab44b0672bca11daf3840cb0342b73fe9bad0c3b411c676a7a480ed30b8cf4138f0cd7de7525d46d9d4d6928f4fe7a3a62bc5879b10320147f9d12d2ecee2ead9a9", 0xdd}, {&(0x7f0000001340)="52898a16ba8661dfc7c4c3de63a19be02a2e585f555577f9ffad368242ed3539ffebaec537272a358a075f375d4cf18419c1cc61b9b7f42b86bac6a74cad99ab7bedaf736a43443f4d5aeb4079623f9d11eb95f60a38", 0x56}, {&(0x7f00000013c0)="0fd62e4669bad219a33b3eeba6780378e2b8db588725f5189c9eef61c4f3fda972a670db70f5b0e9a4b06ddd1bb0b3ab613a672daee00c4a475ec7e5b3680a73fe4328043968119db3ed2c8fabe0666ba66b204ce052a88e12b5434c4cab1a9be51a1e0a33d66e219dcd4ae343270bc669eaded9410e95cd651d74df4adcb23aec343fa103c3ae5b14901d84cdee3c463138a0527f88d0bf7f1d2693ef9d7fca670472db046123ed6272257ef2", 0xad}, {&(0x7f0000001480)="7d07646c9fc0f5858395a35d19f1e37d93e6890bc25865ff64f49f98cc869dec5cac869cbc52468d76d0c333f63b60468a8b135b437474ac60d123f4040e7f048aa9659121b152394136131320cc0e8f17f384ab11d33daea313733b76df9f2f8158ee61b470b2b89885cddde35554557d85df416165f339f93c9a95cfbda38aaca2a1d130ad988071aaea5d27b7ceb59169267b8a89f44f7871737964808d3ca30c7c26cf122c869fea13e5c070e2d185c9192b68c94ac7add377a45ed9f3d9bde09fc7b9508fcd6da9537ec73eaf68c14e073626eb9690ce8e2a1bae490f80a057ff38444ef1acfecc6a5b386be071fa5e50ee1ec71b0af8ad412d94384fe0e26afbbaa52757bc250841674662815dc3b7bbaf73117c96a332cde4281c349bbc7da059cf77692b760c991f86fd3e6d2e949c541aa3a4a4d34fa49ac5868a47ea30b7d9e3de85a7ada8caf42232dc62ee64536a217803dbc457f19a75ff94d352f6562546f2fd6c070369c8b270de4c66049bdb97ed6f9d675dbdf40719df5cb4b4e22b33e67fb5055af55289fb445d5154ef4f6bdc29852fe5152da2660529a0d1e389bb289adfe56e7cab412c2d9c12d153e6e0a22bcfc2ded6b95ec3e8c5896122a0515de1e6669c353b985c8265802ebc0fbc6939347ddb866f2f7bea11a3287cb6163235ddef9573de83b9bc0dc3c95c38a156eca49a2b5c163b9fd786dc1aaa3040c6552dbf3cfa8ed8aed334fa01752f901349f58a70ec848f5129eb47a191fcbd08dfe1b4171118c0db5720d0fc1ea31d7ed27dbc9390670dc24470a5cee71cdcea6324c1fae294374451f24c5d0cbc3a06cce719d327bd1d2072596a52d1f22a16fd867167b50a8c587d28b9dc02197dacf16260a69c364f505c3bf9eca1572ddd7be56d2b91b330686069e8c810269fa892df86294ff96109ffcf07b6e51100bd156abc43f836fab1f51c1c247cf45cf8d63ef358aaf38ae05caff500320756935ac45590bcba0eb218654a68a384064596da22013205f93ce72f0821ffedbd54eaabdf6739ae26fd307b7acaa4073f0b82ad4f620ed85e10f55f1a40ef2c4acddd8b8ead111c861e705d50f54513fa8a8e030137e15867cb88911599c82e7f20e1b79eddefb3c23ebaea3a4ed8b7e85499ad70de32c061d05bf778cf3463f20e2bd04a27eec9d2ee333ecef6bc06e3f7f55cd2022777cd8624335d4817b1e492c3f2f05b3b6d1f9f7d351125014404a6ada0b83f4cde27c0f439a55a36d190e7d8676efac522338dbe8ad09540bbfbd2814e3512c55639bab04a9a9fa1f305244f4088511e712c3d6cee335b2006890499dac2addd6d358e844812724ac3e65a64de415c215d63692dc2b390dccaf4c631c2221284c4d3ed0fcd1a2d93d66a85fa9c351853bb003e993883f7716ac9e6da1990f495dc142b26d04d5d535f2fdaea671ccb0e50048bad08316d26d0ce769ca06a64676fe06ee4fabe72969771dc71f49f367379b5e93108bfd2a88598b9555e93254d1e2ead4f5e12b604efe91e328842e3bdb6791ede1fc1d408d6badeb2c5fca63d2a68aa7510587927fdcc3925b598cc900026a1bb1f34d377a8c52d874d63dcdfcabe488ac4d7a222bf4ce48861b8ca580cb97fe1c435c4fd5350626494fbff62d3e578fe6359b7b21da65ef6434918a7fc9b8aadfda7a65bdcfad20b6913af0e3b919e97d641044e4a1c868a0b4277b869c6b3b73d24148cc76fd7bcc584dd9370adbfa426ae54e709a76fac9fedb3c6b42c3357f7962b53337efc6580c58412b4c5ff0da1ee68087228df51965d882a8f8d0a4742f5ca52b0580618ddc0c6bf9930613aa20964747d63293bf230261e7522f9d42e6261f79cdc07b694f5d13b6db59c18392abebf65da826434c6ccd3731c5e28ca28b7bd44fa6ccc81ea51bc1bc66f7df860b00053a3976a40730dc3c449d907c5069e8c21885b3c26ec7a25f8cbae32d1b9fd01f7c9a7e5252b5290a2097933c412af590b14e591f840eb8abadd157759946a28f0617b33afbbe9c835c119b6cc5916bd96159bbac94671907482c0be0b45bf583f6fbdc5fcc44e1c2eda0fd4a9fc424853f1ca27434b8e55e02abaec5d975be61caf473f2ac04a00c7fe6c4a74bcef0fe3dc29bee2b1b20aff6fdd7df297371e5957ce3cedd2e3f63ef231ee41fd0f6e9176c2b913443af6601e11535ab53f8d380abde45a3ae12323025e23ee32e52e684394eb5d04b4ebf16332c7ef5cf6386121d7a4ecac498d3bab4fd49c319b29884cb49cf4295ca9e79f432f76287c16ec1ee4d3e84df9a1c1a77377af658780cfc94037d5a5da7ca4332dd3c6389c36fefdf94fdc5c60f3dae1fdb7f1a362829ab01e05784b7871be4f59d7467b179e4329466dd4dcfda104d8bb35382d9c40e2cf13412f56f91331df362a0f4681138acf3a515395d771b7163de0f3debd671e6df60b28d8a419db7765d3ab4b1e029537792bdf0ea39b0f5f0b7f222195ae367e14dc3a2a221de53ffccfa32b6e0cb641d36d07fb59afa68a1dda2598f214192b6337509ce11e87dd8a082f454c5a8b1801cefc8bfca4bc13d54f776e4107fd10c6826838cd52d1e2a685d2421aefd6d8f033d911cb691825bb295d1ab02ab65e86586971befe533bb9f1c204390d52679d4af97d54eb36f2e68625407a2c6ef237c194af0d92d222e2168013d904e3f8043268fcc4509f9d075b36282f391206b48e45ad98cda976fa36e1b063c85c1c1553cc451eec8d1d782300fd385b98aff5c858269819687356b395e82eefe47a3a54b43c19bd5d0ae6fb30add3a29ce50c603dcdbbcf3d65480e99f0e0b430c5521c377b68462354aa2ae65aa529167bc9716cca995d7825d664138c4a860fb2b2c39824f357defef5c829b9e9042252fb9cb3798bce3266492820e4f13283d6f15ffc9fb90ff996b23304728e9f4b563f44198be0dcce770032e7d3545eb64550f143b33894503d2d1a42c152fdcbff97d2e58b1bcad9f5a2adc095390981859b742a4c67fdf1852afaeed173cb841421b08e3473b50a4845413b64ceb3362bd792fb76d330943145d0486541424878e362371ce7b6b4d164f7b82c60915beaaaa13a8e3bd479f94a96687cdaec1410b8097c28ee058bd14cee4c7c1425797c83de1552c75ac0dceb05191c69feb924b20ffa8fb9bef08addad34cde3d1a09635e8bd9ec195b13a1d3ab2fb737a654fcbcb67afed27967c2cf1a5fef8e8535de99d4e696c9d36335b0e92b0cd2c5523f3e119913824361429040faacd74d45ca34f328aea43e470463d06dd4c109f7ae21938a0b994875f6a5d7e227523d6c5811f53bd26f03bd9f623547d818bddca218b1b65d01ed44d0dd046b1ce083e9f6c9fcd3e3bc255f7cfc846b3a95235e5bcec100c6befda7b8d59403b2bffe485e21e3c8bd82fc9e097bdaf7d6ccbc4fdae3fcac9c9a5133bb617126254171b38abbc730286ffdb6ffbc212685717f0e1421312f88d8e1032ea0d9ba28a2c54b25bb286d11424f87257712fc7a98318b13e178e23e49a7ca2f26b18f3214df6be571a0bbee0595bf8e613d56406f6d754247a96566b6b0cab71feea16c3cf977aa29810869c7b440fa02ceedd599098492542c3e682d4118ce7f1f6c1a0b1a79078a81e334f952f1d1059b2e24d6959e0bde11ded5928a92c7ee02de6927cd6f2971995a1e7dce9328951b8244c8b9fa037eeeaec1a9f16113e0ab09e03913d8f8ebaaf0ebdaf1dc916368a30b6f05a3a3b2018590d6d289f1ff0ac38e52d292645b98bc91b65858cae91cbceda775524cafca91d67a7a7c9137f9004dc221114eff1f3035e19e34055f8d965602017b20b91488fcd60f57e1dbc574b72d99c8c566d5f79f67e133a2dd9df0e6d0e417663eae6f9861f6c3db393d6fd7ae0aeef433a8e615378cbc2723bd1593669c5da208f37f374942bc0ef9e4035f561e081f55e09d22ae4645742d97ac402d8e050831fc0fe8b274c91fdeca90202d30d1b283b948b4143b0fc92010e60bf59d6599f7238d8f1401f0dca442796b3edff8fc97a7fde830a62c66631dba061f7cca1beffc883c87e5816232e4fb00da0e9883d8557568950d37120d0bb7dcb59b43171a74ce833f3c346ce25e158a48a4cfe896eaa039cf1dd6fdc26cdf84885a70b407d59445ea3c4f0ea2db341f2b13cd7431db9d00da3809dec67fc1190b9ed33a00a57c3213266f0119caaa76e9ebf8451d9d083512357c546636f019ea7be59786679cb68d0f9a1946d140b0d529323949f75be294fff04fa621042c93fdd5d2f0e03570766b382da859e267151a271969392bef3500326830106984de6432394085797613a164e64dd7b05f1578b3b020af0d5238499a3032cb352851b844b33b65e7826bde5a268aaf42fadb5172d74ab3118314d3805219fa82d8c8a42240960d0ea498fb6d4c451479f70f8726e39ce8564fe0c8df942120ca841a5e90eca016cda2b9bddbb6217915b2f73e92dd98fdb9b7e6211d4a081072ec2fe6b0adfa65c032b451e5c4f0a0d60751e783f24d61f412148d54e41a25100cd915174c52e09d36f24b5bea89c0600a2cd487bed4f1914723efc7d279bcc6098c9d9fba46a32ddf17ac377b5f39b552ec8ce041204309530ee5da8325f3bef8363765d1f3ebcdd65d01912838a67ec65da53cd4f22116171eaa6097bb4eafe478804ad02df23601ee8ce21e2da4d7971e9729a90f4814d157575432844ece91332cdee26e80477f490c14c36d92a2e33340ac885c218b1f1f28058de3a042a98738f37bdab9fa6ac5c0e28a462d59e8f6d0b37821332fbcfaee6f9ad3f164a785048f68efacd118c4b9e8be5ec140f7c4ec1114a5e8dad1ddb986fbc707750b505cc899f1268ccdc9d6fdb18c717ba1bc18d35855e85df0e8e0c848e2baa6e5842c0363eed59e7bf795ef87c90535fa0b6198ff91d8593244296d58f631ad25957ffb9233a384d083685cba208f471eae5c7636a4e6dcfcecee99f9d83ece4dbd6d40e816c488f38f5df48d5e6a12ea0c03bba7bd80eca81e66e067a7f9cf7a6520df3d7a7e53294d8dab7a6255b599d060c5586d363748476ad158452dbec202f42ea010abfea1e0f1609b13c50fa3ba756618d9ba72ec6f395bbaf471cf36d119239d689191f17a5745bdd7c60757c3be426cb4f6992f6b083912aabfa2284d3909f40d9aa9336e5fc4bd7294407a1038c4a007fd0f19525eea1b8993f9a2a019af4c8a8d6b36b037e001ab1a02406cd334135d12a991914a3907bc1f5a4445de697955649cf6ec562d0d6d5ca1a66cab0fa05c35257f44d72a10a893995048ac4e49166f8b02e02fdf9ec20be49454385d949fed5b6af190a254ca937b66f56efa609c6529815ec2b39a9aae362035315f8e4a0ad69d70d4320ea27e66ebff23400e884ac7dee36a517a381803fc5eecefb43f1bb5871905501537385f4227602b0bfb9b054ee47ed620820a70ab4ee3355ee319fefd97cb74869ec2bd35eb105759f4a790dffe0061846163481cdc1dee25be7eb8a09beaef00fc87aa7fd80e8e706eeb0887ac4d1666b77246b0bf66d2193c227c008ab292490c31258396ef1b23305f6c5825671257be2c872cf34c91fb6e15ac8a5eb5b5c3a1edc39979605f0ecd577d6f6273c47f350608512509568aac751187d55be100fec20436baec03ff5d3d5dea292d8588d1f98b5e4c59b0f421f13168cc672ba6a6371744f12cd25ebb1cbb2541ff523ec6463", 0x1000}, {&(0x7f0000002480)="8b74058fa561262171b96454183ca4c48a54e63d886de33506bfb13e868724d9822e1e6e18d1c0840c347abd54da96c4a8f1357c3ec48ef75bf70a47e470d9e9d96cfe2d897e23d8e68ae6f40483e089fdb5c137c1d8e4b8c48d2e0a1bcc94996c804eae14faf36ee68198e20edad4dbb5b689401a7f63e47655166b2117ae0ad66eba696334fe28d956b84764449a4ee16e2b53ac45cf1fb4db61e0be4eff8fd07f4eda33bdb91712216d97d53683626da0a8d001716d1a4639d99a9458747cbdd04056676e877ab967f3ed72e458a3efd542545b87fe7aa1953954f4c146f7f9c1bec5c46a04913390f2cdbac2b77eba64b719d27f190bc78c6b0a88", 0xfd}], 0x7, &(0x7f00000000c0)={0x30, 0x10f, 0x80000000, "ca4e5e142689f2488f2f6f7f0655be901839957cba56d71149ebd38b11e9bd13"}, 0x30, 0x4000}], 0x1, 0x80) mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0x7, 0x7, 0x4) clone(0x4002000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) [ 2430.779334] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2430.779343] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2430.831605] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2430.840487] CPU: 0 PID: 23806 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2430.847872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2430.847880] Call Trace: [ 2430.847907] dump_stack+0x244/0x39d [ 2430.847931] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2430.868692] handle_userfault.cold.32+0x47/0x62 [ 2430.873405] ? userfaultfd_ioctl+0x5610/0x5610 [ 2430.878010] ? mark_held_locks+0x130/0x130 [ 2430.882269] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2430.887296] ? futex_wait_setup+0x266/0x3e0 [ 2430.887326] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2430.887347] ? userfaultfd_ctx_put+0x830/0x830 [ 2430.896868] ? futex_wait+0x5a1/0xa50 [ 2430.896891] ? print_usage_bug+0xc0/0xc0 [ 2430.896909] ? print_usage_bug+0xc0/0xc0 [ 2430.896928] ? print_usage_bug+0xc0/0xc0 [ 2430.917494] ? zap_class+0x640/0x640 [ 2430.921229] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2430.926343] ? futex_wake+0x304/0x760 [ 2430.930184] ? find_held_lock+0x36/0x1c0 [ 2430.934275] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2430.938874] ? lock_downgrade+0x900/0x900 [ 2430.943046] ? kasan_check_read+0x11/0x20 [ 2430.947219] ? do_raw_spin_unlock+0xa7/0x330 [ 2430.951650] ? do_raw_spin_trylock+0x270/0x270 [ 2430.956267] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2430.961939] __handle_mm_fault+0x4bbd/0x5be0 [ 2430.966397] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2430.971255] ? zap_class+0x640/0x640 [ 2430.974995] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2430.979951] ? kasan_check_read+0x11/0x20 [ 2430.984117] ? rcu_softirq_qs+0x20/0x20 [ 2430.988119] ? zap_class+0x640/0x640 [ 2430.991846] ? zap_class+0x640/0x640 [ 2430.995579] ? find_held_lock+0x36/0x1c0 [ 2430.999666] ? handle_mm_fault+0x42a/0xc70 [ 2431.003908] ? lock_downgrade+0x900/0x900 [ 2431.008051] ? check_preemption_disabled+0x48/0x280 [ 2431.013071] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2431.018011] ? kasan_check_read+0x11/0x20 [ 2431.022175] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2431.027471] ? rcu_softirq_qs+0x20/0x20 [ 2431.031483] ? trace_hardirqs_off_caller+0x310/0x310 [ 2431.036605] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 08:16:48 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x7, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) [ 2431.042164] ? check_preemption_disabled+0x48/0x280 [ 2431.047213] handle_mm_fault+0x54f/0xc70 [ 2431.051311] ? __handle_mm_fault+0x5be0/0x5be0 [ 2431.055912] ? find_vma+0x34/0x190 [ 2431.055934] __do_page_fault+0x5e8/0xe60 [ 2431.055949] ? trace_hardirqs_off+0xb8/0x310 [ 2431.055975] do_page_fault+0xf2/0x7e0 [ 2431.055993] ? vmalloc_sync_all+0x30/0x30 [ 2431.075956] ? error_entry+0x70/0xd0 [ 2431.079697] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2431.084732] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2431.089682] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2431.094627] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2431.099487] ? trace_hardirqs_on_caller+0x310/0x310 [ 2431.104524] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2431.109991] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2431.115027] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2431.120034] ? page_fault+0x8/0x30 [ 2431.123569] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2431.128408] ? page_fault+0x8/0x30 [ 2431.131937] page_fault+0x1e/0x30 [ 2431.135430] RIP: 0033:0x4510a0 [ 2431.135816] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2431.138638] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2431.138647] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2431.138660] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2431.138676] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2431.181992] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2431.189283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2431.196558] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2431.203888] CPU: 1 PID: 23839 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2431.211287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2431.211298] Call Trace: [ 2431.223248] dump_stack+0x244/0x39d [ 2431.226901] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2431.232303] handle_userfault.cold.32+0x47/0x62 [ 2431.237002] ? userfaultfd_ioctl+0x5610/0x5610 [ 2431.241600] ? mark_held_locks+0x130/0x130 [ 2431.245857] ? find_held_lock+0x36/0x1c0 [ 2431.249980] ? userfaultfd_ctx_put+0x830/0x830 [ 2431.254588] ? kasan_check_read+0x11/0x20 [ 2431.254606] ? print_usage_bug+0xc0/0xc0 [ 2431.254626] ? do_raw_spin_trylock+0x270/0x270 [ 2431.262824] ? print_usage_bug+0xc0/0xc0 [ 2431.262843] ? print_usage_bug+0xc0/0xc0 [ 2431.262862] ? zap_class+0x640/0x640 [ 2431.279257] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2431.284387] ? futex_wake+0x304/0x760 [ 2431.288202] ? find_held_lock+0x36/0x1c0 [ 2431.292258] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2431.296826] ? lock_downgrade+0x900/0x900 [ 2431.300967] ? kasan_check_read+0x11/0x20 [ 2431.305102] ? do_raw_spin_unlock+0xa7/0x330 [ 2431.309499] ? do_raw_spin_trylock+0x270/0x270 [ 2431.314080] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2431.319696] __handle_mm_fault+0x4bbd/0x5be0 [ 2431.324096] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2431.328930] ? zap_class+0x640/0x640 [ 2431.332634] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2431.337555] ? kasan_check_read+0x11/0x20 [ 2431.341688] ? rcu_softirq_qs+0x20/0x20 [ 2431.345652] ? zap_class+0x640/0x640 [ 2431.349353] ? zap_class+0x640/0x640 [ 2431.353067] ? find_held_lock+0x36/0x1c0 [ 2431.357117] ? handle_mm_fault+0x42a/0xc70 [ 2431.361337] ? lock_downgrade+0x900/0x900 [ 2431.365483] ? check_preemption_disabled+0x48/0x280 [ 2431.370498] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2431.375585] ? kasan_check_read+0x11/0x20 [ 2431.379719] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2431.384982] ? rcu_softirq_qs+0x20/0x20 [ 2431.388977] ? trace_hardirqs_off_caller+0x310/0x310 [ 2431.394067] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2431.399592] ? check_preemption_disabled+0x48/0x280 [ 2431.404609] handle_mm_fault+0x54f/0xc70 [ 2431.408661] ? __handle_mm_fault+0x5be0/0x5be0 [ 2431.413233] ? find_vma+0x34/0x190 [ 2431.416763] __do_page_fault+0x5e8/0xe60 [ 2431.420809] ? trace_hardirqs_off+0xb8/0x310 [ 2431.425210] do_page_fault+0xf2/0x7e0 [ 2431.429000] ? vmalloc_sync_all+0x30/0x30 [ 2431.433149] ? error_entry+0x70/0xd0 [ 2431.436854] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2431.441863] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2431.446787] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2431.451712] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2431.456543] ? trace_hardirqs_on_caller+0x310/0x310 [ 2431.461548] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2431.466995] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2431.472028] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2431.477033] ? page_fault+0x8/0x30 [ 2431.480574] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2431.485409] ? page_fault+0x8/0x30 [ 2431.488936] page_fault+0x1e/0x30 [ 2431.492386] RIP: 0033:0x4510a0 [ 2431.495569] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2431.514457] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2431.519811] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2431.527067] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2431.534324] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 08:16:49 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2431.541577] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2431.548834] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:49 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000600)=@framed={{0xffffffb4, 0x4000, 0x0, 0x0, 0x0, 0x75, 0x0, 0x20001}, [@ldst={0x7}]}, &(0x7f0000000500)='syzkaller\x00', 0x5, 0x351, &(0x7f000000cf3d)=""/195}, 0x238) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x80045500, &(0x7f0000000080)) 08:16:49 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x1000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:49 executing program 1: r0 = syz_open_dev$admmidi(0x0, 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:49 executing program 4: syz_open_dev$vivid(&(0x7f0000000040)='/dev/video#\x00', 0x1, 0x2) openat$kvm(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x80000, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x100000001}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYBLOB="03000700023f020600000300b000ff0f2000c3b1e9e22a627671d77be332a2"], &(0x7f0000000240)=0x16) openat$cgroup_int(r1, &(0x7f0000000280)='memory.low\x00', 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x400080, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={0x0, r1, 0x0, 0xc, &(0x7f00000002c0)='^usermd5sum\x00'}, 0x30) waitid(0x2, r3, &(0x7f0000000340), 0x40000002, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xfffffffffffffff7, 0x100) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:49 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x6800000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:49 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xfeffffff00000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2431.774741] FAULT_FLAG_ALLOW_RETRY missing 70 08:16:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc0045516, &(0x7f0000000080)) [ 2431.798828] CPU: 1 PID: 23858 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2431.806235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2431.815594] Call Trace: [ 2431.818206] dump_stack+0x244/0x39d [ 2431.821864] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2431.827102] handle_userfault.cold.32+0x47/0x62 [ 2431.831801] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2431.836422] ? userfaultfd_ioctl+0x5610/0x5610 [ 2431.836445] ? mark_held_locks+0x130/0x130 [ 2431.836468] ? _raw_spin_unlock_irq+0x60/0x80 [ 2431.836494] ? finish_task_switch+0x1f4/0x910 [ 2431.845316] ? finish_task_switch+0x1b4/0x910 [ 2431.845332] ? __switch_to_asm+0x34/0x70 [ 2431.845354] ? preempt_notifier_register+0x200/0x200 [ 2431.845378] ? __switch_to_asm+0x34/0x70 [ 2431.845398] ? __switch_to_asm+0x34/0x70 [ 2431.845416] ? __switch_to_asm+0x40/0x70 [ 2431.876158] ? __switch_to_asm+0x34/0x70 [ 2431.876172] ? __switch_to_asm+0x40/0x70 [ 2431.876185] ? __switch_to_asm+0x34/0x70 [ 2431.876199] ? __switch_to_asm+0x40/0x70 [ 2431.876211] ? __switch_to_asm+0x34/0x70 [ 2431.876232] ? print_usage_bug+0xc0/0xc0 [ 2431.884350] ? __switch_to_asm+0x40/0x70 [ 2431.884373] ? __switch_to_asm+0x34/0x70 [ 2431.884386] ? __switch_to_asm+0x40/0x70 [ 2431.884408] ? __schedule+0x8d7/0x21d0 [ 2431.884425] ? print_usage_bug+0xc0/0xc0 [ 2431.884449] ? zap_class+0x640/0x640 [ 2431.884475] ? mark_held_locks+0xc7/0x130 [ 2431.924884] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2431.924912] ? find_held_lock+0x36/0x1c0 [ 2431.924941] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2431.924959] ? lock_downgrade+0x900/0x900 [ 2431.924983] ? kasan_check_read+0x11/0x20 [ 2431.932837] ? do_raw_spin_unlock+0xa7/0x330 [ 2431.932853] ? do_raw_spin_trylock+0x270/0x270 [ 2431.932881] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2431.932909] __handle_mm_fault+0x4bbd/0x5be0 [ 2431.932935] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2431.932955] ? zap_class+0x640/0x640 [ 2431.954620] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2431.954636] ? kasan_check_read+0x11/0x20 [ 2431.954655] ? rcu_softirq_qs+0x20/0x20 [ 2431.954683] ? zap_class+0x640/0x640 08:16:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x5421, &(0x7f0000000080)) [ 2431.954699] ? zap_class+0x640/0x640 [ 2431.954720] ? find_held_lock+0x36/0x1c0 [ 2431.963720] ? handle_mm_fault+0x42a/0xc70 [ 2431.963739] ? lock_downgrade+0x900/0x900 [ 2431.963758] ? check_preemption_disabled+0x48/0x280 [ 2431.963777] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2431.963793] ? kasan_check_read+0x11/0x20 [ 2431.963807] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2431.963825] ? rcu_softirq_qs+0x20/0x20 [ 2432.029386] ? trace_hardirqs_off_caller+0x310/0x310 [ 2432.029409] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2432.029428] ? check_preemption_disabled+0x48/0x280 [ 2432.029454] handle_mm_fault+0x54f/0xc70 [ 2432.029473] ? __handle_mm_fault+0x5be0/0x5be0 [ 2432.038763] ? find_vma+0x34/0x190 [ 2432.038787] __do_page_fault+0x5e8/0xe60 [ 2432.038803] ? trace_hardirqs_off+0xb8/0x310 [ 2432.038830] do_page_fault+0xf2/0x7e0 [ 2432.038848] ? vmalloc_sync_all+0x30/0x30 [ 2432.078914] ? error_entry+0x70/0xd0 [ 2432.078934] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2432.078950] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2432.078968] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2432.078984] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2432.079004] ? trace_hardirqs_on_caller+0x310/0x310 [ 2432.091891] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2432.091911] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2432.091931] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2432.091946] ? page_fault+0x8/0x30 [ 2432.091965] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2432.091984] ? page_fault+0x8/0x30 [ 2432.092001] page_fault+0x1e/0x30 [ 2432.111702] RIP: 0033:0x4510a0 [ 2432.111720] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2432.111729] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2432.111742] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2432.111753] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2432.111762] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2432.111777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 08:16:50 executing program 1: r0 = syz_open_dev$admmidi(0x0, 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:50 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x2000002}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) time(&(0x7f00000000c0)) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040)=0x6671, 0x1) 08:16:50 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xf0]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2432.111787] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2432.207861] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2432.233556] CPU: 1 PID: 23868 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2432.240945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2432.250322] Call Trace: [ 2432.252943] dump_stack+0x244/0x39d [ 2432.256600] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2432.261856] handle_userfault.cold.32+0x47/0x62 [ 2432.266582] ? userfaultfd_ioctl+0x5610/0x5610 [ 2432.271185] ? mark_held_locks+0x130/0x130 [ 2432.275443] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2432.280492] ? futex_wait_setup+0x266/0x3e0 [ 2432.284851] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2432.290064] ? userfaultfd_ctx_put+0x830/0x830 [ 2432.294664] ? futex_wait+0x5a1/0xa50 08:16:50 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x800e]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:50 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f00000000c0)={0x0, &(0x7f0000000040), 0x6, r2, 0xd}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2432.298490] ? print_usage_bug+0xc0/0xc0 [ 2432.302567] ? print_usage_bug+0xc0/0xc0 [ 2432.306652] ? print_usage_bug+0xc0/0xc0 [ 2432.310736] ? zap_class+0x640/0x640 [ 2432.314469] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2432.319594] ? futex_wake+0x304/0x760 [ 2432.323448] ? find_held_lock+0x36/0x1c0 [ 2432.327534] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2432.332144] ? lock_downgrade+0x900/0x900 [ 2432.336330] ? kasan_check_read+0x11/0x20 [ 2432.340516] ? do_raw_spin_unlock+0xa7/0x330 [ 2432.344939] ? do_raw_spin_trylock+0x270/0x270 [ 2432.349545] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2432.355204] __handle_mm_fault+0x4bbd/0x5be0 [ 2432.359645] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2432.364634] ? zap_class+0x640/0x640 [ 2432.368370] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2432.373316] ? kasan_check_read+0x11/0x20 [ 2432.377497] ? rcu_softirq_qs+0x20/0x20 [ 2432.381502] ? zap_class+0x640/0x640 [ 2432.385236] ? zap_class+0x640/0x640 [ 2432.388977] ? find_held_lock+0x36/0x1c0 [ 2432.393064] ? handle_mm_fault+0x42a/0xc70 [ 2432.397317] ? lock_downgrade+0x900/0x900 08:16:50 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x14]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2432.401487] ? check_preemption_disabled+0x48/0x280 [ 2432.406521] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2432.406538] ? kasan_check_read+0x11/0x20 [ 2432.406554] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2432.406569] ? rcu_softirq_qs+0x20/0x20 [ 2432.406586] ? trace_hardirqs_off_caller+0x310/0x310 [ 2432.406607] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2432.435584] ? check_preemption_disabled+0x48/0x280 [ 2432.435609] handle_mm_fault+0x54f/0xc70 [ 2432.435630] ? __handle_mm_fault+0x5be0/0x5be0 [ 2432.435651] ? find_vma+0x34/0x190 [ 2432.435672] __do_page_fault+0x5e8/0xe60 [ 2432.435692] ? trace_hardirqs_off+0xb8/0x310 [ 2432.441333] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2432.444773] do_page_fault+0xf2/0x7e0 [ 2432.444791] ? vmalloc_sync_all+0x30/0x30 [ 2432.444808] ? error_entry+0x70/0xd0 [ 2432.444829] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2432.477551] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2432.477569] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2432.477586] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2432.477606] ? trace_hardirqs_on_caller+0x310/0x310 08:16:50 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x800e000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2432.502321] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2432.507808] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2432.512846] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2432.517897] ? page_fault+0x8/0x30 [ 2432.521455] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2432.526315] ? page_fault+0x8/0x30 [ 2432.529878] page_fault+0x1e/0x30 [ 2432.533345] RIP: 0033:0x4510a0 [ 2432.536567] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2432.555478] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2432.560854] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2432.568143] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2432.575429] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2432.582714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2432.589995] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2432.597298] CPU: 0 PID: 23899 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2432.604697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2432.614060] Call Trace: [ 2432.616667] dump_stack+0x244/0x39d [ 2432.620315] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2432.625532] handle_userfault.cold.32+0x47/0x62 [ 2432.630231] ? userfaultfd_ioctl+0x5610/0x5610 [ 2432.634832] ? mark_held_locks+0x130/0x130 [ 2432.639090] ? find_held_lock+0x36/0x1c0 [ 2432.643181] ? userfaultfd_ctx_put+0x830/0x830 [ 2432.647791] ? kasan_check_read+0x11/0x20 [ 2432.651955] ? print_usage_bug+0xc0/0xc0 [ 2432.656027] ? do_raw_spin_trylock+0x270/0x270 [ 2432.660645] ? print_usage_bug+0xc0/0xc0 [ 2432.664727] ? print_usage_bug+0xc0/0xc0 [ 2432.668805] ? zap_class+0x640/0x640 [ 2432.672537] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2432.677665] ? futex_wake+0x304/0x760 [ 2432.681507] ? find_held_lock+0x36/0x1c0 [ 2432.685596] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2432.690198] ? lock_downgrade+0x900/0x900 [ 2432.694394] ? kasan_check_read+0x11/0x20 [ 2432.698565] ? do_raw_spin_unlock+0xa7/0x330 [ 2432.702986] ? do_raw_spin_trylock+0x270/0x270 [ 2432.707600] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2432.713250] __handle_mm_fault+0x4bbd/0x5be0 [ 2432.717681] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2432.722542] ? zap_class+0x640/0x640 [ 2432.722558] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2432.722574] ? kasan_check_read+0x11/0x20 [ 2432.722590] ? rcu_softirq_qs+0x20/0x20 [ 2432.722617] ? zap_class+0x640/0x640 [ 2432.722635] ? zap_class+0x640/0x640 [ 2432.731316] ? find_held_lock+0x36/0x1c0 [ 2432.746844] ? handle_mm_fault+0x42a/0xc70 [ 2432.755126] ? lock_downgrade+0x900/0x900 [ 2432.755145] ? check_preemption_disabled+0x48/0x280 [ 2432.755164] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2432.755180] ? kasan_check_read+0x11/0x20 [ 2432.755196] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2432.755213] ? rcu_softirq_qs+0x20/0x20 [ 2432.764400] ? trace_hardirqs_off_caller+0x310/0x310 [ 2432.773458] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2432.773476] ? check_preemption_disabled+0x48/0x280 [ 2432.773500] handle_mm_fault+0x54f/0xc70 08:16:50 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x40100) ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000240)=""/219) clock_settime(0x2, &(0x7f0000000040)={0x0, 0x1c9c380}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000140)={{0x2, 0x1f}, 'port0\x00', 0x80, 0x1000, 0x2, 0x80000001, 0x9, 0x5, 0x5, 0x0, 0x2, 0x9a8}) [ 2432.773524] ? __handle_mm_fault+0x5be0/0x5be0 [ 2432.782784] ? find_vma+0x34/0x190 [ 2432.782806] __do_page_fault+0x5e8/0xe60 [ 2432.782821] ? trace_hardirqs_off+0xb8/0x310 [ 2432.782847] do_page_fault+0xf2/0x7e0 [ 2432.793515] ? vmalloc_sync_all+0x30/0x30 [ 2432.793533] ? error_entry+0x70/0xd0 [ 2432.793550] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2432.793565] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2432.793583] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2432.793603] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2432.802674] ? trace_hardirqs_on_caller+0x310/0x310 [ 2432.802691] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2432.802713] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2432.802731] ? page_fault+0x8/0x30 [ 2432.810895] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2432.874577] ? page_fault+0x8/0x30 [ 2432.878135] page_fault+0x1e/0x30 [ 2432.881602] RIP: 0033:0x4510a0 [ 2432.884815] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d 08:16:50 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x7a00000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc0505510, &(0x7f0000000080)) 08:16:50 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x1000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:50 executing program 1: r0 = syz_open_dev$admmidi(0x0, 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:50 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) write$P9_RREAD(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="7d00000075020072000000548bcfe165a1ab063622394ff111d436648416a8d517f00a2dcb76c47cd202bd4a4f0a884f54313cf3ab3b2d83bb282413dbd3a8fb894f1734c9ab9fbe171150c08a504ae1f474260f43e15b19468f54a7bf13a3302377d57039bc2067f9a15645f38aec74a0c796ef25f9bd5c8fc1718cd6"], 0x7d) bind$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x6, {0x2, 0x3f, 0x8, 0x4f, 0xfffffffffffffffc, 0x81}, 0x9}, 0xe) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) [ 2432.903733] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2432.909111] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2432.916406] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2432.923687] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2432.930960] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2432.938223] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:50 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:50 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x600]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:50 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x4000, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000080)={0x0, 0x5, 0x30, 0x80, 0x508}, &(0x7f00000000c0)=0x18) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000140)={r3, 0x5}, &(0x7f00000001c0)=0x8) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240)={0xffffffffffffffff}, 0x106, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f00000002c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000200), 0x3, {0xa, 0x4e21, 0x1, @remote, 0x4}, r4}}, 0x38) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000040)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2433.079104] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2433.090725] CPU: 1 PID: 23930 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2433.098107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2433.107465] Call Trace: [ 2433.110071] dump_stack+0x244/0x39d [ 2433.113716] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2433.118933] handle_userfault.cold.32+0x47/0x62 [ 2433.123625] ? userfaultfd_ioctl+0x5610/0x5610 [ 2433.128217] ? mark_held_locks+0x130/0x130 [ 2433.132462] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2433.137485] ? futex_wait_setup+0x266/0x3e0 [ 2433.141826] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2433.147026] ? userfaultfd_ctx_put+0x830/0x830 [ 2433.151613] ? futex_wait+0x5a1/0xa50 [ 2433.155424] ? print_usage_bug+0xc0/0xc0 [ 2433.159492] ? print_usage_bug+0xc0/0xc0 [ 2433.163567] ? print_usage_bug+0xc0/0xc0 [ 2433.167634] ? zap_class+0x640/0x640 [ 2433.171368] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2433.176476] ? futex_wake+0x304/0x760 [ 2433.180295] ? find_held_lock+0x36/0x1c0 [ 2433.184385] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2433.188985] ? lock_downgrade+0x900/0x900 [ 2433.193146] ? kasan_check_read+0x11/0x20 [ 2433.197299] ? do_raw_spin_unlock+0xa7/0x330 [ 2433.201710] ? do_raw_spin_trylock+0x270/0x270 [ 2433.206300] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2433.211940] __handle_mm_fault+0x4bbd/0x5be0 [ 2433.216376] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2433.221259] ? zap_class+0x640/0x640 [ 2433.224975] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2433.229908] ? kasan_check_read+0x11/0x20 [ 2433.234324] ? rcu_softirq_qs+0x20/0x20 [ 2433.238324] ? zap_class+0x640/0x640 [ 2433.242059] ? zap_class+0x640/0x640 [ 2433.245788] ? find_held_lock+0x36/0x1c0 [ 2433.249885] ? handle_mm_fault+0x42a/0xc70 [ 2433.254126] ? lock_downgrade+0x900/0x900 [ 2433.258282] ? check_preemption_disabled+0x48/0x280 [ 2433.263305] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2433.268239] ? kasan_check_read+0x11/0x20 [ 2433.272394] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2433.277680] ? rcu_softirq_qs+0x20/0x20 [ 2433.281658] ? trace_hardirqs_off_caller+0x310/0x310 [ 2433.286773] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2433.292315] ? check_preemption_disabled+0x48/0x280 [ 2433.297343] handle_mm_fault+0x54f/0xc70 [ 2433.301421] ? __handle_mm_fault+0x5be0/0x5be0 [ 2433.306016] ? find_vma+0x34/0x190 [ 2433.309566] __do_page_fault+0x5e8/0xe60 [ 2433.313632] ? trace_hardirqs_off+0xb8/0x310 [ 2433.318057] do_page_fault+0xf2/0x7e0 [ 2433.321873] ? vmalloc_sync_all+0x30/0x30 [ 2433.326057] ? error_entry+0x70/0xd0 [ 2433.329776] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2433.334800] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2433.339738] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2433.344673] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2433.349521] ? trace_hardirqs_on_caller+0x310/0x310 [ 2433.354544] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2433.360000] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2433.365533] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2433.370552] ? page_fault+0x8/0x30 [ 2433.374105] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2433.378956] ? page_fault+0x8/0x30 [ 2433.382505] page_fault+0x1e/0x30 [ 2433.385961] RIP: 0033:0x4510a0 [ 2433.389169] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2433.408076] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2433.413445] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2433.420716] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2433.427988] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2433.435257] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2433.442533] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:51 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:51 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xe80]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:51 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x20000000000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:51 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x4000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc0045878, &(0x7f0000000080)) 08:16:51 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x806000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:51 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2433.751484] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2433.766778] CPU: 0 PID: 23962 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2433.774162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2433.783515] Call Trace: [ 2433.786116] dump_stack+0x244/0x39d [ 2433.789761] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2433.794973] handle_userfault.cold.32+0x47/0x62 [ 2433.799669] ? userfaultfd_ioctl+0x5610/0x5610 [ 2433.804262] ? mark_held_locks+0x130/0x130 [ 2433.808506] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2433.813532] ? futex_wait_setup+0x266/0x3e0 [ 2433.817870] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2433.823067] ? userfaultfd_ctx_put+0x830/0x830 [ 2433.827654] ? futex_wait+0x5a1/0xa50 [ 2433.831465] ? print_usage_bug+0xc0/0xc0 [ 2433.835536] ? print_usage_bug+0xc0/0xc0 [ 2433.839607] ? print_usage_bug+0xc0/0xc0 [ 2433.843680] ? zap_class+0x640/0x640 [ 2433.847417] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2433.852528] ? futex_wake+0x304/0x760 [ 2433.856346] ? find_held_lock+0x36/0x1c0 [ 2433.860436] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2433.865026] ? lock_downgrade+0x900/0x900 [ 2433.869187] ? kasan_check_read+0x11/0x20 [ 2433.873338] ? do_raw_spin_unlock+0xa7/0x330 [ 2433.877768] ? do_raw_spin_trylock+0x270/0x270 [ 2433.882367] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2433.888015] __handle_mm_fault+0x4bbd/0x5be0 [ 2433.892446] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2433.897303] ? zap_class+0x640/0x640 [ 2433.901027] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2433.905960] ? kasan_check_read+0x11/0x20 [ 2433.910116] ? rcu_softirq_qs+0x20/0x20 [ 2433.914108] ? zap_class+0x640/0x640 [ 2433.917833] ? zap_class+0x640/0x640 [ 2433.921558] ? find_held_lock+0x36/0x1c0 [ 2433.925636] ? handle_mm_fault+0x42a/0xc70 [ 2433.929882] ? lock_downgrade+0x900/0x900 [ 2433.934043] ? check_preemption_disabled+0x48/0x280 [ 2433.939067] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2433.944001] ? kasan_check_read+0x11/0x20 [ 2433.948157] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2433.953440] ? rcu_softirq_qs+0x20/0x20 [ 2433.957425] ? trace_hardirqs_off_caller+0x310/0x310 [ 2433.962538] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2433.968092] ? check_preemption_disabled+0x48/0x280 [ 2433.973133] handle_mm_fault+0x54f/0xc70 [ 2433.977203] ? __handle_mm_fault+0x5be0/0x5be0 [ 2433.981797] ? find_vma+0x34/0x190 [ 2433.985350] __do_page_fault+0x5e8/0xe60 [ 2433.989430] ? trace_hardirqs_off+0xb8/0x310 [ 2433.993852] do_page_fault+0xf2/0x7e0 [ 2433.997665] ? vmalloc_sync_all+0x30/0x30 [ 2434.001819] ? error_entry+0x70/0xd0 [ 2434.005541] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2434.010561] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2434.015503] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2434.020441] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2434.025296] ? trace_hardirqs_on_caller+0x310/0x310 [ 2434.030332] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2434.035810] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2434.040832] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2434.045855] ? page_fault+0x8/0x30 [ 2434.049407] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2434.054294] ? page_fault+0x8/0x30 [ 2434.057852] page_fault+0x1e/0x30 [ 2434.061324] RIP: 0033:0x4510a0 [ 2434.064530] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2434.083435] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2434.088801] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e 08:16:51 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8906]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) [ 2434.096078] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2434.103386] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2434.110668] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2434.117939] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc4c85512, &(0x7f0000000080)) 08:16:52 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:52 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0xc0800) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:52 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x900, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:52 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x86ddffff00000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:52 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:52 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffff9c, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000100)={@mcast2, @mcast1, @mcast1, 0x3f, 0x4, 0x6, 0x0, 0x10001, 0x1200008, r1}) r2 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0xac9b, 0x2000) getresuid(&(0x7f0000000240)=0x0, &(0x7f0000000280), &(0x7f00000002c0)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000340)=0xc) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000380)={{{@in=@loopback, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f0000000480)=0xe8) mount$fuseblk(&(0x7f0000000040)='/dev/loop0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='fuseblk\x00', 0x8000, &(0x7f00000004c0)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x4}}, {@max_read={'max_read', 0x3d, 0x1}}], [{@uid_gt={'uid>', r6}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@pcr={'pcr', 0x3d, 0x35}}, {@permit_directio='permit_directio'}, {@dont_appraise='dont_appraise'}, {@subj_type={'subj_type', 0x3d, '/dev/snd/controlC#\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/snd/controlC#\x00'}}]}}) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r2, 0x800455d1, &(0x7f0000000080)) 08:16:52 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8864]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:52 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x1000008, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:52 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000ffa000/0x4000)=nil, 0x4000}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x5452, &(0x7f0000000080)) 08:16:52 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x14000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:52 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:52 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(0xffffffffffffffff, 0xc008ae67, &(0x7f00000000c0)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r0 = socket(0x11, 0x2, 0x9) fcntl$setstatus(r0, 0x4, 0x2800) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x9, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000e73000/0x2000)=nil, 0x2000, 0x0, 0x8031, r1, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0) ioctl$EVIOCGVERSION(r1, 0x80044501, &(0x7f0000000100)=""/161) connect$can_bcm(0xffffffffffffffff, &(0x7f0000000200), 0x10) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00027, 0x0, &(0x7f00000000c0), 0x1, 0x2000000000002) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) r3 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r3, 0x800455d1, &(0x7f0000000080)) [ 2434.715602] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2434.715629] CPU: 0 PID: 24025 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2434.727532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2434.736892] Call Trace: [ 2434.736917] dump_stack+0x244/0x39d [ 2434.736940] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2434.736979] handle_userfault.cold.32+0x47/0x62 [ 2434.737008] ? userfaultfd_ioctl+0x5610/0x5610 [ 2434.753076] ? mark_held_locks+0x130/0x130 08:16:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x5451, &(0x7f0000000080)) [ 2434.753095] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2434.753110] ? futex_wait_setup+0x266/0x3e0 [ 2434.753140] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2434.753159] ? userfaultfd_ctx_put+0x830/0x830 [ 2434.753177] ? futex_wait+0x5a1/0xa50 [ 2434.762000] ? print_usage_bug+0xc0/0xc0 [ 2434.762019] ? print_usage_bug+0xc0/0xc0 [ 2434.762039] ? print_usage_bug+0xc0/0xc0 [ 2434.762057] ? zap_class+0x640/0x640 [ 2434.762075] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2434.762092] ? futex_wake+0x304/0x760 [ 2434.797151] ? find_held_lock+0x36/0x1c0 [ 2434.805959] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2434.805977] ? lock_downgrade+0x900/0x900 [ 2434.806007] ? kasan_check_read+0x11/0x20 [ 2434.826742] ? do_raw_spin_unlock+0xa7/0x330 [ 2434.831156] ? do_raw_spin_trylock+0x270/0x270 [ 2434.835766] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2434.841420] __handle_mm_fault+0x4bbd/0x5be0 [ 2434.845841] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2434.850693] ? zap_class+0x640/0x640 [ 2434.854409] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2434.859344] ? kasan_check_read+0x11/0x20 [ 2434.863517] ? rcu_softirq_qs+0x20/0x20 [ 2434.867509] ? zap_class+0x640/0x640 [ 2434.871225] ? zap_class+0x640/0x640 [ 2434.874951] ? find_held_lock+0x36/0x1c0 [ 2434.879029] ? handle_mm_fault+0x42a/0xc70 [ 2434.883270] ? lock_downgrade+0x900/0x900 [ 2434.887425] ? check_preemption_disabled+0x48/0x280 [ 2434.892451] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2434.897395] ? kasan_check_read+0x11/0x20 [ 2434.901548] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2434.906830] ? rcu_softirq_qs+0x20/0x20 [ 2434.910811] ? trace_hardirqs_off_caller+0x310/0x310 [ 2434.915921] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2434.921467] ? check_preemption_disabled+0x48/0x280 [ 2434.926498] handle_mm_fault+0x54f/0xc70 [ 2434.930573] ? __handle_mm_fault+0x5be0/0x5be0 [ 2434.935179] ? find_vma+0x34/0x190 [ 2434.938748] __do_page_fault+0x5e8/0xe60 [ 2434.942815] ? trace_hardirqs_off+0xb8/0x310 [ 2434.947249] do_page_fault+0xf2/0x7e0 [ 2434.951056] ? vmalloc_sync_all+0x30/0x30 [ 2434.955244] ? error_entry+0x70/0xd0 [ 2434.958967] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2434.963986] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2434.968930] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2434.973870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2434.978718] ? trace_hardirqs_on_caller+0x310/0x310 [ 2434.983737] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2434.989195] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2434.994225] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2434.999251] ? page_fault+0x8/0x30 [ 2435.002800] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2435.007649] ? page_fault+0x8/0x30 [ 2435.011193] page_fault+0x1e/0x30 [ 2435.014651] RIP: 0033:0x4510a0 [ 2435.017848] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2435.036773] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2435.042138] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2435.049412] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2435.056697] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2435.063979] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2435.071252] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:53 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x3, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:53 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:53 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x5000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x4020940d, &(0x7f0000000080)) 08:16:53 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x89060000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2435.359767] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2435.372595] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2435.383457] CPU: 1 PID: 24058 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2435.390846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2435.400214] Call Trace: [ 2435.402832] dump_stack+0x244/0x39d [ 2435.406513] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2435.411737] handle_userfault.cold.32+0x47/0x62 [ 2435.416441] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2435.421048] ? trace_hardirqs_on+0xbd/0x310 [ 2435.425410] ? userfaultfd_ioctl+0x5610/0x5610 [ 2435.430018] ? mark_held_locks+0x130/0x130 [ 2435.434281] ? _raw_spin_unlock_irq+0x60/0x80 [ 2435.438796] ? finish_task_switch+0x1f4/0x910 [ 2435.443309] ? finish_task_switch+0x1b4/0x910 [ 2435.447839] ? __switch_to_asm+0x34/0x70 [ 2435.451924] ? preempt_notifier_register+0x200/0x200 [ 2435.457043] ? __switch_to_asm+0x34/0x70 [ 2435.461123] ? __switch_to_asm+0x34/0x70 [ 2435.465206] ? __switch_to_asm+0x40/0x70 [ 2435.469284] ? __switch_to_asm+0x34/0x70 [ 2435.473372] ? __switch_to_asm+0x40/0x70 [ 2435.477453] ? __switch_to_asm+0x34/0x70 [ 2435.481530] ? __switch_to_asm+0x40/0x70 [ 2435.485606] ? __switch_to_asm+0x34/0x70 [ 2435.489691] ? print_usage_bug+0xc0/0xc0 [ 2435.493764] ? __switch_to_asm+0x40/0x70 [ 2435.497839] ? __switch_to_asm+0x34/0x70 [ 2435.501920] ? __switch_to_asm+0x40/0x70 [ 2435.505999] ? __schedule+0x8d7/0x21d0 [ 2435.509902] ? print_usage_bug+0xc0/0xc0 [ 2435.514000] ? do_raw_spin_trylock+0x270/0x270 [ 2435.518609] ? __sched_text_start+0x8/0x8 [ 2435.522772] ? zap_class+0x640/0x640 [ 2435.526509] ? mark_held_locks+0xc7/0x130 [ 2435.530677] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2435.535452] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2435.540053] ? find_held_lock+0x36/0x1c0 [ 2435.544146] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2435.548756] ? lock_downgrade+0x900/0x900 [ 2435.552932] ? kasan_check_read+0x11/0x20 [ 2435.557096] ? do_raw_spin_unlock+0xa7/0x330 [ 2435.561532] ? do_raw_spin_trylock+0x270/0x270 [ 2435.566136] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2435.571788] __handle_mm_fault+0x4bbd/0x5be0 [ 2435.576226] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2435.581096] ? zap_class+0x640/0x640 [ 2435.584832] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2435.589776] ? kasan_check_read+0x11/0x20 [ 2435.593939] ? rcu_softirq_qs+0x20/0x20 [ 2435.597937] ? zap_class+0x640/0x640 [ 2435.601663] ? zap_class+0x640/0x640 [ 2435.605404] ? find_held_lock+0x36/0x1c0 [ 2435.609490] ? handle_mm_fault+0x42a/0xc70 [ 2435.613745] ? lock_downgrade+0x900/0x900 [ 2435.617912] ? check_preemption_disabled+0x48/0x280 [ 2435.622956] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2435.627908] ? kasan_check_read+0x11/0x20 [ 2435.632066] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2435.637354] ? rcu_softirq_qs+0x20/0x20 [ 2435.641353] ? trace_hardirqs_off_caller+0x310/0x310 [ 2435.646481] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2435.652068] ? check_preemption_disabled+0x48/0x280 [ 2435.657103] handle_mm_fault+0x54f/0xc70 [ 2435.661179] ? __handle_mm_fault+0x5be0/0x5be0 [ 2435.665782] ? find_vma+0x34/0x190 [ 2435.669338] __do_page_fault+0x5e8/0xe60 [ 2435.673432] ? trace_hardirqs_off+0xb8/0x310 [ 2435.677864] do_page_fault+0xf2/0x7e0 [ 2435.681682] ? vmalloc_sync_all+0x30/0x30 [ 2435.685840] ? error_entry+0x70/0xd0 [ 2435.689575] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2435.694612] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2435.699571] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2435.704522] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2435.709384] ? trace_hardirqs_on_caller+0x310/0x310 [ 2435.714428] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2435.719902] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2435.724936] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2435.729964] ? page_fault+0x8/0x30 [ 2435.733519] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2435.738385] ? page_fault+0x8/0x30 [ 2435.741943] page_fault+0x1e/0x30 [ 2435.745404] RIP: 0033:0x4510a0 [ 2435.748641] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2435.767553] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2435.772923] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2435.780205] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2435.787485] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2435.794764] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2435.802040] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc1105518, &(0x7f0000000080)) [ 2435.809347] CPU: 0 PID: 24020 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2435.816751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2435.826210] Call Trace: [ 2435.828814] dump_stack+0x244/0x39d [ 2435.832464] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2435.837683] handle_userfault.cold.32+0x47/0x62 [ 2435.842400] ? userfaultfd_ioctl+0x5610/0x5610 [ 2435.847008] ? mark_held_locks+0x130/0x130 [ 2435.847026] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2435.847041] ? futex_wait_setup+0x266/0x3e0 [ 2435.847075] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2435.856327] ? userfaultfd_ctx_put+0x830/0x830 [ 2435.856342] ? futex_wait+0x5a1/0xa50 [ 2435.856381] ? print_usage_bug+0xc0/0xc0 [ 2435.856400] ? print_usage_bug+0xc0/0xc0 [ 2435.856419] ? print_usage_bug+0xc0/0xc0 [ 2435.856438] ? zap_class+0x640/0x640 [ 2435.890212] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2435.895339] ? futex_wake+0x304/0x760 [ 2435.899183] ? find_held_lock+0x36/0x1c0 [ 2435.903275] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2435.907872] ? lock_downgrade+0x900/0x900 [ 2435.912043] ? kasan_check_read+0x11/0x20 [ 2435.916208] ? do_raw_spin_unlock+0xa7/0x330 [ 2435.920654] ? do_raw_spin_trylock+0x270/0x270 [ 2435.925254] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2435.930904] __handle_mm_fault+0x4bbd/0x5be0 [ 2435.935341] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2435.940218] ? zap_class+0x640/0x640 [ 2435.943942] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2435.948887] ? kasan_check_read+0x11/0x20 [ 2435.953055] ? rcu_softirq_qs+0x20/0x20 [ 2435.957059] ? zap_class+0x640/0x640 [ 2435.960786] ? zap_class+0x640/0x640 [ 2435.964520] ? find_held_lock+0x36/0x1c0 [ 2435.968606] ? handle_mm_fault+0x42a/0xc70 [ 2435.972864] ? lock_downgrade+0x900/0x900 [ 2435.977030] ? check_preemption_disabled+0x48/0x280 [ 2435.982062] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2435.987004] ? kasan_check_read+0x11/0x20 [ 2435.991166] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2435.996461] ? rcu_softirq_qs+0x20/0x20 [ 2436.000466] ? trace_hardirqs_off_caller+0x310/0x310 [ 2436.005588] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2436.011147] ? check_preemption_disabled+0x48/0x280 [ 2436.016187] handle_mm_fault+0x54f/0xc70 [ 2436.020283] ? __handle_mm_fault+0x5be0/0x5be0 [ 2436.024884] ? find_vma+0x34/0x190 [ 2436.028444] __do_page_fault+0x5e8/0xe60 [ 2436.032518] ? trace_hardirqs_off+0xb8/0x310 [ 2436.036947] do_page_fault+0xf2/0x7e0 [ 2436.040763] ? vmalloc_sync_all+0x30/0x30 [ 2436.044928] ? error_entry+0x70/0xd0 [ 2436.048656] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2436.053694] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2436.058642] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2436.063584] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2436.068450] ? trace_hardirqs_on_caller+0x310/0x310 [ 2436.073483] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2436.078949] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2436.083980] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2436.089022] ? page_fault+0x8/0x30 [ 2436.092584] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2436.097448] ? page_fault+0x8/0x30 [ 2436.101003] page_fault+0x1e/0x30 [ 2436.104467] RIP: 0033:0x4510a0 [ 2436.107675] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2436.126586] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2436.131958] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2436.139237] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2436.139252] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2436.153802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2436.161084] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:54 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x40405514, &(0x7f0000000080)) 08:16:54 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x4788]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:54 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x48400, 0x0) syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x0, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f00000000c0)={0x51, 0xffff, 0x8, {0x8, 0xfffffffffffffffb}, {0x7, 0x101}, @period={0x59, 0x2, 0x101, 0x6, 0x8001, {0xffffffff, 0x1000, 0x9, 0x3}, 0x4, &(0x7f0000000040)=[0x7, 0xfbf7, 0x1, 0x100]}}) 08:16:54 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x0, 0x2000) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f00000001c0)={0x1, 0x1, 0x800, 0x7255e1fc, 0x0, 0x100000000, 0x5}, 0xc) r1 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x800000) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) r2 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_int(r2, 0x0, 0x7, &(0x7f0000000040), &(0x7f00000000c0)=0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x210001, 0x0) write$P9_RLERRORu(r3, &(0x7f0000000140)={0x20, 0x7, 0x2, {{0x13, '/dev/snd/controlC#\x00'}, 0x100000000}}, 0x20) 08:16:54 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0xffffff7f00000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:54 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8906000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:54 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2436.424639] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2436.436540] CPU: 1 PID: 24092 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2436.443926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2436.453291] Call Trace: [ 2436.455905] dump_stack+0x244/0x39d [ 2436.459560] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2436.464787] handle_userfault.cold.32+0x47/0x62 [ 2436.469487] ? userfaultfd_ioctl+0x5610/0x5610 [ 2436.474091] ? mark_held_locks+0x130/0x130 [ 2436.478342] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2436.483388] ? futex_wait_setup+0x266/0x3e0 [ 2436.483419] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2436.483439] ? userfaultfd_ctx_put+0x830/0x830 [ 2436.483454] ? futex_wait+0x5a1/0xa50 [ 2436.483474] ? print_usage_bug+0xc0/0xc0 [ 2436.493002] ? print_usage_bug+0xc0/0xc0 [ 2436.493022] ? print_usage_bug+0xc0/0xc0 [ 2436.493039] ? zap_class+0x640/0x640 [ 2436.493057] ? drop_futex_key_refs.isra.14+0x6d/0xe0 08:16:54 executing program 1: syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:54 executing program 1: syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2436.493079] ? futex_wake+0x304/0x760 [ 2436.526231] ? find_held_lock+0x36/0x1c0 [ 2436.530325] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2436.534937] ? lock_downgrade+0x900/0x900 [ 2436.539115] ? kasan_check_read+0x11/0x20 [ 2436.543279] ? do_raw_spin_unlock+0xa7/0x330 [ 2436.547707] ? do_raw_spin_trylock+0x270/0x270 [ 2436.552308] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2436.557961] __handle_mm_fault+0x4bbd/0x5be0 [ 2436.562407] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2436.567273] ? zap_class+0x640/0x640 08:16:54 executing program 1: syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2436.571004] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2436.575952] ? kasan_check_read+0x11/0x20 [ 2436.580118] ? rcu_softirq_qs+0x20/0x20 [ 2436.584120] ? zap_class+0x640/0x640 [ 2436.587853] ? zap_class+0x640/0x640 [ 2436.591593] ? find_held_lock+0x36/0x1c0 [ 2436.595680] ? handle_mm_fault+0x42a/0xc70 [ 2436.599934] ? lock_downgrade+0x900/0x900 [ 2436.604107] ? check_preemption_disabled+0x48/0x280 [ 2436.609168] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2436.614121] ? kasan_check_read+0x11/0x20 [ 2436.614138] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2436.614157] ? rcu_softirq_qs+0x20/0x20 [ 2436.614174] ? trace_hardirqs_off_caller+0x310/0x310 [ 2436.614195] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2436.623648] ? check_preemption_disabled+0x48/0x280 [ 2436.623673] handle_mm_fault+0x54f/0xc70 [ 2436.623692] ? __handle_mm_fault+0x5be0/0x5be0 [ 2436.651979] ? find_vma+0x34/0x190 [ 2436.655548] __do_page_fault+0x5e8/0xe60 [ 2436.659632] ? trace_hardirqs_off+0xb8/0x310 [ 2436.664068] do_page_fault+0xf2/0x7e0 [ 2436.667898] ? vmalloc_sync_all+0x30/0x30 [ 2436.672065] ? error_entry+0x70/0xd0 08:16:54 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2436.675798] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2436.680829] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2436.685782] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2436.690728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2436.690748] ? trace_hardirqs_on_caller+0x310/0x310 [ 2436.700613] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2436.700632] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2436.700656] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2436.716121] ? page_fault+0x8/0x30 [ 2436.719686] ? trace_hardirqs_off_thunk+0x1a/0x1c 08:16:54 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2436.724546] ? page_fault+0x8/0x30 [ 2436.728107] page_fault+0x1e/0x30 [ 2436.731574] RIP: 0033:0x4510a0 [ 2436.734780] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2436.753697] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2436.759070] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2436.766352] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 08:16:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc008551c, &(0x7f0000000080)) 08:16:54 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2436.773648] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2436.780932] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2436.788219] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2436.870000] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2436.875498] CPU: 0 PID: 24093 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2436.882889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2436.892247] Call Trace: [ 2436.894861] dump_stack+0x244/0x39d [ 2436.898518] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2436.903738] handle_userfault.cold.32+0x47/0x62 [ 2436.908442] ? userfaultfd_ioctl+0x5610/0x5610 [ 2436.913054] ? mark_held_locks+0x130/0x130 [ 2436.917307] ? find_held_lock+0x36/0x1c0 [ 2436.917339] ? userfaultfd_ctx_put+0x830/0x830 [ 2436.917380] ? kasan_check_read+0x11/0x20 [ 2436.926015] ? print_usage_bug+0xc0/0xc0 [ 2436.926031] ? do_raw_spin_trylock+0x270/0x270 [ 2436.926049] ? print_usage_bug+0xc0/0xc0 [ 2436.926073] ? print_usage_bug+0xc0/0xc0 [ 2436.946984] ? zap_class+0x640/0x640 [ 2436.950723] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2436.955835] ? futex_wake+0x304/0x760 [ 2436.955866] ? find_held_lock+0x36/0x1c0 [ 2436.955892] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2436.955912] ? lock_downgrade+0x900/0x900 [ 2436.963780] ? kasan_check_read+0x11/0x20 [ 2436.963796] ? do_raw_spin_unlock+0xa7/0x330 [ 2436.963812] ? do_raw_spin_trylock+0x270/0x270 [ 2436.963830] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2436.963861] __handle_mm_fault+0x4bbd/0x5be0 [ 2436.981132] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2436.991323] ? zap_class+0x640/0x640 [ 2436.991339] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2436.991354] ? kasan_check_read+0x11/0x20 [ 2436.991386] ? rcu_softirq_qs+0x20/0x20 [ 2437.017429] ? zap_class+0x640/0x640 [ 2437.021162] ? zap_class+0x640/0x640 [ 2437.024892] ? find_held_lock+0x36/0x1c0 [ 2437.028968] ? handle_mm_fault+0x42a/0xc70 [ 2437.033209] ? lock_downgrade+0x900/0x900 [ 2437.037381] ? check_preemption_disabled+0x48/0x280 [ 2437.042433] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2437.047378] ? kasan_check_read+0x11/0x20 [ 2437.051517] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2437.056792] ? rcu_softirq_qs+0x20/0x20 [ 2437.060757] ? trace_hardirqs_off_caller+0x310/0x310 [ 2437.065854] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2437.071396] ? check_preemption_disabled+0x48/0x280 [ 2437.076410] handle_mm_fault+0x54f/0xc70 [ 2437.080465] ? __handle_mm_fault+0x5be0/0x5be0 [ 2437.085039] ? find_vma+0x34/0x190 [ 2437.088578] __do_page_fault+0x5e8/0xe60 [ 2437.092631] ? trace_hardirqs_off+0xb8/0x310 [ 2437.097036] do_page_fault+0xf2/0x7e0 [ 2437.100828] ? vmalloc_sync_all+0x30/0x30 [ 2437.104965] ? error_entry+0x70/0xd0 [ 2437.108668] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2437.113700] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2437.118630] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2437.123550] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2437.128407] ? trace_hardirqs_on_caller+0x310/0x310 [ 2437.133424] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2437.138865] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2437.143907] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2437.148928] ? page_fault+0x8/0x30 [ 2437.152481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2437.157314] ? page_fault+0x8/0x30 [ 2437.160843] page_fault+0x1e/0x30 [ 2437.164303] RIP: 0033:0x4510a0 [ 2437.167487] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2437.186391] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2437.191743] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2437.199008] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2437.206278] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2437.213551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2437.220817] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:55 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000140)={0x1000, 0x8, 0x4, 0xbc1, 0x7, [{0x8000, 0x8, 0x80000000, 0x0, 0x0, 0x2001}, {0xffff, 0xd6, 0x100000000}, {0x7, 0x1ff, 0x27e2, 0x0, 0x0, 0x201}, {0x9, 0xffffffffffff6ef3, 0x6, 0x0, 0x0, 0x80}, {0x60f, 0x0, 0x8, 0x0, 0x0, 0x80}, {0x42, 0x9, 0x1, 0x0, 0x0, 0x4}, {0x500, 0xffffffff, 0x8000, 0x0, 0x0, 0x4}]}) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0xae358593e6ae211) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:55 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000040)={0x0, @aes256, 0x3, "914a3f2d12886117"}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc00455d0, &(0x7f0000000080)) 08:16:55 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0) 08:16:55 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x900000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:55 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xf0ffff]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:55 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0) 08:16:55 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, 0x0) [ 2437.449879] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2437.459989] CPU: 1 PID: 24136 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2437.467392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2437.476796] Call Trace: [ 2437.478086] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2437.479431] dump_stack+0x244/0x39d [ 2437.487554] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2437.492771] handle_userfault.cold.32+0x47/0x62 [ 2437.497466] ? userfaultfd_ioctl+0x5610/0x5610 [ 2437.502068] ? mark_held_locks+0x130/0x130 [ 2437.506320] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2437.511381] ? futex_wait_setup+0x266/0x3e0 [ 2437.515744] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2437.520961] ? userfaultfd_ctx_put+0x830/0x830 [ 2437.525571] ? futex_wait+0x5a1/0xa50 [ 2437.529411] ? print_usage_bug+0xc0/0xc0 [ 2437.533491] ? print_usage_bug+0xc0/0xc0 [ 2437.537571] ? print_usage_bug+0xc0/0xc0 [ 2437.537594] ? zap_class+0x640/0x640 [ 2437.545389] ? drop_futex_key_refs.isra.14+0x6d/0xe0 08:16:55 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}}) [ 2437.550511] ? futex_wake+0x304/0x760 [ 2437.554341] ? find_held_lock+0x36/0x1c0 [ 2437.558436] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2437.563038] ? lock_downgrade+0x900/0x900 [ 2437.567219] ? kasan_check_read+0x11/0x20 [ 2437.571385] ? do_raw_spin_unlock+0xa7/0x330 [ 2437.575810] ? do_raw_spin_trylock+0x270/0x270 [ 2437.580408] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2437.586057] __handle_mm_fault+0x4bbd/0x5be0 [ 2437.590493] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2437.595356] ? zap_class+0x640/0x640 [ 2437.599091] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2437.604033] ? kasan_check_read+0x11/0x20 [ 2437.608192] ? rcu_softirq_qs+0x20/0x20 [ 2437.612193] ? zap_class+0x640/0x640 [ 2437.615926] ? zap_class+0x640/0x640 [ 2437.619658] ? find_held_lock+0x36/0x1c0 [ 2437.623742] ? handle_mm_fault+0x42a/0xc70 [ 2437.628001] ? lock_downgrade+0x900/0x900 [ 2437.632169] ? check_preemption_disabled+0x48/0x280 [ 2437.637215] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2437.642158] ? kasan_check_read+0x11/0x20 08:16:55 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}}) [ 2437.642175] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2437.642190] ? rcu_softirq_qs+0x20/0x20 [ 2437.642207] ? trace_hardirqs_off_caller+0x310/0x310 [ 2437.642229] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2437.660727] ? check_preemption_disabled+0x48/0x280 [ 2437.660758] handle_mm_fault+0x54f/0xc70 [ 2437.675475] ? __handle_mm_fault+0x5be0/0x5be0 [ 2437.680087] ? find_vma+0x34/0x190 [ 2437.683662] __do_page_fault+0x5e8/0xe60 [ 2437.687746] ? trace_hardirqs_off+0xb8/0x310 [ 2437.692183] do_page_fault+0xf2/0x7e0 [ 2437.696000] ? vmalloc_sync_all+0x30/0x30 [ 2437.700173] ? error_entry+0x70/0xd0 [ 2437.703914] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2437.708954] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2437.708972] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2437.708988] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2437.709008] ? trace_hardirqs_on_caller+0x310/0x310 [ 2437.728737] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2437.734206] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2437.739243] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2437.744268] ? page_fault+0x8/0x30 08:16:55 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}}) [ 2437.744288] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2437.744305] ? page_fault+0x8/0x30 [ 2437.756224] page_fault+0x1e/0x30 [ 2437.759691] RIP: 0033:0x4510a0 [ 2437.762905] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2437.781829] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2437.787204] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2437.794484] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2437.801762] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2437.809046] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2437.816321] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2437.824849] CPU: 0 PID: 24139 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2437.832246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2437.841610] Call Trace: [ 2437.844220] dump_stack+0x244/0x39d [ 2437.847868] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2437.853091] handle_userfault.cold.32+0x47/0x62 [ 2437.857788] ? userfaultfd_ioctl+0x5610/0x5610 [ 2437.862403] ? mark_held_locks+0x130/0x130 [ 2437.866653] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2437.871679] ? futex_wait_setup+0x266/0x3e0 [ 2437.876034] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2437.881254] ? userfaultfd_ctx_put+0x830/0x830 [ 2437.885849] ? futex_wait+0x5a1/0xa50 [ 2437.889667] ? print_usage_bug+0xc0/0xc0 [ 2437.893748] ? print_usage_bug+0xc0/0xc0 [ 2437.893767] ? print_usage_bug+0xc0/0xc0 08:16:55 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x80350000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2437.893785] ? zap_class+0x640/0x640 [ 2437.893802] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2437.893817] ? futex_wake+0x304/0x760 [ 2437.893843] ? find_held_lock+0x36/0x1c0 [ 2437.905686] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2437.905706] ? lock_downgrade+0x900/0x900 [ 2437.905731] ? kasan_check_read+0x11/0x20 [ 2437.905750] ? do_raw_spin_unlock+0xa7/0x330 [ 2437.914644] ? do_raw_spin_trylock+0x270/0x270 [ 2437.914664] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2437.914691] __handle_mm_fault+0x4bbd/0x5be0 [ 2437.914718] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2437.914737] ? zap_class+0x640/0x640 [ 2437.914752] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2437.914771] ? kasan_check_read+0x11/0x20 [ 2437.964195] ? rcu_softirq_qs+0x20/0x20 [ 2437.972327] ? zap_class+0x640/0x640 [ 2437.972342] ? zap_class+0x640/0x640 [ 2437.972379] ? find_held_lock+0x36/0x1c0 [ 2437.972406] ? handle_mm_fault+0x42a/0xc70 [ 2437.988099] ? lock_downgrade+0x900/0x900 [ 2437.992272] ? check_preemption_disabled+0x48/0x280 [ 2437.997308] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2438.002250] ? kasan_check_read+0x11/0x20 [ 2438.006417] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2438.011707] ? rcu_softirq_qs+0x20/0x20 [ 2438.015700] ? trace_hardirqs_off_caller+0x310/0x310 [ 2438.020839] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2438.026403] ? check_preemption_disabled+0x48/0x280 [ 2438.026429] handle_mm_fault+0x54f/0xc70 [ 2438.026448] ? __handle_mm_fault+0x5be0/0x5be0 [ 2438.026471] ? find_vma+0x34/0x190 [ 2438.043676] __do_page_fault+0x5e8/0xe60 [ 2438.047755] ? trace_hardirqs_off+0xb8/0x310 [ 2438.052196] do_page_fault+0xf2/0x7e0 [ 2438.056017] ? vmalloc_sync_all+0x30/0x30 [ 2438.060187] ? error_entry+0x70/0xd0 [ 2438.063920] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2438.068959] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2438.073908] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2438.078857] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2438.083721] ? trace_hardirqs_on_caller+0x310/0x310 [ 2438.088758] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2438.094227] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2438.099266] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2438.104304] ? page_fault+0x8/0x30 [ 2438.107850] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2438.112687] ? page_fault+0x8/0x30 [ 2438.116216] page_fault+0x1e/0x30 [ 2438.119656] RIP: 0033:0x4510a0 [ 2438.122837] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2438.141725] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 08:16:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = accept$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000040)=0x1c) open(&(0x7f0000000180)='./file0\x00', 0x10000, 0x4) getsockopt$IP6T_SO_GET_REVISION_TARGET(r2, 0x29, 0x45, &(0x7f00000000c0)={'icmp\x00'}, &(0x7f0000000140)=0x1e) ioctl$FS_IOC_GETFLAGS(r1, 0x800455d1, &(0x7f0000000080)) mmap(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x1000004, 0x10, r0, 0x0) 08:16:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc008551b, &(0x7f0000000080)) 08:16:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc0505510, &(0x7f0000000080)) 08:16:56 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x2000000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:56 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000014c0)=0xf800000000000000, 0x4) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000000040)=0x7) r2 = userfaultfd(0xfffffffffffffffd) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0}, &(0x7f0000000240)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000280)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@dev}}, &(0x7f0000000380)=0xe8) mount$9p_tcp(&(0x7f00000000c0)='127.0.0.1\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x8001, &(0x7f00000003c0)={'trans=tcp,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@privport='privport'}, {@access_uid={'access', 0x3d, r3}}], [{@fowner_lt={'fowner<', r4}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@obj_user={'obj_user'}}]}}) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) socket$packet(0x11, 0x3, 0x300) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) write$UHID_INPUT(r0, &(0x7f0000000480)={0x8, "5c635d9e798f92433d50c3aacb9ab44bf51bc855087644db584f31db82be57166addd3a25124e15e9872a87c70b71b4876042e885f0a0be6b3daff3b195a6725fda68250b3e4d250dd457201399f0e52373b92385972ecd901dab67f767028dab659ae7294c187ff228c7e636483b27bd92109e8d3c6fe9bb49c89c733e4e4081559d8729105c310aa2e9e4358e6d3b4b27508b94f825a115c58400ba27704f536acbb07365a9dca1b91e7f21b99a0bf264efd7082daa9f147b66da80d0cdac131336eaf92027bf23d3d808b149e1f72ad3c231ddecd77460b5a5c3430e0a8cc21776fa1f8cd92f8a74245e376cf5dd5cb3996aff182c3f858c22135bcf9c83eb08bf17eab8c2cfe2cc52b5b8288614bbba7b47939733d07d5fc3eb2e506d606fe981b82dc469f5b0367a3c3ff0c6a361cc13b0d7062b8dcd4cc5b0a0baa65428e664d9b7f2092356c53c4497ec8c5e25c061282b655b511314a354bed914fe8960c19d0d25e15382f0809c0d9f58bf66623f6c5581093d29b933fd1dd116ba440dec77d32c212a43d6083ad300561e722d94fb34e2a1b1541f0c2eb2a852c8e34cd51c955c53361139d8b7a983468980f6f028c988099cadca3f3fef1078e544711c361586363ed51d7d83902360776c5a482cd166056cc3eba1c7ec76b14966294406828669b75664aa4a3886591cc3f0ebac8ad28d64f36241113e2b4a1ce52c0210af614ca11e017b6e2b0e96df18dd2cbe4cb089b659b856cf4bd966520d965889ba9a57c908e5d3b1ca5c8b6776ff054f49e9294f07d9a363a69e83cb3e7de4114bec38c9d8f7157ca88fad410d2839a8a9b2d2f77188f8b00cf47812145b9a48c124999f362f5f500e5a1dc44035f622147173a6d8861e48b7e310bf6d33ac648e9396e2b454410af88f859e1a96e6627883ea8c57f3d9c9d07982b5f8da4290298217bf95ab4f1fb8a38d764c9c606ab3b419f353cc91c01ebc10f1ef1bee2974e207fbc565b075782a482677651f9972756ff188ada9f0c1ee63f1dd09d1613d3d97100fbddfe75659b20c70b6a4d90eb8377f7cea755461a8c5ac779fb16f0224af3f2e11d172dad8274c71d4f31a3e59f0612c84dc0c3ee8bab9f25fb825de746fbd8a31b118192dd09135dfd82676921eb87ebeb926bfc4e94d8eedf914dc2318a3c32c37dad0ac7be08ed7e8d339781bbe55fb1a614c35038849bc3024517c82c5c3c43eb0e8930923dc8fa32deff4f506ef0a0a7da07bba8dbdc1fe13f67e6723dd52b24e498e96728b70f4736aaa11642f8a04f1c5aed3ae848f60ae6471a73151844861a65cc7a8765a027e0584e33ac448f00df8cda216e71e397d80a507ace3e458af6f777b77541e8833aa7e1f31b50962ce469ed49c3463dce2c5939fb3c780e87cf127fce61f61f51653eefeeb2f0bdc828fa922a54945d34a3561fe48a955922ee7a82256a377b88ae71bc15cf96d41b09343bd6bbd8e0b08907498d57eaa087c3f9f6027043a8c998be3d133993c09ad8eda7736ba79e65aacd049752d28f8e1ad18d1bd4e7a9a73f769981c06144d76062ab9610c80e88834762929bfc169457fd3142c55767a8cd4eb22dc7e1a938a9a4ee516ca35196dc837be0dfcc2bbc4da3be3318cb311480d1fcd6f0d80b668dccd59c4e06f92305f9373fa5b4506ad7162efe0d6ce280a51377928ca4a4445562e7eec0410a2c392af24195a23a90e580691e24cdd304deef44be022f23d10927036d8baf07306c74160d38606046b5dcc3cff232ac64576a02fe7b7915ab8f683dde5c062022ea87b9e94967e2b95361d2f6f41b9a096fe5f5552154b25b0eaf89a016281912d6cff1786c2a9d2c9eadb7a34d0cd277d7df0661183289aca5aa3914d30e5abc9d712f3e0e169135ff740e6e7fd6f52e502d44fc65f927d5a8a62c5594cffd99ca8a698b62dd787184e2d673b360fab26e234e745ae9bdd983e3a9d068c1d9c48f14498ad1e3f32aca86ad02ae6925b8fffe6f03cbcb5e97b99b389722f75d7ed6b15c3909b356b870548bdd89cc932cbb87b51c9f575b642e284fb39ad16f28976d3fd3cfd090b2cd86f425b7bb74e82b897a613235491497a12944fa44af136cc56182932e54086af28e2b259af63eda0e8a5906d8af7ca0a317ac17e83c93ac71de1716bfff30115be3c444fc2d017b38ba662dd867c1462d824067d7b27313c05fc49367dfa8528566fee2ffab54bab8c20cc8025781968bf67ae98adbffd110db43da26ba59be25789a0bf25fc0fa8d60e22fccdfb930919e6302dd0a98857012cf91bf1c154f2acc968c1057ac0b87a0382137f981a6c0b9924b931083bab7b0a65efb7080d37ae61914108b7182cd28831e917dcb1871fa19a94dced0850495c1d55a59786946b70d7ecb9f9df46f321d9a4d8bb61b1ceb9ba6985517741d1a5019b5ecb3625f6a150b017a3c764a9b07b578083a56bcd860c80852506ca7695a2d5ef296b856d441102c582fe5689b525a9f95e1d53f8fdd321ebefc38114d300d56438793cfa12519f969e1a623046bbcba035492f849a3064e28662b6d7a4f0867694d42b04ca70e3bdb9162587e62f4b739e9cf56f3f2adea2f18c8d0c5fa6d29480c5e595be8ac96ef336ad40f56bcefd149c1fc04d4a12b154a47b476a9491285331b0287927e9de67a7e7bc53424441a2ac5d9cbe2bfa5222e7bfcff0c63be63982f5e63069f1e0be863c018c8d8e7a8162a0c8eb9276fcc29e3b20c3699afc67c3f26df7aef9e7b1ffec901fabbfd30021f959c4cdc7c656a275efb95fb13bf1098f18f9efba04bc43ac2917539d68e6f960b2fd2d7e4c50a51c0d46ceaa8a3d2c104be86c9eec0524edbaa35258bf5ab32f1edf6386eab2fe041a2a506b0580536601c19aac54a7983ed2eec8869bb71afe3833cf78821014fe6f6d33b4d6cd1db871e005f7a3754efa6cead85527c01ee6cf547ecbd4e4856c4da129148bfa3db5e81188ca42809265329ccd31da5e8af750673d1e9299ba548ec2515bc1fe2a5a4c048d0ce2c9083011aa482b1d4cb619e42ef693110fa3ade3f599b03ec6daf2bd7ade26bf9dde63d09c80ebb40f92425d84d917a1dddf83e04f3ef9340673ca2a799ac872fc6b644943c037869f70ede89e258fa37018f109992b9d713802ceb2b285c342970f1c7971cccf59565d05283db320c23057beb68f070aa5662e97d2444e2625648d87a43f2fd6774bb44bc1d67d498be4556e49d80907f045ef2e9fe6cc2d70ba09e135f3df29167732121fbc3b1ffdcbe979e3d47a1741c1dd019f88e3d71c5984bebedab4c4487c38db3e7e708b1caa4fb5901fc0b78e83457c3ad057344ec33b1f11635b1262994e26a3bb3374ba1601b7384372317a439b8519b1f6c3acbcfbea9b4a8e01811b2dbee48c797f93558fefe51230bebfe177cad45502a45c27253b9413311d4ecbcc3a31e85971183c2adac3876f156c79e537f0e85e381ae87b10894c0e3c0dd0263407748c5c1d1767a2deede4e88ac84f99670087f3f74b67c5545bdd7d401d859f8ceebce7f62a46cf0d3fadb308dc4c3345922f93df486c694b341d818c1816e78364cb3ae8c3afae4b0dca2c4e4b3e224360c064fb8bc0f57de597dc08123f38f36dbe9274133fe9aa85a50b1a20064b1bff763fcc317812913771d30e4b32900eccf72037c16582057d754ef1748c74b3ab1d5c9031980a68f268701241b2645bae6741e74cd7453961de60a2c60f5ff84e57982c5254d49600ca1de88531c3b8d92a78e3b1ab6b57deff54de9ec39faefa741cf4d25fecdabd77587eded8371f4310e788e18372ecbd27bd078c81a45bcaa2ac01baa16d7780b94973f77145af2df6f0c1c53d09e2da97d03a382a624894817f152557895d1708f23540d233c85da399039af94bbaee1c0c341b10431a5b056c85c49e275b8e2b51c2ab1ea9c81ea9d161bedc4ca87a3d5197ffd241511e3d3e275437f8f20b4550bbbf2926b068f073e5148cda8ea98319140ae0f1fb79210129732fb95b6754fe6177252e88cf20387023f02e91983217492ce314e45ce32c94c54909b13553fc8aa5b04e5b30e4a930f5afd1d261fa68b5f160524b17cbe7fbf12e1d49089ae4d7d4e82f0c235e556405cc38b910281bdfc596c14c9cb046d268606a361c9347d10779f21e1f8590c73487fffc9b64f5ebc44b131766876faab3f0a4e637df9a5655a3356f8f3f5cb21361e9a0f9c2238d0f8c9af795f193adcdbfc84460ec28eb57f71eeeb21414c495053c9b9dd5c8e3ad0ba698daf20fc038d69d5efc0b6ad7f055522b63dc1da8a0af51aecaa397dba7d31f822646c4b9ecdf5598b6a63b21be33d9b5ed6a4a559f0706d6d6f3c0190b588037486ce7cf4cd9d1265c16c336a9aa6dd0b861172b60323cf9092a5ddabdba7ab0a852ff70ec8d3b62bf29ce2f50046689af87dbe0447394178b51a247c8c7f3bf2ba5d02501eb2dc77a4e027af53a63bff9aa4ffb3bdad8a2ee13b504de2ff42e72532a96dc285d602af326671255a59e43ccf80847fa75d7bb5b84bc5d8c3d9d3b7c15d25f4ee0e2651b77379e2896b17ea87eac82092a16b4a8726065a59b73c7275baf06e807ea7b07aab8bec33574121ee5555929179743c5bac7aee7961952cf18e71481dfea02f64497bbe41af9a9b27ae153abb35a86b902e759a4a11cde0fedc84a0e16e26804179f5cfd724d89171889e6e6b2302086d0734c107c7e375c8f7fad18642ddfd92910fb3f10eddae16072b89894cf32685aee56fcb4c8e624e6dbc9979dcb146aecf8f96782996a79c4be4d2935b59000b1ce01a16584b6edbf30183d659f6cdc1d5170ef886caf9f9ae4a1dc79d74a83520d6be735ecd0fac3b32ae5363ff7ec853c3a0ca8b34ebad35e86fab9f5a2424c434a3739f2717051bd4141abab3bb7d63a6cabd77e71d4bd0b72312152dccdc178a7f073be8d56a46fdaaf4232b19970574884b1bed22c8b617b3f91280286e7705f801fc22468e15dc5b36f342a8b96c2319105b59ef3865d7f047e7b5f08d218d2defb8171196d3ed1f881eb2a211f688a8f14304c3ab1f13a23bf00a49b81171bf7e5184f1cc4d649bf3b231c5962386a6b0f3e824c112474d9b3f1f3a8bcc62c91c7fbdfeaa1a94955e790caad305b33a9181894f3cd978b1b46586eac4694dc08e9b8d02f33a18da2c1ec5bdb227ff1db5752ff01334e372f044c933cf518ba0116d0c9875ee7ce8302c5fe1dca0ba7c9c7fe4df82633f567de4f6a55c732e6b4cd41164e2bbfebc26d792f6061ac57a0b0d98a5d50a620d56926fcddffaf02605af32451f9bef6aff89b90df48c6b30ba07d68cd51d03aa342305666ae5e774ca33411fcc36789d89fcc1b28ee09c6051e639f2c6129483b9b1a8fbf37f44e7f2e3121b4c5e59c5fe6d386c630704179807a39efc5ff380c1f3683ac81751e25f2eb67a7e9b8d9321e2a185f544fea416c073724721e0f51467ee8d711012ff07461fd9b3335a654c3b6e8483078aa478b71ae4acbf5450ca07e49dd848a0fe4b5f62872cc17a591fdbe5c764ba3825e4672dff8b91a984fd2e2733c4e7e807e599eaf7e70d0569b4ce415bc4de057daeef1b23a0a17705342452e48fc10f86c92ae1334d3efdb8322e2ba574eb09a794e27cadafc78e91177fd79d12e734dcd2567c7398d78d39674c6030a3f608e9acd0a82bf46ab8b6077432ef2eca4bdf8e881782c808cc570e33a2cdb92e86b1fffe1eee55", 0x1000}, 0x1006) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:16:56 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2438.147076] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2438.154334] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2438.161621] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2438.168884] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2438.176143] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:56 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x3f00000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2438.339664] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2438.347991] CPU: 0 PID: 24172 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2438.355391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2438.364757] Call Trace: [ 2438.367380] dump_stack+0x244/0x39d [ 2438.371034] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2438.376257] handle_userfault.cold.32+0x47/0x62 [ 2438.376293] ? userfaultfd_ioctl+0x5610/0x5610 [ 2438.376317] ? mark_held_locks+0x130/0x130 [ 2438.385566] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2438.385581] ? futex_wait_setup+0x266/0x3e0 [ 2438.385611] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2438.385628] ? userfaultfd_ctx_put+0x830/0x830 [ 2438.385640] ? futex_wait+0x5a1/0xa50 [ 2438.385664] ? print_usage_bug+0xc0/0xc0 [ 2438.416832] ? print_usage_bug+0xc0/0xc0 [ 2438.420922] ? print_usage_bug+0xc0/0xc0 [ 2438.425002] ? zap_class+0x640/0x640 [ 2438.425021] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2438.425037] ? futex_wake+0x304/0x760 08:16:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x5450, &(0x7f0000000080)) [ 2438.425067] ? find_held_lock+0x36/0x1c0 [ 2438.425093] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2438.437695] ? lock_downgrade+0x900/0x900 [ 2438.437722] ? kasan_check_read+0x11/0x20 [ 2438.437737] ? do_raw_spin_unlock+0xa7/0x330 [ 2438.437756] ? do_raw_spin_trylock+0x270/0x270 [ 2438.463690] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2438.469345] __handle_mm_fault+0x4bbd/0x5be0 [ 2438.473792] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2438.478654] ? zap_class+0x640/0x640 [ 2438.482386] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2438.482404] ? kasan_check_read+0x11/0x20 [ 2438.482421] ? rcu_softirq_qs+0x20/0x20 [ 2438.482454] ? zap_class+0x640/0x640 [ 2438.499228] ? zap_class+0x640/0x640 [ 2438.502967] ? find_held_lock+0x36/0x1c0 [ 2438.507055] ? handle_mm_fault+0x42a/0xc70 [ 2438.511309] ? lock_downgrade+0x900/0x900 [ 2438.515487] ? check_preemption_disabled+0x48/0x280 [ 2438.520521] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2438.525467] ? kasan_check_read+0x11/0x20 [ 2438.529629] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2438.534917] ? rcu_softirq_qs+0x20/0x20 [ 2438.538900] ? trace_hardirqs_off_caller+0x310/0x310 [ 2438.544018] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2438.549566] ? check_preemption_disabled+0x48/0x280 [ 2438.554611] handle_mm_fault+0x54f/0xc70 [ 2438.558744] ? __handle_mm_fault+0x5be0/0x5be0 [ 2438.563349] ? find_vma+0x34/0x190 [ 2438.566926] __do_page_fault+0x5e8/0xe60 [ 2438.571093] ? trace_hardirqs_off+0xb8/0x310 [ 2438.575546] do_page_fault+0xf2/0x7e0 [ 2438.579382] ? vmalloc_sync_all+0x30/0x30 [ 2438.583546] ? error_entry+0x70/0xd0 08:16:56 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x600000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2438.587279] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2438.592313] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2438.597259] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2438.602204] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2438.607072] ? trace_hardirqs_on_caller+0x310/0x310 [ 2438.612108] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2438.617578] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2438.622612] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2438.627643] ? page_fault+0x8/0x30 [ 2438.631200] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2438.636058] ? page_fault+0x8/0x30 [ 2438.639615] page_fault+0x1e/0x30 [ 2438.643094] RIP: 0033:0x4510a0 [ 2438.646300] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2438.665211] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2438.670589] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2438.677874] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 08:16:56 executing program 1 (fault-call:4 fault-nth:0): r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2438.685149] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2438.685160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2438.685169] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:16:56 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x4000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:56 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0xffffffffffffffff) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:16:57 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x48, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:16:57 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x1}) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000001c0)={{0x7002, 0x6000, 0x4, 0x9, 0x100000000, 0x20, 0xfffffffffffffffc, 0x3, 0x8, 0x101, 0x1000, 0x5}, {0x3000, 0x5000, 0xd, 0xffff, 0x1000, 0xe4e, 0x4, 0x1, 0x6, 0x0, 0x0, 0x6}, {0x3004, 0x4, 0xb, 0xd8, 0x4, 0x100000001, 0x79c, 0xfff, 0x9, 0x0, 0x1, 0x40000000000}, {0x3000, 0x0, 0xd, 0x9, 0x35, 0x9, 0xfffffffffffffeb0, 0x4, 0x1, 0xffff, 0x0, 0x7}, {0x0, 0x2000, 0xf, 0x0, 0x8, 0x5, 0x1, 0x1, 0x1, 0x3, 0x3d39, 0x3}, {0x2002, 0x0, 0x1b, 0x4, 0x5, 0x6, 0xccd, 0x8, 0x1, 0x0, 0xa37}, {0xf004, 0x6, 0x1f, 0xab52, 0x8, 0x4, 0x101, 0x6, 0x6, 0x81, 0x5, 0x3}, {0x4, 0x2, 0xa, 0x5, 0x5, 0x5, 0x9, 0x33, 0x4, 0x5, 0xffffffffffffff01, 0x9a1}, {0x107001, 0x10000}, {0x7004, 0x11000}, 0x20000001, 0x0, 0x107006, 0x100, 0xd, 0x5800, 0x6000, [0xf218, 0x7, 0x2]}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000300)={0x0, 0x1000, "bda44dcc5d72aa5b09e41a39673bcce4a234b8b19e7040daf606ca688539032b4f499af27e8bb77b4e5e0e12c01894bf8cdfd8f6afac82429e1077fb36f9bc7a27a3faad1520d71bc97eeb63c39842ce9813cdb5faf88ba4f61472e6fb0405e1a90814fe9c092d27b0a3c708356470f47d88587207601b8397237881e6423c693ab1a1595223fe5ef958686e612d2e83cddd95684bff4613b840e8035ef94e8fd2548bb56bb7aaa8b0f7371a3ef668f5c7db5c3428cb4076648b5cb379c895de4a9156ba0f94e3d2519a72a7db6af29566885e3100131d6a122c2ab433f55427414bd3610bd8438e278778d683dc9a75dc4c35145141d42c2031c492de19417bb94aabb8f5413f5ec2ccefd8154328ca3f98cb4d099b01c8f428b763aa10ba0e92db80d9005fbff26b1526c344f3bcf8bf89773be19ccccaa45c113afa6556a069df57bf1d601752820a2e2ca569d240e17c3dea4770afbdf6f54bff806acf0a60eb16f4f3771591127296297e4c271466179919a8c5d6af27de69d7b4510542cc34fa65574bb2db7b62c422b6bac7d454eacb8430ccb37648d4f9849b476e32a8894264d19595262d60b2c868f2a12ba72bdf606836d885be0092bcadc4f74758a581ccbe691240e13f323b3a98d821e2ca0f0001f725e341730b73392709db6d7788d0de19fda0a60c5bc76119f4a0e6cd90e2e9b61d4d0004903868f963a7ab273105b3c052e66bc6e69d769eabbae2649795028570f46181deb810facc749eab85da8122abe66300e0633a542085b170b8c20239cdde4c2728b175d668b31f43f17128b04996f55033cc323a19c74de0ebff2cf6118041b0cc008873d990e42f489a5cf1ccb8a2102eb23b4c4f713f199cb46434520b98dddb1b638277775d000917a45f41250d35f02af048119121a52ba912d98d50ecf25dfa1b7334ef774f97e1a407e87df53437bd1cde150745753f3d5d5d3a8b3ba046aecc6dd44a34bc297c69965e88288609c8211db874cfb118892cdaecaa6459c1197e760213d38324622400551e3caae16ca067abd7b803dfd3d0252db5e18e10b9c0b0a8c7f47283fb9a945ece45371ecf2ed1ee2a82085c59d1f337b672c8795f650b7cf54b391ea729e657c28ed328b923029033fcfcdd85ed9f8dbe128db413598e7b61d085d1c39b46c7f465c5fdab8d0f4b45ff545842b2fcdc69c7b9e311e674b6d312f998e1416b54d34d3089e243b13e1828b07c52355dbac0e15a74d8c2f55be14dbff29d142427bd20bfa01f0e1f7a3600d53ceab4702ae5821e70eb9046e87a717964490a2a2c0f5a1a1f0363eeb3166bb43ade5154c5de724034b828ebe876f25c6933b472ee4cfdd1cac5faf4823a61cdd5d24140458567925dbd19265f84a9c9176fd5dfb6680c287b78d4464a57fd9f08542ed7779ef2352e7cb30f9a5360fb67b168654b5b15935678ac61db4ff2d3d2eb3272191dced8f4cb93261847d004d41ac3e43418f6a404b3f83e2d5ec05b3a209e4ec999359a4662e12cdefdaa85cdbb9feb4033ca6e55162d4d2f612e6067bb7ab994c7f8f6fe66a5f0b7f66c315a0b0205e24830ad5759af912e9937a98e9b66b160b6542ce99adc1025ddc4ae8bfe74e1441dc1c1bdae2ce27b0d520682f5d6e10274e4497016f577d3997af146649afe062036b5eaa326aa0e365a5d78913f1bab6dc0271ba8773c7e9845b34f96d01e0d68efa0f37005785d288f8f11ce67067e8629d8ec2d47716be03b6ae47931826653bb58bd4d062ab88129d5732a49632fa35a6a2397eb0835c1a69580ac5c16556cd32af24b5ac917e0c99f38c50ea3f087fb5c4122e680ac0f0b1b4f3b8290fb42a4d7a015e94b9be7f8e88e01f5af8f9971b7be8229fa5101e2e4bd5f21f46c05431607e7ca8d0396018a599de1cca121c1da2715c6d51523d3b15c024fd987d9ff16c52d37941b3affc88b2cff3abc5411a90dbc652c877ad25651b881bd74ef897de50c9c6d4422d9a134799e019f57ab76d5163da8444c9224c91e3c9dd56839e2f5fe2541bcd2eed234f9617768ceda1ac7d118dc7d2030f33eb9fc93eff89e4a0a5f59b554a749c20584f48adfeec26379b6666059abe8822c25f28fc49f46caf7fb4dc2a86bb6775598ea5c68e8712b444d94efa52afa8e1e7d5475728abd7a6d86859f1fa075e074d10122f5c7ad07e21b3743400a3c32d3ed38fdefee58c5223b1768bb0ddce1ed917cc71663d50195ba3c49d044b10f5863e0ab189bc1ed2f92c874524fa0ea38ec3698935f3a7293bbf764e06491693bc1022d28b7b51853d377a22408f7a69d8e7568f656b1f3e2595350dbec3ed3e34e113452b2f9155c06fb938b47d60d76f0074a57a989d0dfc7397b6aefa7a75dd364de346ac5008c02646d0a72adfadf43d7d065cd5e38489aefdd38290449de37ff44c0987b317376624775b5cabf8ea46b5c49432487e4e76f7f921855d4c17a6638a8a0b08012a699e16dacb16a780306f403a8e8b6e0ed73205b235dfddcef96f07c9f9e5ccf6af7a3250087731f5d99ffe233b1d922e4c304386554c57744f00e8ae468a178e793946bd0994e013bf4b68419c644f36aad8249f778c15a1f13e21ad1bb924f9be5f5cbfa1a2539a2c60f4e7205e4841a9afe35f9e4209795038c0566892dbeed840e44a904ca2e4a65f3b42314f63a395424b1302447e21f1f71ab9b2e5208cca4ee38d3d4cdd4d8fea0cdc46ab79886004c946e2b936c97e4744f9bc091b8a9543d116b7901443ea006fff645ec1653d77a90de240afc2e1d5faa64e42465802f0a1737f18f75dd71bb99d14188edd9a3e9c1480b1c770f62df4bd3c10a948154b4a26cba8a4e5f7c058f54168597504edd2e00d07a89b4a1dc5c3d8bddb4062e30f34af691f63e67febe56b9652de74675c356f3c52d1cf188f7807dbc387c9918ab81285a496ccfcffd4d47e257de48ed3f5352c674f3cab855cae3be40412c55eeff6fcd59457c7ccb8cfdffe0e48b8a1fc68838a28d1739990ced726b09baba9eabda59f299b8f853b36e6c48f531c51881dcd7b8664754e10ce9363252a110318e1212d85ee735d4809cc30c45167533e9e32d31b484163b8eb1994961fa539c34596480a33078d3890d534caf0e35a1a3d4b5c2476cc8bdb40e98c08ef5fc828884c298719714b55c57c77db8d10af6560ad4dd8711c46e92e79e8ee96c2e319756820c7f59b989d5a3a0d2cefcbea34a13175db23db1705554a387fcbd5850dbfab0be608506a9bb75d478a3e36659f793d4c8f58228963a872cdc902ebc2a8e15816a99783bcc1b0861a3a8fb2c310156e9d5b0a47770adcd5a88f0c0b699f0becac97be8cd613e80c3acb36188784cfc4bbdf036f91b69e9cc6ad787b08aa639a7963c8dfa6d4be50f562f0ef21ff370519de2a742dcbc54e753db899d95b2d0dd12ad1dcb6da851dca1e0d4eb07a94f6d31ec4002069012ec5ff23ae16f4d0e1dcff8c3d388417335b4e45f304c8154f1fa832f36df5db7cb41d0be52dfa66e0300273a20ecd1ab49d115b2a72da7cf66e2b8e342afe3af609322a709decb23deaddb27de88d84a80258f36009d5d2bc21af1f3a85449665b4a260b0d2a1c4b5855feb83da7b5416bf75f764e3675e5f7dedbc0306b8edfda54a7aefa9d4b8709b23ab11bf9d8c275067f7aef0535aa8d90cd79c40e8e259de2f75c9e99eb8ba44951b534cb863264aad7ceeeb66a6b477f6a57440aed1c35c9dae455d26edef38924eff44fd4ce16b3b14d4b077d6c67c488c5847bea071e8bf048ba74474ebabe6cb1a490249eabc59cc8c9f1e87844d0dc6672955067921ece35c3eb7676a9b2ae680b8e0490f2d0ea7c59a7f786b1abe7315ddf76b3df3f6e9ffedb26da468ab27b83ea4dc9ffc07296d7d4bb7e2769477c1b2dd608de9b7325e3363fb9a7c4caedb7c24ba7bca5aa97daf2c2f9549332f2626d3a7294e11fe2d235f6c2ab664b69c732629cb20b585cadb1ffd20e9fc2c776f2b64e02f9ec5cf9d6bb377e6976ef758cc3555d9326b2a451a8206590c3fe1faee177515e72aeac875bb8b70de986029ab22ff86bdeb6ffe8ad03e95787022689202aba60672f1ecab11a2aa8047101007fc195d8ad413d4d6643a7e90c4c852fd701aba7e16d77da1cffd6003dc391a0844caac6871d79bbcb31236a62e421525d7e269c865261bab0b241bfb8aac8b1161413467f56ae0fe8c2339ae8a7837577d0faca579b0700e19f1cee38e29fa8c5850a0e4e61bef24c77772932f5583f3e351ddb4a102b8aa49890d48613eac47fb2aabe705f2d8d86aceb9305ccf447d53807aedf8b062801dfc84d57057aa3e170267941502e5389e7bc2e95814824e92ede83caab3b532002d236d9e3b4489eff1f18ac9489a0a5211a374cb99f593c23e97f3b2f91707486cd41b7a287f8f8629ce194734b09b21ed2a80092db4b000e791e77ece01c330559e710c4a9dbcb8c211ad7b56693b0a8f9066835dc8fe05a163c86a8de88d46ff5e19b27465ef24d072a21d173ad84aa8fa37901d220c6212ea12226b66547707a742097b0a885c228fd6a7509cc25f732ac16fdb4b5cd4bdeed2ad5291deddb4c5889ddf758448e83ab17a2a2856c4864a4b3bd5d89afe311fa5608d506400735e4dbd7857dddeafab9a314011302e8696d3bf9a93b2b11d178f4334aa4042f5e99fc115bf8d7c708f22b3933feaeb38ab07fb4e5f157c0b09518402c542ed0716faa196c96ede9ef5119a17ff7d1476c1ab2f5108a517c9b933d90cac95a4de6e424037bea00f8c993171622536ac91aff331a10c26a8c43bcc467a841cc5e841d12c8c43ee8b31ad27b259ee0ee42a51baf87b76029ce860e76d08b22cb2f116ff6dec2a0e53dee3cef2bf986a839ffb9e0bad528d643ac7ad9ce59ce653cb7782a7c9c854fbe8d0d57210e646830c701764621d0d33f22902d883fbbe64fa0371d17fe337662248c2f67228f6095c558a50f0cce59ef3665188f7cbf844349a168455de2d559aa9917d0c3a037637198c8fc29e3fb0487810c05ceb1c644a8221703abbf4f3e5750cea243326638ca47407f86d2c8d192608d3239149ecba1c2921e5caa7661cefef6d63278cca5f9a3640358abcb0ac43a61452b238f621cf22d9cb9903dfb3b0bf26b1d507645e1ecb0184b502308a6a91f1e3e233232167104aebef1329006850cf2ba3228898d1a9f5becae6cc637e47db778bee2c1787ffe63cf555f49e632a200713144e5665e289537fec4cebd296b809c6d0d767ab75b67b3ce8a722540ed24d70ced38e4b80b06c79d93c8dd05fa383d4269c118d8c62022ec5df45afa46941cf064df55096cf9a7de8e8d9faa340df0f6ff55766080ec6dfe1c611a58368c3d016914e6c3a33a65240304fbccbfce350b11b1d8923078a5aea52401f1f616d1f3a9f9f0be20cbb9790b2e2c8226f7bf310db390532438d8ca614c7daa0330b8a55c0270547ff0a70c8e885c2506ccdd7280028ad57aea803695c6c4684e62582e0cf9d057ecd6d7e4a10e732f3e3c0f2280d4deddfd0b1123182bfad1e2521cedd7bde39526e99f15b1e3261ec53947e8029af837340bf1da985c175086fdae4a054edb2b740fed21d2fadd24c36dc9cb7e2ac98b61a48038f68d62d43f8ed406372875add16b2a1d5bce2fe9a89566a36a7255f780d044af50ae9b582a98182c840eddc75f7e814cbbe303d0cbd1b6e71f764f4ce82e998c1c7cc98fd62d949830"}, &(0x7f0000000040)=0x1008) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000000c0)=ANY=[@ANYRES32=r4, @ANYBLOB="1b000000561443420000f3268f5ba23e218d113f3fbfb4e2911252eece329e"], &(0x7f0000000140)=0x23) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000001340)={'filter\x00', 0x1f, "2c5d5bdaa53510729ba20eabb66abece259fb66709c918fd9b48da23d99817"}, &(0x7f0000000000)=0x43) ioctl(r2, 0x1000008912, &(0x7f0000001400)="0a5c2d023c156285718470d1a3cd7c1f1d48d06d1c141f73b41be75b97962722f95f42d2816e765a4a1c1f5d84dedaf5ab8b88041b66bbb9788075b3839416777fe11df5f8b1148efc3d5d3b8cb6bde55c967895b2213ead224108c72e9f2b1c8fe1bd3f115f177aa3adf5a3419c3682f27eb207394d997a5c905c5dae61533cdc63c88f2cf78df4526d") 08:16:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc1105517, &(0x7f0000000080)) 08:16:57 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xffffa888]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:57 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0x4020940d, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:57 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xd00000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2439.557054] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2439.562643] CPU: 0 PID: 24210 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2439.570045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2439.579408] Call Trace: [ 2439.582019] dump_stack+0x244/0x39d [ 2439.585677] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2439.590904] handle_userfault.cold.32+0x47/0x62 [ 2439.595609] ? userfaultfd_ioctl+0x5610/0x5610 [ 2439.600229] ? mark_held_locks+0x130/0x130 [ 2439.604488] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2439.609522] ? futex_wait_setup+0x266/0x3e0 [ 2439.613881] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2439.613902] ? userfaultfd_ctx_put+0x830/0x830 [ 2439.613923] ? futex_wait+0x5a1/0xa50 [ 2439.623700] ? print_usage_bug+0xc0/0xc0 [ 2439.623717] ? print_usage_bug+0xc0/0xc0 [ 2439.623736] ? print_usage_bug+0xc0/0xc0 [ 2439.623754] ? zap_class+0x640/0x640 [ 2439.623772] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2439.623789] ? futex_wake+0x304/0x760 [ 2439.652401] ? find_held_lock+0x36/0x1c0 [ 2439.656495] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2439.661101] ? lock_downgrade+0x900/0x900 [ 2439.665272] ? kasan_check_read+0x11/0x20 [ 2439.669450] ? do_raw_spin_unlock+0xa7/0x330 [ 2439.673873] ? do_raw_spin_trylock+0x270/0x270 [ 2439.678478] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2439.684145] __handle_mm_fault+0x4bbd/0x5be0 [ 2439.688580] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2439.693446] ? zap_class+0x640/0x640 [ 2439.697174] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2439.702117] ? kasan_check_read+0x11/0x20 08:16:57 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x4800000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:16:57 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc018aa3f, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2439.706277] ? rcu_softirq_qs+0x20/0x20 [ 2439.710275] ? zap_class+0x640/0x640 [ 2439.714001] ? zap_class+0x640/0x640 [ 2439.717739] ? find_held_lock+0x36/0x1c0 [ 2439.721844] ? handle_mm_fault+0x42a/0xc70 [ 2439.726116] ? lock_downgrade+0x900/0x900 [ 2439.730284] ? check_preemption_disabled+0x48/0x280 [ 2439.735320] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2439.740279] ? kasan_check_read+0x11/0x20 [ 2439.744448] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2439.749739] ? rcu_softirq_qs+0x20/0x20 [ 2439.753726] ? trace_hardirqs_off_caller+0x310/0x310 [ 2439.758853] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2439.764421] ? check_preemption_disabled+0x48/0x280 [ 2439.767442] IPVS: ftp: loaded support on port[0] = 21 [ 2439.769456] handle_mm_fault+0x54f/0xc70 [ 2439.778705] ? __handle_mm_fault+0x5be0/0x5be0 [ 2439.783314] ? find_vma+0x34/0x190 [ 2439.786878] __do_page_fault+0x5e8/0xe60 [ 2439.790953] ? trace_hardirqs_off+0xb8/0x310 [ 2439.790980] do_page_fault+0xf2/0x7e0 [ 2439.790997] ? vmalloc_sync_all+0x30/0x30 [ 2439.791017] ? error_entry+0x70/0xd0 [ 2439.799220] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2439.799236] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2439.799254] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2439.799274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2439.807137] ? trace_hardirqs_on_caller+0x310/0x310 [ 2439.807154] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2439.807171] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2439.807193] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2439.822073] ? page_fault+0x8/0x30 [ 2439.822096] ? trace_hardirqs_off_thunk+0x1a/0x1c 08:16:57 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0x5450, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:16:57 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x8000, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") [ 2439.822112] ? page_fault+0x8/0x30 [ 2439.822127] page_fault+0x1e/0x30 [ 2439.822140] RIP: 0033:0x4510a0 [ 2439.822156] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2439.822164] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2439.822177] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2439.822186] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 08:16:57 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xb00000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2439.822201] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2439.832070] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2439.832081] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2439.889256] IPVS: ftp: loaded support on port[0] = 21 [ 2439.981664] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2439.986786] CPU: 0 PID: 24228 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2439.994173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2440.003536] Call Trace: [ 2440.006153] dump_stack+0x244/0x39d [ 2440.009807] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2440.015038] handle_userfault.cold.32+0x47/0x62 [ 2440.019739] ? userfaultfd_ioctl+0x5610/0x5610 [ 2440.019763] ? mark_held_locks+0x130/0x130 [ 2440.028595] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2440.033628] ? futex_wait_setup+0x266/0x3e0 [ 2440.037985] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2440.043190] ? userfaultfd_ctx_put+0x830/0x830 [ 2440.043206] ? futex_wait+0x5a1/0xa50 [ 2440.043229] ? print_usage_bug+0xc0/0xc0 [ 2440.043246] ? print_usage_bug+0xc0/0xc0 [ 2440.043265] ? print_usage_bug+0xc0/0xc0 [ 2440.043285] ? zap_class+0x640/0x640 [ 2440.055720] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2440.067533] ? futex_wake+0x304/0x760 [ 2440.076444] ? find_held_lock+0x36/0x1c0 [ 2440.080527] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2440.085122] ? lock_downgrade+0x900/0x900 [ 2440.085145] ? kasan_check_read+0x11/0x20 [ 2440.085159] ? do_raw_spin_unlock+0xa7/0x330 [ 2440.085173] ? do_raw_spin_trylock+0x270/0x270 [ 2440.085191] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2440.085216] __handle_mm_fault+0x4bbd/0x5be0 [ 2440.085238] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2440.085255] ? zap_class+0x640/0x640 [ 2440.085267] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2440.085281] ? kasan_check_read+0x11/0x20 [ 2440.085299] ? rcu_softirq_qs+0x20/0x20 [ 2440.093614] ? zap_class+0x640/0x640 [ 2440.102581] ? zap_class+0x640/0x640 [ 2440.102603] ? find_held_lock+0x36/0x1c0 [ 2440.102629] ? handle_mm_fault+0x42a/0xc70 [ 2440.102645] ? lock_downgrade+0x900/0x900 [ 2440.102663] ? check_preemption_disabled+0x48/0x280 [ 2440.102685] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2440.112712] ? kasan_check_read+0x11/0x20 [ 2440.112729] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2440.112744] ? rcu_softirq_qs+0x20/0x20 [ 2440.112759] ? trace_hardirqs_off_caller+0x310/0x310 [ 2440.112777] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2440.112796] ? check_preemption_disabled+0x48/0x280 [ 2440.112819] handle_mm_fault+0x54f/0xc70 [ 2440.121410] ? __handle_mm_fault+0x5be0/0x5be0 [ 2440.130481] ? find_vma+0x34/0x190 [ 2440.138180] __do_page_fault+0x5e8/0xe60 [ 2440.145940] ? trace_hardirqs_off+0xb8/0x310 [ 2440.154306] do_page_fault+0xf2/0x7e0 [ 2440.154324] ? vmalloc_sync_all+0x30/0x30 [ 2440.154341] ? error_entry+0x70/0xd0 [ 2440.154356] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2440.154386] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2440.154402] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2440.154418] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2440.154437] ? trace_hardirqs_on_caller+0x310/0x310 [ 2440.168536] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2440.177782] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2440.188417] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2440.197481] ? page_fault+0x8/0x30 [ 2440.205598] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2440.214051] ? page_fault+0x8/0x30 [ 2440.214068] page_fault+0x1e/0x30 [ 2440.214081] RIP: 0033:0x4510a0 [ 2440.214098] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2440.214113] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2440.222054] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2440.222064] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2440.222073] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2440.222083] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2440.222092] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2440.522810] device bridge_slave_1 left promiscuous mode [ 2440.528394] bridge0: port 2(bridge_slave_1) entered disabled state [ 2440.541331] device bridge_slave_0 left promiscuous mode [ 2440.546993] bridge0: port 1(bridge_slave_0) entered disabled state [ 2440.572247] team0 (unregistering): Port device team_slave_1 removed [ 2440.581886] team0 (unregistering): Port device team_slave_0 removed [ 2440.591292] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2440.605285] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2440.631087] bond0 (unregistering): Released all slaves [ 2441.550204] bridge0: port 1(bridge_slave_0) entered blocking state [ 2441.559660] bridge0: port 1(bridge_slave_0) entered disabled state [ 2441.567258] device bridge_slave_0 entered promiscuous mode [ 2441.576638] bridge0: port 1(bridge_slave_0) entered blocking state [ 2441.583161] bridge0: port 1(bridge_slave_0) entered disabled state [ 2441.590492] device bridge_slave_0 entered promiscuous mode [ 2441.662906] bridge0: port 2(bridge_slave_1) entered blocking state [ 2441.669357] bridge0: port 2(bridge_slave_1) entered disabled state [ 2441.676860] device bridge_slave_1 entered promiscuous mode [ 2441.685896] bridge0: port 2(bridge_slave_1) entered blocking state [ 2441.701911] bridge0: port 2(bridge_slave_1) entered disabled state [ 2441.712351] device bridge_slave_1 entered promiscuous mode [ 2441.723260] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2441.779841] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2441.790902] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2441.830842] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2442.013049] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2442.034701] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2442.081456] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2442.120689] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2442.400831] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2442.408431] team0: Port device team_slave_0 added [ 2442.418197] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2442.427198] team0: Port device team_slave_0 added [ 2442.465548] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2442.472899] team0: Port device team_slave_1 added [ 2442.480821] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2442.488663] team0: Port device team_slave_1 added [ 2442.519266] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2442.539858] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2442.567793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2442.594567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2442.616797] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2442.624021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2442.635238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2442.645474] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2442.653495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2442.665111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2442.681612] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2442.690108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2442.698517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2442.719896] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2442.727563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2442.743544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2442.872647] device bridge_slave_1 left promiscuous mode [ 2442.878192] bridge0: port 2(bridge_slave_1) entered disabled state [ 2442.886202] device bridge_slave_0 left promiscuous mode [ 2442.891712] bridge0: port 1(bridge_slave_0) entered disabled state [ 2442.926682] team0 (unregistering): Port device team_slave_1 removed [ 2442.936447] team0 (unregistering): Port device team_slave_0 removed [ 2442.947526] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2442.959385] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2442.989479] bond0 (unregistering): Released all slaves [ 2443.529902] bridge0: port 2(bridge_slave_1) entered blocking state [ 2443.536357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2443.543086] bridge0: port 1(bridge_slave_0) entered blocking state [ 2443.549470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2443.557078] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 2443.565668] bridge0: port 2(bridge_slave_1) entered blocking state [ 2443.572095] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2443.578762] bridge0: port 1(bridge_slave_0) entered blocking state [ 2443.585218] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2443.593658] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 2443.712119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2443.720336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2445.677641] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2445.725559] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2445.848781] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2445.874001] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2446.004222] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2446.010432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2446.026354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2446.037549] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2446.043862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2446.059193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2446.181104] 8021q: adding VLAN 0 to HW filter on device team0 [ 2446.210854] 8021q: adding VLAN 0 to HW filter on device team0 08:17:05 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xfffffffe]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:17:05 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000000)={0x9, 0x2, 0x8, 0x200, 'syz0\x00'}) 08:17:05 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0x40049409, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:17:05 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x4c00000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:17:05 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) accept$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000000c0)=0x14) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6}}, &(0x7f0000000140)=0xe8) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@ipv4={[], [], @broadcast}, 0x4e22, 0x2, 0x4e23, 0xf596, 0xa, 0x20, 0x0, 0x8f, r3, r4}, {0x1ff, 0x6cc, 0x80000001, 0x2, 0x0, 0x7, 0x7, 0x10000}, {0x100000001, 0x1, 0x1000, 0xffffffff}, 0xffffffff, 0x0, 0x2, 0x0, 0x3, 0x1}, {{@in=@multicast1, 0x4d3, 0x3c}, 0x2, @in6, 0x0, 0x3, 0x0, 0x0, 0x3, 0x5, 0x7}}, 0xe8) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:17:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc0045878, &(0x7f0000000080)) 08:17:05 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa04, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2447.289674] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2447.301354] CPU: 1 PID: 24767 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2447.308755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2447.314307] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2447.318113] Call Trace: [ 2447.318142] dump_stack+0x244/0x39d [ 2447.318169] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2447.328868] handle_userfault.cold.32+0x47/0x62 [ 2447.328904] ? userfaultfd_ioctl+0x5610/0x5610 [ 2447.343333] ? mark_held_locks+0x130/0x130 [ 2447.347616] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2447.352650] ? futex_wait_setup+0x266/0x3e0 [ 2447.357004] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2447.362215] ? userfaultfd_ctx_put+0x830/0x830 [ 2447.367299] ? futex_wait+0x5a1/0xa50 [ 2447.367323] ? print_usage_bug+0xc0/0xc0 [ 2447.367342] ? print_usage_bug+0xc0/0xc0 [ 2447.367361] ? print_usage_bug+0xc0/0xc0 [ 2447.383396] ? zap_class+0x640/0x640 [ 2447.387135] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2447.392257] ? futex_wake+0x304/0x760 [ 2447.396100] ? find_held_lock+0x36/0x1c0 [ 2447.400189] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2447.404784] ? lock_downgrade+0x900/0x900 [ 2447.408956] ? kasan_check_read+0x11/0x20 [ 2447.413128] ? do_raw_spin_unlock+0xa7/0x330 [ 2447.417546] ? do_raw_spin_trylock+0x270/0x270 [ 2447.422141] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2447.422169] __handle_mm_fault+0x4bbd/0x5be0 [ 2447.422195] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2447.422213] ? zap_class+0x640/0x640 [ 2447.440766] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2447.440783] ? kasan_check_read+0x11/0x20 [ 2447.440800] ? rcu_softirq_qs+0x20/0x20 [ 2447.440826] ? zap_class+0x640/0x640 [ 2447.457574] ? zap_class+0x640/0x640 [ 2447.461310] ? find_held_lock+0x36/0x1c0 [ 2447.465404] ? handle_mm_fault+0x42a/0xc70 [ 2447.469662] ? lock_downgrade+0x900/0x900 [ 2447.473827] ? check_preemption_disabled+0x48/0x280 [ 2447.478858] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2447.483819] ? kasan_check_read+0x11/0x20 [ 2447.483835] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2447.483850] ? rcu_softirq_qs+0x20/0x20 [ 2447.483866] ? trace_hardirqs_off_caller+0x310/0x310 [ 2447.483896] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2447.507926] ? check_preemption_disabled+0x48/0x280 [ 2447.512969] handle_mm_fault+0x54f/0xc70 [ 2447.517055] ? __handle_mm_fault+0x5be0/0x5be0 [ 2447.521659] ? find_vma+0x34/0x190 [ 2447.525235] __do_page_fault+0x5e8/0xe60 [ 2447.529309] ? trace_hardirqs_off+0xb8/0x310 [ 2447.533747] do_page_fault+0xf2/0x7e0 [ 2447.537565] ? vmalloc_sync_all+0x30/0x30 [ 2447.541726] ? error_entry+0x70/0xd0 [ 2447.545451] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2447.550479] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2447.555425] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2447.560379] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2447.565239] ? trace_hardirqs_on_caller+0x310/0x310 [ 2447.570275] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2447.575741] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2447.580774] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2447.585802] ? page_fault+0x8/0x30 [ 2447.589357] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2447.594226] ? page_fault+0x8/0x30 [ 2447.597776] page_fault+0x1e/0x30 [ 2447.601248] RIP: 0033:0x4510a0 [ 2447.604456] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2447.623374] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2447.628745] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e 08:17:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc020660b, &(0x7f0000000080)) [ 2447.636024] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2447.643301] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2447.650581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2447.657871] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2447.665213] CPU: 0 PID: 24772 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2447.672602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2447.681959] Call Trace: [ 2447.684565] dump_stack+0x244/0x39d 08:17:05 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0x2, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:17:05 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x4]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2447.688217] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2447.693436] handle_userfault.cold.32+0x47/0x62 [ 2447.698138] ? userfaultfd_ioctl+0x5610/0x5610 [ 2447.702740] ? mark_held_locks+0x130/0x130 [ 2447.706994] ? find_held_lock+0x36/0x1c0 [ 2447.711104] ? userfaultfd_ctx_put+0x830/0x830 [ 2447.715724] ? kasan_check_read+0x11/0x20 [ 2447.719891] ? print_usage_bug+0xc0/0xc0 [ 2447.723964] ? do_raw_spin_trylock+0x270/0x270 [ 2447.728565] ? print_usage_bug+0xc0/0xc0 [ 2447.732648] ? print_usage_bug+0xc0/0xc0 [ 2447.736735] ? zap_class+0x640/0x640 [ 2447.740467] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2447.740484] ? futex_wake+0x304/0x760 [ 2447.749414] ? find_held_lock+0x36/0x1c0 [ 2447.753514] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2447.758118] ? lock_downgrade+0x900/0x900 [ 2447.762292] ? kasan_check_read+0x11/0x20 [ 2447.766455] ? do_raw_spin_unlock+0xa7/0x330 [ 2447.766472] ? do_raw_spin_trylock+0x270/0x270 [ 2447.766492] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2447.766519] __handle_mm_fault+0x4bbd/0x5be0 [ 2447.766544] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2447.790429] ? zap_class+0x640/0x640 [ 2447.794158] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2447.799105] ? kasan_check_read+0x11/0x20 [ 2447.803274] ? rcu_softirq_qs+0x20/0x20 [ 2447.807277] ? zap_class+0x640/0x640 [ 2447.811006] ? zap_class+0x640/0x640 [ 2447.814740] ? find_held_lock+0x36/0x1c0 [ 2447.818819] ? handle_mm_fault+0x42a/0xc70 [ 2447.818838] ? lock_downgrade+0x900/0x900 [ 2447.818857] ? check_preemption_disabled+0x48/0x280 [ 2447.818875] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2447.818890] ? kasan_check_read+0x11/0x20 [ 2447.818910] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2447.846691] ? rcu_softirq_qs+0x20/0x20 [ 2447.850690] ? trace_hardirqs_off_caller+0x310/0x310 [ 2447.855813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2447.861390] ? check_preemption_disabled+0x48/0x280 [ 2447.866431] handle_mm_fault+0x54f/0xc70 [ 2447.870511] ? __handle_mm_fault+0x5be0/0x5be0 [ 2447.875114] ? find_vma+0x34/0x190 [ 2447.878675] __do_page_fault+0x5e8/0xe60 [ 2447.882754] ? trace_hardirqs_off+0xb8/0x310 [ 2447.887191] do_page_fault+0xf2/0x7e0 08:17:05 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8035000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2447.891014] ? vmalloc_sync_all+0x30/0x30 [ 2447.895184] ? error_entry+0x70/0xd0 [ 2447.898913] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2447.903954] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2447.908896] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2447.913844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2447.918707] ? trace_hardirqs_on_caller+0x310/0x310 [ 2447.918725] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2447.918743] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2447.918768] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2447.939258] ? page_fault+0x8/0x30 [ 2447.942815] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2447.942834] ? page_fault+0x8/0x30 [ 2447.942850] page_fault+0x1e/0x30 [ 2447.942863] RIP: 0033:0x4510a0 [ 2447.942878] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2447.942886] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2447.942905] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e 08:17:05 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0x5452, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) [ 2447.976817] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2447.976827] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2447.976837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2447.976847] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff 08:17:05 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x600000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:17:05 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x3, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x6, 0x4000) 08:17:05 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x1ff, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x800455d1, &(0x7f0000000080)) r0 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r0, &(0x7f0000000000), 0x8, &(0x7f0000000100)) 08:17:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc1105511, &(0x7f0000000080)) 08:17:06 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc0045878, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:17:06 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x3000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2448.234611] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2448.239175] CPU: 1 PID: 24815 Comm: syz-executor3 Not tainted 4.20.0-rc6+ #371 [ 2448.239188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2448.239194] Call Trace: [ 2448.239222] dump_stack+0x244/0x39d [ 2448.239248] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2448.267385] handle_userfault.cold.32+0x47/0x62 [ 2448.272088] ? userfaultfd_ioctl+0x5610/0x5610 [ 2448.276691] ? mark_held_locks+0x130/0x130 [ 2448.280945] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2448.285974] ? futex_wait_setup+0x266/0x3e0 [ 2448.290323] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2448.295539] ? userfaultfd_ctx_put+0x830/0x830 [ 2448.300136] ? futex_wait+0x5a1/0xa50 [ 2448.303971] ? print_usage_bug+0xc0/0xc0 [ 2448.308052] ? print_usage_bug+0xc0/0xc0 [ 2448.312144] ? print_usage_bug+0xc0/0xc0 [ 2448.316260] ? zap_class+0x640/0x640 [ 2448.320002] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2448.325119] ? futex_wake+0x304/0x760 [ 2448.328972] ? find_held_lock+0x36/0x1c0 [ 2448.333063] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2448.337677] ? lock_downgrade+0x900/0x900 [ 2448.337704] ? kasan_check_read+0x11/0x20 [ 2448.337719] ? do_raw_spin_unlock+0xa7/0x330 [ 2448.337738] ? do_raw_spin_trylock+0x270/0x270 [ 2448.355038] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2448.355068] __handle_mm_fault+0x4bbd/0x5be0 [ 2448.355101] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2448.369961] ? zap_class+0x640/0x640 [ 2448.373688] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2448.378639] ? kasan_check_read+0x11/0x20 08:17:06 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0x8847000000000000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) 08:17:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0x40049409, &(0x7f0000000080)) [ 2448.382796] ? rcu_softirq_qs+0x20/0x20 [ 2448.382825] ? zap_class+0x640/0x640 [ 2448.382840] ? zap_class+0x640/0x640 [ 2448.382861] ? find_held_lock+0x36/0x1c0 [ 2448.390556] ? handle_mm_fault+0x42a/0xc70 [ 2448.390582] ? lock_downgrade+0x900/0x900 [ 2448.390601] ? check_preemption_disabled+0x48/0x280 [ 2448.390619] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2448.406795] ? kasan_check_read+0x11/0x20 [ 2448.406815] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2448.426178] ? rcu_softirq_qs+0x20/0x20 [ 2448.430184] ? trace_hardirqs_off_caller+0x310/0x310 [ 2448.435303] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2448.435323] ? check_preemption_disabled+0x48/0x280 [ 2448.435347] handle_mm_fault+0x54f/0xc70 [ 2448.435377] ? __handle_mm_fault+0x5be0/0x5be0 [ 2448.445938] ? find_vma+0x34/0x190 [ 2448.445961] __do_page_fault+0x5e8/0xe60 [ 2448.445981] ? trace_hardirqs_off+0xb8/0x310 [ 2448.466642] do_page_fault+0xf2/0x7e0 [ 2448.470466] ? vmalloc_sync_all+0x30/0x30 [ 2448.474638] ? error_entry+0x70/0xd0 [ 2448.478380] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2448.483427] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2448.488391] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2448.493353] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2448.498221] ? trace_hardirqs_on_caller+0x310/0x310 [ 2448.503251] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2448.508718] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2448.513755] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2448.518789] ? page_fault+0x8/0x30 [ 2448.522356] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2448.527222] ? page_fault+0x8/0x30 [ 2448.527239] page_fault+0x1e/0x30 [ 2448.527253] RIP: 0033:0x4510a0 [ 2448.527269] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2448.527284] RSP: 002b:00007f75238677a8 EFLAGS: 00010202 [ 2448.537462] RAX: 00007f7523867850 RBX: 0000000000000003 RCX: 000000000000000e [ 2448.537472] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f7523867850 [ 2448.537482] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 08:17:06 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x1) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000140)={'raw\x00', 0x2, [{}, {}]}, 0x48) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:17:06 executing program 1: r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) mmap(&(0x7f0000013000/0x4000)=nil, 0x4000, 0x0, 0xa053, r0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0x8010aa01, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 08:17:06 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xfffffffffffff000]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2448.537491] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f75238686d4 [ 2448.537501] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2448.596605] FAULT_FLAG_ALLOW_RETRY missing 70 [ 2448.617558] CPU: 1 PID: 24821 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 2448.624945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2448.634311] Call Trace: [ 2448.636925] dump_stack+0x244/0x39d [ 2448.640586] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2448.645805] handle_userfault.cold.32+0x47/0x62 [ 2448.650525] ? userfaultfd_ioctl+0x5610/0x5610 [ 2448.655129] ? mark_held_locks+0x130/0x130 [ 2448.659389] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2448.664423] ? futex_wait_setup+0x266/0x3e0 [ 2448.668772] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2448.673979] ? userfaultfd_ctx_put+0x830/0x830 [ 2448.678582] ? futex_wait+0x5a1/0xa50 [ 2448.682414] ? print_usage_bug+0xc0/0xc0 [ 2448.686490] ? print_usage_bug+0xc0/0xc0 [ 2448.686509] ? print_usage_bug+0xc0/0xc0 [ 2448.686527] ? zap_class+0x640/0x640 [ 2448.686549] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2448.698392] ? futex_wake+0x304/0x760 [ 2448.698423] ? find_held_lock+0x36/0x1c0 [ 2448.698449] ? __handle_mm_fault+0x4bb0/0x5be0 [ 2448.716000] ? lock_downgrade+0x900/0x900 [ 2448.720179] ? kasan_check_read+0x11/0x20 [ 2448.724345] ? do_raw_spin_unlock+0xa7/0x330 [ 2448.728775] ? do_raw_spin_trylock+0x270/0x270 [ 2448.733383] ? fault_dirty_shared_page.isra.87+0x320/0x320 [ 2448.739031] __handle_mm_fault+0x4bbd/0x5be0 [ 2448.739057] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2448.739077] ? zap_class+0x640/0x640 [ 2448.748314] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2448.748330] ? kasan_check_read+0x11/0x20 [ 2448.748348] ? rcu_softirq_qs+0x20/0x20 [ 2448.748383] ? zap_class+0x640/0x640 [ 2448.768841] ? zap_class+0x640/0x640 [ 2448.772600] ? find_held_lock+0x36/0x1c0 [ 2448.776687] ? handle_mm_fault+0x42a/0xc70 [ 2448.780931] ? lock_downgrade+0x900/0x900 [ 2448.785093] ? check_preemption_disabled+0x48/0x280 [ 2448.790128] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2448.795077] ? kasan_check_read+0x11/0x20 [ 2448.799241] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2448.804539] ? rcu_softirq_qs+0x20/0x20 [ 2448.808527] ? trace_hardirqs_off_caller+0x310/0x310 [ 2448.811137] WARNING: CPU: 0 PID: 24855 at fs/userfaultfd.c:1569 userfaultfd_ioctl+0x3d30/0x5610 [ 2448.813648] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2448.822471] Kernel panic - not syncing: panic_on_warn set ... [ 2448.828012] ? check_preemption_disabled+0x48/0x280 [ 2448.838915] handle_mm_fault+0x54f/0xc70 [ 2448.842992] ? __handle_mm_fault+0x5be0/0x5be0 [ 2448.847600] ? find_vma+0x34/0x190 [ 2448.851154] __do_page_fault+0x5e8/0xe60 [ 2448.855226] ? trace_hardirqs_off+0xb8/0x310 [ 2448.859660] do_page_fault+0xf2/0x7e0 [ 2448.863476] ? vmalloc_sync_all+0x30/0x30 [ 2448.867636] ? error_entry+0x70/0xd0 [ 2448.871359] ? trace_hardirqs_off_caller+0xbb/0x310 [ 2448.876395] ? trace_hardirqs_on_caller+0xc0/0x310 [ 2448.881332] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2448.886278] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2448.891130] ? trace_hardirqs_on_caller+0x310/0x310 [ 2448.896152] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 2448.901612] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2448.906657] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2448.911677] ? page_fault+0x8/0x30 [ 2448.915230] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2448.920087] ? page_fault+0x8/0x30 [ 2448.923635] page_fault+0x1e/0x30 [ 2448.927097] RIP: 0033:0x4510a0 [ 2448.930301] Code: 0f 84 c4 0f 00 00 48 89 f1 48 89 f8 48 83 e1 3f 48 83 f9 20 0f 86 7b 02 00 00 48 83 e6 f0 48 83 e1 0f 66 0f ef c0 66 0f ef c9 <66> 0f 74 0e 66 0f d7 d1 48 d3 ea 49 c7 c2 11 00 00 00 49 29 ca 4d [ 2448.949210] RSP: 002b:00007efdea16e7a8 EFLAGS: 00010202 [ 2448.954584] RAX: 00007efdea16e850 RBX: 0000000000000003 RCX: 000000000000000e [ 2448.961857] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007efdea16e850 [ 2448.969142] RBP: 000000000072bf00 R08: 00000000000003ff R09: 0000000000000000 [ 2448.976429] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efdea16f6d4 [ 2448.983705] R13: 00000000004c578a R14: 00000000004d9d90 R15: 00000000ffffffff [ 2448.991015] CPU: 0 PID: 24855 Comm: syz-executor1 Not tainted 4.20.0-rc6+ #371 [ 2448.997708] kobject: 'loop5' (00000000a2eaaf9e): kobject_uevent_env [ 2448.998402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2449.014150] Call Trace: [ 2449.016753] dump_stack+0x244/0x39d [ 2449.020443] ? dump_stack_print_info.cold.1+0x20/0x20 [ 2449.025663] panic+0x2ad/0x55c [ 2449.028874] ? add_taint.cold.5+0x16/0x16 [ 2449.033056] ? __warn.cold.8+0x5/0x45 [ 2449.036879] ? userfaultfd_ioctl+0x3d30/0x5610 [ 2449.038306] kobject: 'loop5' (00000000a2eaaf9e): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2449.041486] __warn.cold.8+0x20/0x45 [ 2449.041501] ? rcu_softirq_qs+0x20/0x20 [ 2449.041524] ? userfaultfd_ioctl+0x3d30/0x5610 [ 2449.041543] report_bug+0x254/0x2d0 [ 2449.066870] do_error_trap+0x11b/0x200 [ 2449.070796] do_invalid_op+0x36/0x40 [ 2449.070874] kobject: 'loop4' (000000001a401bbc): kobject_uevent_env [ 2449.074521] ? userfaultfd_ioctl+0x3d30/0x5610 [ 2449.074552] invalid_op+0x14/0x20 [ 2449.074566] RIP: 0010:userfaultfd_ioctl+0x3d30/0x5610 [ 2449.074588] Code: 85 c0 f6 ff ff 48 c1 e8 03 42 80 3c 30 00 0f 84 a3 fa ff ff 48 8b bd c0 f6 ff ff e8 aa 64 db ff e9 92 fa ff ff e8 80 ff 97 ff <0f> 0b e9 cd f7 ff ff e8 74 ff 97 ff 48 8b 95 f0 f6 ff ff b9 01 00 [ 2449.074596] RSP: 0018:ffff8881d8857270 EFLAGS: 00010212 [ 2449.074609] RAX: 0000000000040000 RBX: 00000000080020d0 RCX: ffffc9000e736000 [ 2449.074618] RDX: 00000000000000a8 RSI: ffffffff81e784f0 RDI: 0000000000000007 [ 2449.074633] RBP: ffff8881d8857c00 R08: ffff888184ece000 R09: 0000000000000008 [ 2449.082907] kobject: 'loop4' (000000001a401bbc): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2449.085630] R10: 0000000000000682 R11: ffff888184ece000 R12: 0000000020013000 [ 2449.089618] kobject: 'loop3' (00000000b6f03f70): kobject_uevent_env [ 2449.094266] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8881d8fd9a50 [ 2449.094296] ? userfaultfd_ioctl+0x3d30/0x5610 [ 2449.094320] ? __lock_acquire+0x62f/0x4c20 [ 2449.094348] ? userfaultfd_read+0x2c0/0x2c0 08:17:07 executing program 3: openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000380), 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x500000000000000, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) 08:17:07 executing program 0: openat$rfkill(0xffffffffffffff9c, 0x0, 0x2001, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) mmap(&(0x7f0000014000/0x1000)=nil, 0x1000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) syz_open_dev$evdev(&(0x7f0000012fee)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x3000)=nil, 0x3000}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") 08:17:07 executing program 4: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x14b000) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x40000, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xc8, r2, 0xa10, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x9c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x290}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) sendmsg$TIPC_NL_NODE_GET(r1, &(0x7f0000000340)={&(0x7f0000000100), 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x16c, r2, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xd0, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}, @TIPC_NLA_MEDIA={0x1c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x830}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x800}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x57b}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_NODE={0x20, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x40800}, 0x48040) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x80045500, &(0x7f0000000000)) ioctl$FS_IOC_GETFLAGS(r0, 0x800455d1, &(0x7f0000000080)) 08:17:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0xfffffffffffffffe) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_GETFLAGS(r1, 0xc0405519, &(0x7f0000000080)) [ 2449.113910] kobject: 'loop3' (00000000b6f03f70): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 2449.118633] ? perf_trace_sched_process_exec+0x860/0x860 [ 2449.118652] ? do_raw_spin_unlock+0xa7/0x330 [ 2449.203285] ? do_raw_spin_trylock+0x270/0x270 [ 2449.207904] ? lock_acquire+0x1ed/0x520 [ 2449.211903] ? __might_sleep+0x95/0x190 [ 2449.215899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2449.221452] ? refill_pi_state_cache.part.8+0x310/0x310 [ 2449.226827] ? zap_class+0x640/0x640 [ 2449.230560] ? print_usage_bug+0xc0/0xc0 [ 2449.235092] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2449.240658] ? get_futex_value_locked+0xcb/0xf0 [ 2449.245349] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2449.250413] ? futex_wait_setup+0x266/0x3e0 [ 2449.252118] kobject: 'kvm' (000000008264ae58): kobject_uevent_env [ 2449.254759] ? __lock_acquire+0x62f/0x4c20 [ 2449.254783] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2449.254798] ? futex_wait+0x5ec/0xa50 [ 2449.254822] ? mark_held_locks+0x130/0x130 [ 2449.269385] kobject: 'kvm' (000000008264ae58): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2449.270423] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 2449.270448] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 2449.270463] ? futex_wake+0x304/0x760 [ 2449.270489] ? __lock_acquire+0x62f/0x4c20 [ 2449.305880] ? mark_held_locks+0x130/0x130 [ 2449.310133] ? zap_class+0x640/0x640 [ 2449.313879] ? do_futex+0x249/0x26d0 [ 2449.317620] ? find_held_lock+0x36/0x1c0 [ 2449.321699] ? find_held_lock+0x36/0x1c0 [ 2449.325787] ? __fget+0x4aa/0x740 [ 2449.329254] ? lock_downgrade+0x900/0x900 [ 2449.333431] ? check_preemption_disabled+0x48/0x280 08:17:07 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402f, 0x0, @local={0xac, 0x5c}, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr=0xf0ffffffffffff]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, 0x0) [ 2449.338468] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 2449.343425] ? kasan_check_read+0x11/0x20 [ 2449.347597] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2449.352896] ? rcu_softirq_qs+0x20/0x20 [ 2449.356898] ? __fget+0x4d1/0x740 [ 2449.360391] ? ksys_dup3+0x680/0x680 [ 2449.364304] ? __might_fault+0x12b/0x1e0 [ 2449.368403] ? lock_downgrade+0x900/0x900 [ 2449.372573] ? lock_release+0xa00/0xa00 [ 2449.376573] ? userfaultfd_read+0x2c0/0x2c0 [ 2449.380525] kobject: 'loop2' (00000000c50425b8): kobject_uevent_env [ 2449.380910] do_vfs_ioctl+0x1de/0x1790 [ 2449.380926] ? do_vfs_ioctl+0x1de/0x1790 [ 2449.380948] ? ioctl_preallocate+0x300/0x300 [ 2449.380966] ? __fget_light+0x2e9/0x430 [ 2449.380982] ? fget_raw+0x20/0x20 [ 2449.381001] ? _copy_to_user+0xc8/0x110 [ 2449.399638] kobject: 'loop2' (00000000c50425b8): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 2449.399794] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2449.424779] kobject: 'kvm' (000000008264ae58): kobject_uevent_env [ 2449.426148] ? put_timespec64+0x10f/0x1b0 [ 2449.426168] ? nsecs_to_jiffies+0x30/0x30 [ 2449.426188] ? do_syscall_64+0x9a/0x820 [ 2449.426204] ? do_syscall_64+0x9a/0x820 [ 2449.426222] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 2449.426244] ? security_file_ioctl+0x94/0xc0 [ 2449.443700] kobject: 'kvm' (000000008264ae58): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2449.444728] ksys_ioctl+0xa9/0xd0 [ 2449.444750] __x64_sys_ioctl+0x73/0xb0 [ 2449.444769] do_syscall_64+0x1b9/0x820 [ 2449.444786] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 2449.444805] ? syscall_return_slowpath+0x5e0/0x5e0 [ 2449.444825] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2449.493168] ? trace_hardirqs_on_caller+0x310/0x310 [ 2449.498201] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2449.503233] ? prepare_exit_to_usermode+0x291/0x3b0 [ 2449.508266] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2449.513130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2449.517710] kobject: 'loop4' (000000001a401bbc): kobject_uevent_env [ 2449.518339] RIP: 0033:0x457679 [ 2449.525755] kobject: 'kvm' (000000008264ae58): kobject_uevent_env [ 2449.527937] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2449.527946] RSP: 002b:00007f613f0c6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2449.527962] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457679 [ 2449.527972] RDX: 0000000020019000 RSI: 000000008010aa01 RDI: 0000000000000003 [ 2449.527981] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 2449.527990] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f613f0c76d4 [ 2449.528003] R13: 00000000004c16fe R14: 00000000004d3298 R15: 00000000ffffffff [ 2449.540015] kobject: 'loop4' (000000001a401bbc): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2449.562269] Kernel Offset: disabled [ 2449.611654] Rebooting in 86400 seconds..